Re: [Freeipa-devel] [PATCH] move replication topology to shared tree

2014-10-13 Thread Martin Kosek
On 10/10/2014 06:44 PM, Simo Sorce wrote: On Fri, 10 Oct 2014 18:38:36 +0200 Ludwig Krispenz lkris...@redhat.com wrote: On 10/10/2014 06:30 PM, James wrote: On 10 October 2014 12:21, Simo Sorce s...@redhat.com wrote: First thing, I do not think we want a new command here. If we need

Re: [Freeipa-devel] Dogtag lightweight sub-CAs; updated design

2014-10-13 Thread Fraser Tweedale
On Tue, Oct 07, 2014 at 09:40:12AM -0400, Simo Sorce wrote: On Tue, 07 Oct 2014 09:29:33 -0400 Rob Crittenden rcrit...@redhat.com wrote: Simo Sorce wrote: On Tue, 07 Oct 2014 13:47:05 +0200 Martin Kosek mko...@redhat.com wrote: On 10/07/2014 05:31 AM, Fraser Tweedale wrote:

[Freeipa-devel] FreeIPA upstream guide - next steps

2014-10-13 Thread Martin Kosek
Hello all, Just FYI, based on the [Freeipa-users] What should we do with upstream guide? thread I started doing actions on FreeIPA.org wiki side: - Created http://www.freeipa.org/page/Upstream_User_Guide with the details about the decisions that were made - Updated

Re: [Freeipa-devel] [PATCH] 0159-0162 ID views in compat tree: ACIs, support for shell, gidNumber, and SSH keys

2014-10-13 Thread Petr Vobornik
On 10.10.2014 17:56, Alexander Bokovoy wrote: On Fri, 10 Oct 2014, Petr Vobornik wrote: One more update for patch 0161, Petr noticed we need to call super post_callback() too. idoverrideuser_find callback causes internal error. I've attached new version of the patch which fixes it. Basically

Re: [Freeipa-devel] [PATCH] 351 Support MS CA as the external CA in ipa-server-install and ipa-ca-install

2014-10-13 Thread Martin Kosek
On 10/09/2014 08:44 AM, Martin Kosek wrote: On 10/08/2014 01:46 PM, Jan Cholasta wrote: Dne 8.10.2014 v 12:49 Martin Kosek napsal(a): On 10/08/2014 11:53 AM, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/4496. Note that this requires pki-core

Re: [Freeipa-devel] [HELP] Regular users should not be able to add OTP tokens with custom name

2014-10-13 Thread Martin Kosek
On 10/10/2014 05:43 PM, Nathaniel McCallum wrote: As a result of this ongoing conversation, I have opened two 389 bugs: 1. Post Read - https://fedorahosted.org/389/ticket/47924 2. UUID ACIs - https://fedorahosted.org/389/ticket/47925 On Wed, 2014-10-08 at 17:46 -0400, Nathaniel McCallum

Re: [Freeipa-devel] [PATCH] 761 keytab manipulation permission management

2014-10-13 Thread Petr Vobornik
On 8.10.2014 18:51, Petr Vobornik wrote: On 1.10.2014 18:15, Petr Vobornik wrote: Hello list, Patch for: https://fedorahosted.org/freeipa/ticket/4419 New revisions of 761 and 763 with updated API and ACIs: ipa host-allow-operation HOSTNAME retrieve-keytab --users=STR --groups STR ipa

[Freeipa-devel] Thesis - Gnome Keyring Key Storage in Vault/KRA

2014-10-13 Thread Martin Kosek
Hello all, Last week me, Jakub and Stef discussed a design for a candidate for a FreeIPAGnome keyring related thesis: https://thesis-managementsystem.rhcloud.com/topic/show/219/gnome-keyring-storage-in-freeipa Apparently, there was a misunderstanding when crafting the topic proposal, it is not

Re: [Freeipa-devel] Thesis - Gnome Keyring Key Storage in Vault/KRA

2014-10-13 Thread Sumit Bose
On Mon, Oct 13, 2014 at 01:24:10PM +0200, Martin Kosek wrote: Hello all, Last week me, Jakub and Stef discussed a design for a candidate for a FreeIPAGnome keyring related thesis: https://thesis-managementsystem.rhcloud.com/topic/show/219/gnome-keyring-storage-in-freeipa Apparently,

[Freeipa-devel] [PATCHES] 354-356 Check LDAP instead of local configuration to see if IPA CA is enabled

2014-10-13 Thread Jan Cholasta
Hi, the attached patches fix https://fedorahosted.org/freeipa/ticket/4621. Honza -- Jan Cholasta From c4f65820ebf2936139c010d143a1f6a4017d6b58 Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Mon, 13 Oct 2014 14:10:13 +0200 Subject: [PATCH 1/3] Do not create

Re: [Freeipa-devel] [HELP] Regular users should not be able to add OTP tokens with custom name

2014-10-13 Thread Nathaniel McCallum
On Mon, 2014-10-13 at 12:39 +0200, Martin Kosek wrote: On 10/10/2014 05:43 PM, Nathaniel McCallum wrote: As a result of this ongoing conversation, I have opened two 389 bugs: 1. Post Read - https://fedorahosted.org/389/ticket/47924 2. UUID ACIs - https://fedorahosted.org/389/ticket/47925

Re: [Freeipa-devel] Thesis - Gnome Keyring Key Storage in Vault/KRA

2014-10-13 Thread Simo Sorce
On Mon, 13 Oct 2014 13:24:10 +0200 Martin Kosek mko...@redhat.com wrote: Hello all, Last week me, Jakub and Stef discussed a design for a candidate for a FreeIPAGnome keyring related thesis: https://thesis-managementsystem.rhcloud.com/topic/show/219/gnome-keyring-storage-in-freeipa

Re: [Freeipa-devel] Thesis - Gnome Keyring Key Storage in Vault/KRA

2014-10-13 Thread Simo Sorce
On Mon, 13 Oct 2014 14:15:10 +0200 Sumit Bose sb...@redhat.com wrote: What about using a new authorization data type for the key. Then only the KDCs on the IPA servers need access to the key. The authorization data can be added to the service ticket of the host the user logs into. Since SSSD