Re: [Freeipa-devel] [REVIEW] Intial stab towards Authentication Indicators

On Fri, 2016-02-26 at 15:44 -0500, Nathaniel McCallum wrote: > On Fri, 2016-02-26 at 11:20 -0500, Simo Sorce wrote: > > On Fri, 2016-02-26 at 10:24 -0500, Nathaniel McCallum wrote: > > > I was thinking: > > > 1. Bind as the entity validating the 2nd factor. > > > 2. Extop which takes the: > > >

Re: [Freeipa-devel] [REVIEW] Intial stab towards Authentication Indicators

On Fri, 2016-02-26 at 11:20 -0500, Simo Sorce wrote: > On Fri, 2016-02-26 at 10:24 -0500, Nathaniel McCallum wrote: > > I was thinking: > > 1. Bind as the entity validating the 2nd factor. > > 2. Extop which takes the: > >    * user dn > >    * type of 2nd factor > >    * validation data > >    *

Re: [Freeipa-devel] [PATCH 200] slapi-nis: update configuration to allow external members

On (26/02/16 12:37), Tomas Babej wrote: > > >On 02/26/2016 07:30 AM, Jan Cholasta wrote: >> On 22.2.2016 19:56, Tomas Babej wrote: >>> >>> >>> On 02/22/2016 06:14 PM, Alexander Bokovoy wrote: On Mon, 22 Feb 2016, Tomas Babej wrote: > > > On 02/22/2016 11:48 AM, Alexander Bokovoy

[Freeipa-devel] [PATCH 00136] use LDAPS during standalone CA/KRA subsystem deployment

This patch fixes https://fedorahosted.org/freeipa/ticket/5570 and also enables CA installation on CA-less master with hardened dirsrv configuration. When testing I ran into the issue with Dogtag restart during KRA installation [1] which I will try to troubleshoot with Dogtag guys. You are

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

On 02/26/2016 04:24 PM, thierry bordaz wrote: On 02/25/2016 07:17 PM, thierry bordaz wrote: On 02/25/2016 12:03 PM, Martin Babinsky wrote: On 02/24/2016 04:30 PM, thierry bordaz wrote: On 01/21/2016 05:04 PM, Martin Babinsky wrote: On 01/21/2016 01:37 PM, thierry bordaz wrote: Hi

Re: [Freeipa-devel] URI in HBAC rules - patch - request for feedback

On Fri, 2016-02-26 at 17:17 +0100, Jakub Hrozek wrote: > On Fri, Feb 26, 2016 at 10:58:57AM -0500, Simo Sorce wrote: > > On Fri, 2016-02-26 at 13:17 +0100, Lukáš Hellebrandt wrote: > > > Hi, FreeIPA and SSSD communities! > > > > > > I am working on adding URI to HBAC as my thesis [1]. The goal is

Re: [Freeipa-devel] [REVIEW] Intial stab towards Authentication Indicators

On Fri, 2016-02-26 at 10:24 -0500, Nathaniel McCallum wrote: > On Fri, 2016-02-26 at 10:12 -0500, Simo Sorce wrote: > > On Fri, 2016-02-26 at 09:30 -0500, Nathaniel McCallum wrote: > > > > > > On Thu, 2016-02-25 at 16:51 -0500, Simo Sorce wrote: > > > > Questions: > > > > - Should the control

Re: [Freeipa-devel] URI in HBAC rules - patch - request for feedback

On Fri, Feb 26, 2016 at 10:58:57AM -0500, Simo Sorce wrote: > On Fri, 2016-02-26 at 13:17 +0100, Lukáš Hellebrandt wrote: > > Hi, FreeIPA and SSSD communities! > > > > I am working on adding URI to HBAC as my thesis [1]. The goal is to > > control access not only based on (user, host, service),

Re: [Freeipa-devel] [PATCHES] 0772-0774 Python3 fixes in for client installation

On 02/22/2016 12:37 PM, Petr Viktorin wrote: > Hello, > These fixes are needed for the "happy path" of ipa-client-install > --server on Python 3. Hello, Could someone please look at these patches? -- Petr Viktorin -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] URI in HBAC rules - patch - request for feedback

On Fri, 2016-02-26 at 13:17 +0100, Lukáš Hellebrandt wrote: > Hi, FreeIPA and SSSD communities! > > I am working on adding URI to HBAC as my thesis [1]. The goal is to > control access not only based on (user, host, service), but on (user, > host, service, resource's URI). > > I created a patch

[Freeipa-devel] [PATCH] 0001 Adding URL to HBAC rule

On 02/26/2016 01:30 PM, Martin Kosek wrote: > Greetings, welcome! > > On 02/26/2016 01:17 PM, Lukáš Hellebrandt wrote: > ... >> Btw, is there some better place to share patches than a pasting tool? >> Maybe some form of pull request? > > There is :-) Please see advise here: > >

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

On 02/25/2016 07:17 PM, thierry bordaz wrote: On 02/25/2016 12:03 PM, Martin Babinsky wrote: On 02/24/2016 04:30 PM, thierry bordaz wrote: On 01/21/2016 05:04 PM, Martin Babinsky wrote: On 01/21/2016 01:37 PM, thierry bordaz wrote: Hi Thierry, I have couple of comments to your patch:

