Re: [Freeipa-devel] Password Vault Implementation

On Thu, 2014-07-31 at 16:13 -0500, Endi Sukma Dewata wrote: > On 7/31/2014 1:30 PM, Simo Sorce wrote: > http://www.freeipa.org/page/V4/Password_Vault_Implementation > > > I was thinking whether we should use a single attribute for each vault, > > and format the data within the vault as a json

Re: [Freeipa-devel] Password Vault Implementation

On 7/31/2014 1:30 PM, Simo Sorce wrote: http://www.freeipa.org/page/V4/Password_Vault_Implementation I was thinking whether we should use a single attribute for each vault, and format the data within the vault as a json blob, to organize the data within the blob. This would allow us to encryp

Re: [Freeipa-devel] Password Vault Implementation

On Thu, 2014-07-31 at 13:05 -0500, Endi Sukma Dewata wrote: > On 7/31/2014 10:58 AM, Simo Sorce wrote: > >> http://www.freeipa.org/page/V4/Password_Vault_Implementation > > > I am reading this document and there are some things I need to ask > > clarification for: > > > > * In "Vault password and

Re: [Freeipa-devel] Password Vault Implementation

On 7/31/2014 10:58 AM, Simo Sorce wrote: http://www.freeipa.org/page/V4/Password_Vault_Implementation I am reading this document and there are some things I need to ask clarification for: * In "Vault password and secret key" you describe a mechanism where you store a hash of the password used

Re: [Freeipa-devel] Password Vault Implementation

On Tue, 2014-07-15 at 09:13 -0500, Endi Sukma Dewata wrote: > Hi, > > I've been working on the implementation details of password vault: > http://www.freeipa.org/page/V4/Password_Vault_Implementation > > There are some issues (i.e. vault password and vault key) that aren't > specifically defined

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

Okay. Sounds good. Update patch attached. On Thu, Jul 31, 2014 at 7:18 AM, Martin Kosek wrote: > Ah, right. But I still think that's a too-early optimization. We can add > this > callback when this necessity arises. Until then, I would rather prefer to > keep > the code clean. > > Martin > > On

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

Ah, right. But I still think that's a too-early optimization. We can add this callback when this necessity arises. Until then, I would rather prefer to keep the code clean. Martin On 07/31/2014 03:17 PM, Gabe Alford wrote: > Right. The reason I added it in there is that I could see that in the >

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

Right. The reason I added it in there is that I could see that in the future trust_type could be more than just 'ad' (maybe 'ipa', 'krb', etc?) which at that point I'm not sure a default makes sense. So, I thought to go ahead and add the check for future use cases so that it doesn't have to be reme

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

On Thu, Jul 31, 2014 at 09:19:28AM +0200, Jan Cholasta wrote: > If you mean "host", yes, the man page says it's the server's hostname, but I > don't think that's entirely true - it is currently set during server > install, but it defaults to local hostname even on clients. IMO we could set > it in

Re: [Freeipa-devel] [PATCH] 717 webui-ci: fix reset password check

On 07/31/2014 10:04 AM, Petr Vobornik wrote: This patch should fix recent CI failures. After login, CI checks if password needs a reset by checking if reset password fields are displayed. This check failed since login facet was removed from DOM after successful auth. Weakening the selector fixe

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

On 07/31/2014 10:47 AM, Jan Cholasta wrote: > Dne 24.7.2014 v 00:15 Gabe Alford napsal(a): >> Nope. Somehow in my head it felt cleaner. Updated patched attached. >> >> >> On Wed, Jul 23, 2014 at 1:18 AM, Jan Cholasta > > wrote: >> >> On 23.7.2014 01:01, Gabe Alford w

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

On Thu, 31 Jul 2014, Martin Kosek wrote: Sorry for going late in the game, just a quick question - why do we want to add this part: +if trust_type is None: +kw['trust_type'] = self.prompt_param(self.params['trust_type']) ? I do not see a reason for adding a special interacti

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

Dne 24.7.2014 v 00:15 Gabe Alford napsal(a): Nope. Somehow in my head it felt cleaner. Updated patched attached. On Wed, Jul 23, 2014 at 1:18 AM, Jan Cholasta mailto:jchol...@redhat.com>> wrote: On 23.7.2014 01:01, Gabe Alford wrote: Forgot about --trust-secret. Here is an updated

Re: [Freeipa-devel] [PATCH] 310 Exclude attributelevelrights from --raw result processing in baseldap

Dne 29.7.2014 v 12:00 Petr Viktorin napsal(a): On 07/29/2014 08:27 AM, Jan Cholasta wrote: Dne 28.7.2014 v 19:59 Petr Viktorin napsal(a): On 07/24/2014 05:33 PM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza NACK If the value *is* a

[Freeipa-devel] [PATCH] 717 webui-ci: fix reset password check

This patch should fix recent CI failures. After login, CI checks if password needs a reset by checking if reset password fields are displayed. This check failed since login facet was removed from DOM after successful auth. Weakening the selector fixes it. -- Petr Vobornik From 6cb3a7d30738e5b353

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

Dne 30.7.2014 v 16:39 Nalin Dahyabhai napsal(a): On Wed, Jul 30, 2014 at 04:28:50PM +0200, Jan Cholasta wrote: These two functions are used to force local hostname in certmonger. IMO the right thing to do here would be to drop these two functions and fix ipa-submit so that it reads the required