Re: [Freeipa-devel] OOO 2015-03-31-2015-04-01

2015-03-30 Thread Tomas Babej
Sorry about the noise. On 03/31/2015 07:23 AM, Tomas Babej wrote: Hours already accumulated this month. Tomas -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Co

Re: [Freeipa-devel] Use sessions for mod_auth_gssapi ?

2015-03-30 Thread Martin Kosek
On 03/31/2015 08:04 AM, Jan Cholasta wrote: > Dne 30.3.2015 v 22:09 Adam Young napsal(a): >> On 03/30/2015 11:52 AM, Simo Sorce wrote: >>> Since we now merged in a change from mod_auth_kerb to mod_auth_gssapi I >>> was wondering if we want to press further and emable by default the use >>> of nativ

Re: [Freeipa-devel] Use sessions for mod_auth_gssapi ?

2015-03-30 Thread Jan Cholasta
Dne 30.3.2015 v 22:09 Adam Young napsal(a): On 03/30/2015 11:52 AM, Simo Sorce wrote: Since we now merged in a change from mod_auth_kerb to mod_auth_gssapi I was wondering if we want to press further and emable by default the use of native mod_auth_gssapi sessions ? The old mod_auth_kerb didn't

[Freeipa-devel] OOO 2015-03-31-2015-04-01

2015-03-30 Thread Tomas Babej
Hours already accumulated this month. Tomas -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Re: [Freeipa-devel] Use sessions for mod_auth_gssapi ?

2015-03-30 Thread Adam Young
On 03/30/2015 11:52 AM, Simo Sorce wrote: Since we now merged in a change from mod_auth_kerb to mod_auth_gssapi I was wondering if we want to press further and emable by default the use of native mod_auth_gssapi sessions ? The old mod_auth_kerb didn't have this feature so, in order to have decen

[Freeipa-devel] Use sessions for mod_auth_gssapi ?

2015-03-30 Thread Simo Sorce
Since we now merged in a change from mod_auth_kerb to mod_auth_gssapi I was wondering if we want to press further and emable by default the use of native mod_auth_gssapi sessions ? The old mod_auth_kerb didn't have this feature so, in order to have decent performace we introduced split paths where

[Freeipa-devel] [PATCH 0045] Add message for skipping NTP configuration during client install

2015-03-30 Thread Gabe Alford
Hello, With the merging of ticket 4842 , I believe that half of ticket 3092 has been done. This patch just adds a message that says that NTP configuration was skipped which I believe should finish 3092

Re: [Freeipa-devel] [PATCH 0043-0045] Use mod_auth_gssapi instead of mod_auth_kerb.

2015-03-30 Thread Jan Cholasta
Dne 30.3.2015 v 13:13 Jan Cholasta napsal(a): Dne 30.3.2015 v 12:21 David Kupka napsal(a): On 03/30/2015 07:15 AM, Jan Cholasta wrote: Dne 28.3.2015 v 00:09 Petr Vobornik napsal(a): On 27.3.2015 15:26, David Kupka wrote: On 03/27/2015 03:14 PM, Rob Crittenden wrote: David Kupka wrote: https

Re: [Freeipa-devel] [PATCH 0024] do not log BINDs to non-existent users as errors

2015-03-30 Thread Petr Spacek
On 25.3.2015 17:07, Martin Babinsky wrote: > https://fedorahosted.org/freeipa/ticket/4889 ACK -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Cod

Re: [Freeipa-devel] User life cycle: Question about ACI "Admin read-only attributes"

2015-03-30 Thread thierry bordaz
On 03/30/2015 01:03 PM, Petr Spacek wrote: On 30.3.2015 11:50, thierry bordaz wrote: Hello, The aci "Admin read-only attributes" grants, for the complete suffix, read access to 'admin' users for the following attributes. "ipaUniqueId || memberOf || enrolledBy || krbExtraData ||

Re: [Freeipa-devel] [PATCH 0222] DNSSEC: do not log into files

2015-03-30 Thread Petr Spacek
On 26.3.2015 16:33, Martin Basti wrote: > We want to log DNSSEC daemons only into console (journald). > > This patch also fixes unexpected log file in > /var/lib/softhsm/.ipa/log/default.log > > Patch attached. ACK -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing li

Re: [Freeipa-devel] [PATCH 0001] ipatests: port of p11helper test from github

2015-03-30 Thread Milan Kubik
Hi, thanks for the review and sparing me few rounds for these modifications. :) ACK for the improvements. Milan On 03/30/2015 10:28 AM, Martin Basti wrote: On 27/03/15 13:52, Milan Kubik wrote: Hi, On 03/24/2015 04:40 PM, Martin Basti wrote: On 24/03/15 14:41, Milan Kubik wrote: Hello, t

Re: [Freeipa-devel] [PATCH 0043-0045] Use mod_auth_gssapi instead of mod_auth_kerb.

2015-03-30 Thread Jan Cholasta
Dne 30.3.2015 v 12:21 David Kupka napsal(a): On 03/30/2015 07:15 AM, Jan Cholasta wrote: Dne 28.3.2015 v 00:09 Petr Vobornik napsal(a): On 27.3.2015 15:26, David Kupka wrote: On 03/27/2015 03:14 PM, Rob Crittenden wrote: David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4190 To tes

Re: [Freeipa-devel] User life cycle: Question about ACI "Admin read-only attributes"

2015-03-30 Thread Petr Spacek
On 30.3.2015 11:50, thierry bordaz wrote: > Hello, > >The aci "Admin read-only attributes" grants, for the complete >suffix, read access to 'admin' users for the following attributes. > >"ipaUniqueId || memberOf || enrolledBy || krbExtraData || >krbPrincipalName || krbCano

Re: [Freeipa-devel] [PATCH 0023] enable debugging of spawned ntpd command during client install

2015-03-30 Thread Martin Babinsky
On 03/26/2015 01:14 PM, Martin Kosek wrote: On 03/25/2015 04:18 PM, Jan Cholasta wrote: Hi, Dne 25.3.2015 v 15:26 Martin Babinsky napsal(a): The attached patch related to https://fedorahosted.org/freeipa/ticket/4931 Please make sure stays fixed.

Re: [Freeipa-devel] [PATCH 0043-0045] Use mod_auth_gssapi instead of mod_auth_kerb.

2015-03-30 Thread David Kupka
On 03/30/2015 07:15 AM, Jan Cholasta wrote: Dne 28.3.2015 v 00:09 Petr Vobornik napsal(a): On 27.3.2015 15:26, David Kupka wrote: On 03/27/2015 03:14 PM, Rob Crittenden wrote: David Kupka wrote: https://fedorahosted.org/freeipa/ticket/4190 To test this on F22 my patch 42 is needed. NACK.

Re: [Freeipa-devel] [PATCH 0042] Make lint work on Fedora 22.

2015-03-30 Thread David Kupka
On 03/30/2015 07:12 AM, Jan Cholasta wrote: Dne 28.3.2015 v 00:05 Petr Vobornik napsal(a): On 27.3.2015 14:58, David Kupka wrote: pylint changed slightly so we must react otherwise we'll be unable to build freeipa rpms on Fedora 22. This patch should go to master for sure but I don't know if we

[Freeipa-devel] User life cycle: Question about ACI "Admin read-only attributes"

2015-03-30 Thread thierry bordaz
Hello, The aci "Admin read-only attributes" grants, for the complete suffix, read access to 'admin' users for the following attributes. "ipaUniqueId || memberOf || enrolledBy || krbExtraData || krbPrincipalName || krbCanonicalName || krbPasswordExpiration || krbLastPwd

Re: [Freeipa-devel] [PATCH 0001] ipatests: port of p11helper test from github

2015-03-30 Thread Martin Basti
On 27/03/15 13:52, Milan Kubik wrote: Hi, On 03/24/2015 04:40 PM, Martin Basti wrote: On 24/03/15 14:41, Milan Kubik wrote: Hello, thanks for the review. On 03/24/2015 12:39 PM, Martin Basti wrote: On 17/03/15 10:38, Milan Kubik wrote: Hi, On 03/16/2015 05:23 PM, Martin Basti wrote: On 1