Re: [Freeipa-devel] [PATCH] 357 Added symmetric and asymmetric vaults.

On 11/05/2014 08:14 AM, Jan Cholasta wrote: Hi, Dne 4.11.2014 v 17:54 Endi Sukma Dewata napsal(a): Hi, In this patch I'm adding ipaVaultSalt and ipaVaultPublicKey attribute types to store salt and public key for vault. Are there existing attribute types that I can use instead? I see

[Freeipa-devel] [PATCHES] 359-364 Coverity fixes

Hi, the attached patches fix https://fedorahosted.org/freeipa/ticket/4651. Honza -- Jan Cholasta From 7c9436b86bc886c4644ef2e4b4ee59d3832434ac Mon Sep 17 00:00:00 2001 From: Jan Cholasta jchol...@redhat.com Date: Wed, 5 Nov 2014 08:44:05 + Subject: [PATCH 1/6] Fix possible NULL dereference

Re: [Freeipa-devel] [PATCH] 353 Added initial vault implementation.

On 11/05/2014 01:24 AM, Endi Sukma Dewata wrote: Thanks for the review. I have some questions below. I'll post a new patch after the issues are addressed. On 11/4/2014 11:36 AM, Petr Viktorin wrote: The new schema can go to 60basev3.ldif, no need for a new file. Fixed. Also removed

Re: [Freeipa-devel] [PATCHES] 359-364 Coverity fixes

On Wed, 05 Nov 2014, Jan Cholasta wrote: Hi, the attached patches fix https://fedorahosted.org/freeipa/ticket/4651. Thanks. ACK to all patches. -- / Alexander Bokovoy ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 357 Added symmetric and asymmetric vaults.

On 5.11.2014 09:32, Martin Kosek wrote: On 11/05/2014 08:14 AM, Jan Cholasta wrote: Hi, Dne 4.11.2014 v 17:54 Endi Sukma Dewata napsal(a): Hi, In this patch I'm adding ipaVaultSalt and ipaVaultPublicKey attribute types to store salt and public key for vault. Are there existing attribute

Re: [Freeipa-devel] [PATCH] 005 Deadlock in schema compat plugin (between automember_update_membership task and dse update)

On Thu, 30 Oct 2014, thierry bordaz wrote: https://fedorahosted.org/freeipa/ticket/4635 From 0a72220fc2b8af160b20085f372ab55d997546b4 Mon Sep 17 00:00:00 2001 From: Thierry bordaz (tbordaz) tbor...@redhat.com Date: Wed, 29 Oct 2014 16:23:03 +0100 Subject: [PATCH] Deadlock in schema compat

Re: [Freeipa-devel] [PATCH] 0025 Respect UID and GID soft static allocation.

On 11/03/2014 02:04 PM, Martin Basti wrote: On 03/11/14 10:28, David Kupka wrote: On 10/30/2014 10:42 AM, Martin Basti wrote: On 29/10/14 17:23, David Kupka wrote: On 10/29/2014 02:34 PM, David Kupka wrote: On 10/24/2014 03:05 PM, David Kupka wrote: On 10/24/2014 01:06 PM, David Kupka wrote:

Re: [Freeipa-devel] [PATCH] 335 Fail if certmonger can't see new CA certificate in LDAP in ipa-cacert-manage

On 11/03/2014 04:01 PM, David Kupka wrote: On 10/15/2014 04:43 PM, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/4629. It depends on my patches 333 and 334, which are also attached. (The original patch was posted at

Re: [Freeipa-devel] [PATCHES] 359-364 Coverity fixes

On 11/05/2014 11:27 AM, Alexander Bokovoy wrote: On Wed, 05 Nov 2014, Jan Cholasta wrote: Hi, the attached patches fix https://fedorahosted.org/freeipa/ticket/4651. Thanks. ACK to all patches. Pushed to: master: 4589ef133c3abf47568d6cda4eda726f316a475a ipa-4-1:

Re: [Freeipa-devel] [PATCH] 005 Deadlock in schema compat plugin (between automember_update_membership task and dse update)

On 11/05/2014 03:19 PM, Alexander Bokovoy wrote: On Thu, 30 Oct 2014, thierry bordaz wrote: https://fedorahosted.org/freeipa/ticket/4635 From 0a72220fc2b8af160b20085f372ab55d997546b4 Mon Sep 17 00:00:00 2001 From: Thierry bordaz (tbordaz) tbor...@redhat.com Date: Wed, 29 Oct 2014 16:23:03

Re: [Freeipa-devel] [PATCH] 005 Deadlock in schema compat plugin (between automember_update_membership task and dse update)

On 05/11/14 15:37, thierry bordaz wrote: On 11/05/2014 03:19 PM, Alexander Bokovoy wrote: On Thu, 30 Oct 2014, thierry bordaz wrote: https://fedorahosted.org/freeipa/ticket/4635 From 0a72220fc2b8af160b20085f372ab55d997546b4 Mon Sep 17 00:00:00 2001 From: Thierry bordaz (tbordaz)

Re: [Freeipa-devel] [PATCH] 005 Deadlock in schema compat plugin (between automember_update_membership task and dse update)

On Wed, 05 Nov 2014, Martin Basti wrote: +remove: schema-compat-ignore-subtree: o=ipaca +add: schema-compat-restrict-subtree: '$SUFFIX' +add: schema-compat-restrict-subtree: 'cn=Schema Compatibility,cn=plugins,cn=config' dn: cn=Schema Compatibility,cn=plugins,cn=config # We need to run

[Freeipa-devel] [PATCH 0076] Ensure that a password exists after OTP validation

Before this patch users could log in using only the OTP value. This arose because ipapwd_authentication() successfully determined that an empty password was invalid, but 389 itself would see this as an anonymous bind. An anonymous bind would never even get this far in this code, so we simply deny

Re: [Freeipa-devel] [PATCH 0076] Ensure that a password exists after OTP validation

On Wed, 05 Nov 2014, Nathaniel McCallum wrote: Before this patch users could log in using only the OTP value. This arose because ipapwd_authentication() successfully determined that an empty password was invalid, but 389 itself would see this as an anonymous bind. An anonymous bind would never

Re: [Freeipa-devel] [PATCH 0076] Ensure that a password exists after OTP validation

On Wed, 5 Nov 2014 22:22:16 +0200 Alexander Bokovoy aboko...@redhat.com wrote: On Wed, 05 Nov 2014, Nathaniel McCallum wrote: Before this patch users could log in using only the OTP value. This arose because ipapwd_authentication() successfully determined that an empty password was invalid,

Re: [Freeipa-devel] [PATCH 0076] Ensure that a password exists after OTP validation

On Wed, 05 Nov 2014, Simo Sorce wrote: On Wed, 5 Nov 2014 22:22:16 +0200 Alexander Bokovoy aboko...@redhat.com wrote: On Wed, 05 Nov 2014, Nathaniel McCallum wrote: Before this patch users could log in using only the OTP value. This arose because ipapwd_authentication() successfully determined