Re: [Freeipa-devel] [REVIEW] Intial stab towards Authentication Indicators

On Fri, 2016-02-26 at 10:12 -0500, Simo Sorce wrote: > On Fri, 2016-02-26 at 09:30 -0500, Nathaniel McCallum wrote: > > > > On Thu, 2016-02-25 at 16:51 -0500, Simo Sorce wrote: > > > Questions: > > > - Should the control specify what kind of auth specifically > > > should be > > > required ? > >

Re: [Freeipa-devel] [REVIEW] Intial stab towards Authentication Indicators

On Fri, 2016-02-26 at 09:30 -0500, Nathaniel McCallum wrote: > On Thu, 2016-02-25 at 16:51 -0500, Simo Sorce wrote: > > On Thu, 2016-02-25 at 16:13 -0500, Nathaniel McCallum wrote: > > > > > > On Thu, 2016-02-25 at 12:19 -0500, Nathaniel McCallum wrote: > > > > > > > > On Thu, 2016-02-25 at

Re: [Freeipa-devel] Locations design v2: LDAP schema & user interface

On 25.2.2016 16:46, Simo Sorce wrote: > On Thu, 2016-02-25 at 15:54 +0100, Petr Spacek wrote: >> On 25.2.2016 15:28, Simo Sorce wrote: >>> On Thu, 2016-02-25 at 14:45 +0100, Petr Spacek wrote: Variant C - An alternative is to be lazy and dumb. Maybe it would be enough for

Re: [Freeipa-devel] [REVIEW] Intial stab towards Authentication Indicators

On Thu, 2016-02-25 at 16:51 -0500, Simo Sorce wrote: > On Thu, 2016-02-25 at 16:13 -0500, Nathaniel McCallum wrote: > > > > On Thu, 2016-02-25 at 12:19 -0500, Nathaniel McCallum wrote: > > > > > > On Thu, 2016-02-25 at 10:49 -0500, Simo Sorce wrote: > > > > > > > > > > > > On Thu, 2016-02-25

[Freeipa-devel] [PATCH 0403] adtrustinstance: Make sure smb.conf exists

Hi, The 'net' command fails unless smb.conf exists. Touch the file prior to any 'net' call to make sure we do not crash for this very reason. I couldn't find the aforementioned Samba bug either in the RH/Samba bugzilla, despite spending non-trivial amount of time searching for it. Can somebody

Re: [Freeipa-devel] URI in HBAC rules - patch - request for feedback

Greetings, welcome! On 02/26/2016 01:17 PM, Lukáš Hellebrandt wrote: ... > Btw, is there some better place to share patches than a pasting tool? > Maybe some form of pull request? There is :-) Please see advise here: http://www.freeipa.org/page/Contribute/Code#Submit_a_patch It has more

[Freeipa-devel] URI in HBAC rules - patch - request for feedback

Hi, FreeIPA and SSSD communities! I am working on adding URI to HBAC as my thesis [1]. The goal is to control access not only based on (user, host, service), but on (user, host, service, resource's URI). I created a patch for FreeIPA [2] so it is capable of storing URI as part of HBAC rule. I

Re: [Freeipa-devel] [PATCH 200] slapi-nis: update configuration to allow external members

On 02/26/2016 07:30 AM, Jan Cholasta wrote: > On 22.2.2016 19:56, Tomas Babej wrote: >> >> >> On 02/22/2016 06:14 PM, Alexander Bokovoy wrote: >>> On Mon, 22 Feb 2016, Tomas Babej wrote: On 02/22/2016 11:48 AM, Alexander Bokovoy wrote: > Hi, > > attached patch should

Re: [Freeipa-devel] [PATCH] 953 advise: configure TLS in redhat_nss_pam_ldapd and redhat_nss_ldap plugins

On (25/02/16 18:01), Petr Vobornik wrote: >I did not add --enableldapstarttls to config_redhat_nss_ldap because I'm not >sure if it is present on el5 (IMO it is not). > I can confirm it doesn't have such option [root@host /]# authconfig --help | grep -A1 "tls\|ssl" --enableldaptls,

[Freeipa-devel] Request to add support to specify username/password for each host

Greetings, Request to review the patch for https://fedorahosted.org/python-pytest-multihost/ticket/5 Regards Niranjan From 28cd560f58b96817306a6eae6976e26166a9351a Mon Sep 17 00:00:00 2001 From: Niranjan MR Date: Fri, 26 Feb 2016 15:30:25 +0530 Subject: [PATCH]

Re: [Freeipa-devel] [PATCH 0421] Make PTR records check optional for IPA installation

On 02/25/2016 12:06 PM, Petr Spacek wrote: > On 24.2.2016 15:13, Martin Basti wrote: >> https://fedorahosted.org/freeipa/ticket/5686 >> >> Patch attached. > > LGTM, ACK if it passes QE testing. > That did it. Works with both replica-prepare under domain level 0 and with replica-install on

Re: [Freeipa-devel] [REVIEW] Intial stab towards Authentication Indicators

On 02/25/2016 10:51 PM, Simo Sorce wrote: > On Thu, 2016-02-25 at 16:13 -0500, Nathaniel McCallum wrote: >> On Thu, 2016-02-25 at 12:19 -0500, Nathaniel McCallum wrote: >>> On Thu, 2016-02-25 at 10:49 -0500, Simo Sorce wrote: On Thu, 2016-02-25 at 10:32 -0500, Nathaniel McCallum wrote: