Re: [Freeipa-devel] [PATCH 0146-0147] Server Roles: basic infrastructure

2016-05-24 Thread Martin Basti
On 19.05.2016 16:59, Martin Babinsky wrote: Patch 0146 implements lower-lever infrastructure for querying server roles/attributes Patch 0147 are some basic tests slapped together for the `serverroles` backend to ensure that it works as expected. The new/modified CLI commands specified in

Re: [Freeipa-devel] [PATCH 0094] Migrate from #ifndef guards to #pragma once

2016-05-24 Thread Nathaniel McCallum
On Tue, 2016-05-24 at 11:01 -0400, Nathaniel McCallum wrote: > On Tue, 2016-05-24 at 16:55 +0200, Martin Kosek wrote: > > On 05/24/2016 04:29 PM, Nathaniel McCallum wrote: > > > Using a pragma instead of guards is easier to write, less error > > > prone > > > and avoids name clashes (a source of

Re: [Freeipa-devel] [PATCHES 0089-0093] Authentication Indicators

2016-05-24 Thread Nathaniel McCallum
New versions again. This time I just removed the stray "TODO: assign OID" line in the commit as it no longer applies. On Tue, 2016-05-24 at 12:08 -0400, Nathaniel McCallum wrote: > I have attached new versions of the patches. Comments below. > > On Tue, 2016-05-24 at 15:25 +0200, Sumit Bose

Re: [Freeipa-devel] [PATCHES 0089-0093] Authentication Indicators

2016-05-24 Thread Nathaniel McCallum
I have attached new versions of the patches. Comments below. On Tue, 2016-05-24 at 15:25 +0200, Sumit Bose wrote: > On Thu, May 12, 2016 at 05:33:26PM -0400, Nathaniel McCallum wrote: > > On Fri, 2016-05-06 at 14:44 +0200, Sumit Bose wrote: > > > On Wed, May 04, 2016 at 05:33:55PM -0400,

Re: [Freeipa-devel] [PATCH 0094] Migrate from #ifndef guards to #pragma once

2016-05-24 Thread Nathaniel McCallum
On Tue, 2016-05-24 at 16:55 +0200, Martin Kosek wrote: > On 05/24/2016 04:29 PM, Nathaniel McCallum wrote: > > Using a pragma instead of guards is easier to write, less error > > prone > > and avoids name clashes (a source of very subtle bugs). This pragma > > is supported on almost all compilers,

Re: [Freeipa-devel] [PATCH 0094] Migrate from #ifndef guards to #pragma once

2016-05-24 Thread Christian Heimes
On 2016-05-24 16:29, Nathaniel McCallum wrote: > Using a pragma instead of guards is easier to write, less error prone > and avoids name clashes (a source of very subtle bugs). This pragma > is supported on almost all compilers, including all the compilers we > care about:

Re: [Freeipa-devel] [PATCH 0094] Migrate from #ifndef guards to #pragma once

2016-05-24 Thread Martin Kosek
On 05/24/2016 04:29 PM, Nathaniel McCallum wrote: > Using a pragma instead of guards is easier to write, less error prone > and avoids name clashes (a source of very subtle bugs). This pragma > is supported on almost all compilers, including all the compilers we > care about:

[Freeipa-devel] [PATCH 0094] Migrate from #ifndef guards to #pragma once

2016-05-24 Thread Nathaniel McCallum
Using a pragma instead of guards is easier to write, less error prone and avoids name clashes (a source of very subtle bugs). This pragma is supported on almost all compilers, including all the compilers we care about: https://en.wikipedia.org/wiki/Pragma_once#Portability.From

Re: [Freeipa-devel] [DESIGN] IPA client in AD DNS domain

2016-05-24 Thread Simo Sorce
On Tue, 2016-05-24 at 16:32 +0300, Alexander Bokovoy wrote: > On Tue, 24 May 2016, Simo Sorce wrote: > >On Tue, 2016-05-24 at 10:44 +0300, Alexander Bokovoy wrote: > >> >Alternative technical approach is to add aliases to an host's > >> attribute and > >> >use it from there. I suspect that this

Re: [Freeipa-devel] [PATCHES 0089-0093] Authentication Indicators

2016-05-24 Thread Simo Sorce
On Tue, 2016-05-24 at 15:25 +0200, Sumit Bose wrote: > > #define OTP_SYNC_REQUEST_OID "2.16.840.1.113730.3.8.10.6" > > > > +/* This control has no data. */ > > +#define OTP_REQUIRED_OID "1.2.3.4.5.6.7.8.9" > > + > > Simo, can you assign a proper OID for OTP_REQUIRED_OID ? @@ -446,6 +446,9 @@

Re: [Freeipa-devel] [DESIGN] IPA client in AD DNS domain

2016-05-24 Thread Alexander Bokovoy
On Tue, 24 May 2016, Simo Sorce wrote: On Tue, 2016-05-24 at 10:44 +0300, Alexander Bokovoy wrote: >Alternative technical approach is to add aliases to an host's attribute and >use it from there. I suspect that this would be less flexible and less >future-proof. I don't see a need for

Re: [Freeipa-devel] [DESIGN] IPA client in AD DNS domain

2016-05-24 Thread Simo Sorce
On Tue, 2016-05-24 at 09:55 +0200, Petr Spacek wrote: > >> Alternative technical approach is to add aliases to an host's > attribute and > >> use it from there. I suspect that this would be less flexible and > less > >> future-proof. > > I don't see a need for alias-as-a-property. Instead, I'm

Re: [Freeipa-devel] [PATCHES 0089-0093] Authentication Indicators

2016-05-24 Thread Sumit Bose
On Thu, May 12, 2016 at 05:33:26PM -0400, Nathaniel McCallum wrote: > On Fri, 2016-05-06 at 14:44 +0200, Sumit Bose wrote: > > On Wed, May 04, 2016 at 05:33:55PM -0400, Nathaniel McCallum wrote: > > > This series of patches implements authentication indicator > > > insertion, > > > evaluation and

Re: [Freeipa-devel] [DESIGN] IPA client in AD DNS domain

2016-05-24 Thread Simo Sorce
On Tue, 2016-05-24 at 10:44 +0300, Alexander Bokovoy wrote: > >Alternative technical approach is to add aliases to an host's > attribute and > >use it from there. I suspect that this would be less flexible and > less > >future-proof. > I don't see a need for alias-as-a-property. Instead, I'm

Re: [Freeipa-devel] [PATCH 557] replica install: do not set CA renewal master flag

2016-05-24 Thread Jan Cholasta
On 24.5.2016 10:44, Martin Babinsky wrote: On 05/24/2016 07:49 AM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza ACK Thanks. Pushed to: master: dea924ac8a04c923d96e04c4c40e253ae1ee857c ipa-4-2:

Re: [Freeipa-devel] [PATCH 0146-0147] Server Roles: basic infrastructure

2016-05-24 Thread Martin Babinsky
On 05/19/2016 04:59 PM, Martin Babinsky wrote: Patch 0146 implements lower-lever infrastructure for querying server roles/attributes Patch 0147 are some basic tests slapped together for the `serverroles` backend to ensure that it works as expected. The new/modified CLI commands specified in

Re: [Freeipa-devel] [PATCH 557] replica install: do not set CA renewal master flag

2016-05-24 Thread Martin Babinsky
On 05/24/2016 07:49 AM, Jan Cholasta wrote: Hi, the attached patch fixes . Honza ACK -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to

Re: [Freeipa-devel] [TESTS]{PATCH 0013] Maximum username length higher than 255 cannot be set

2016-05-24 Thread Martin Basti
On 19.05.2016 16:46, Ganna Kaihorodova wrote: Hello! Everything is ok, so ack Best regards, Ganna Kaihorodova Associate Software Quality Engineer Pushed to master: d71de186cc4d942b2a1bb7fcd9677bfcedd86b26 - Original Message - From: "Lenka Doudova" To:

Re: [Freeipa-devel] [PATCH 0099] ipa-nis-manage: add status option

2016-05-24 Thread Martin Basti
On 23.05.2016 18:12, Martin Babinsky wrote: On 05/23/2016 01:55 PM, Petr Spacek wrote: On 20.5.2016 15:03, Martin Babinsky wrote: On 04/28/2016 05:15 PM, Petr Spacek wrote: On 28.4.2016 14:52, Abhijeet Kasurde wrote: Hi Petr, On 04/25/2016 08:28 PM, Petr Spacek wrote: Hello,

Re: [Freeipa-devel] [DESIGN] IPA client in AD DNS domain

2016-05-24 Thread Alexander Bokovoy
On Tue, 24 May 2016, Petr Spacek wrote: On 24.5.2016 09:44, Alexander Bokovoy wrote: On Tue, 24 May 2016, Petr Spacek wrote: On 24.5.2016 09:26, Alexander Bokovoy wrote: On Tue, 24 May 2016, Petr Spacek wrote: Speaking of certs, should we introduce a aliases for host entries to avoid the

Re: [Freeipa-devel] [DESIGN] IPA client in AD DNS domain

2016-05-24 Thread Petr Spacek
On 24.5.2016 09:44, Alexander Bokovoy wrote: > On Tue, 24 May 2016, Petr Spacek wrote: >> On 24.5.2016 09:26, Alexander Bokovoy wrote: >>> On Tue, 24 May 2016, Petr Spacek wrote: Speaking of certs, should we introduce a aliases for host entries to avoid the need

Re: [Freeipa-devel] [DESIGN] IPA client in AD DNS domain

2016-05-24 Thread Alexander Bokovoy
On Tue, 24 May 2016, Petr Spacek wrote: On 24.5.2016 09:26, Alexander Bokovoy wrote: On Tue, 24 May 2016, Petr Spacek wrote: Speaking of certs, should we introduce a aliases for host entries to avoid the need of fake hosts? These 'fake hosts' are as good as aliases, even better, because they

Re: [Freeipa-devel] [DESIGN] IPA client in AD DNS domain

2016-05-24 Thread Petr Spacek
On 24.5.2016 09:26, Alexander Bokovoy wrote: > On Tue, 24 May 2016, Petr Spacek wrote: >> Speaking of certs, should we introduce a aliases for host entries to >> avoid >> the >> need of fake hosts? > These 'fake hosts' are as good as aliases, even better, because they >

Re: [Freeipa-devel] [DESIGN] IPA client in AD DNS domain

2016-05-24 Thread Alexander Bokovoy
On Tue, 24 May 2016, Petr Spacek wrote: Speaking of certs, should we introduce a aliases for host entries to avoid the need of fake hosts? These 'fake hosts' are as good as aliases, even better, because they allow us to have full control over who can manage them. I do not see how this is

Re: [Freeipa-devel] [DESIGN] IPA client in AD DNS domain

2016-05-24 Thread Petr Spacek
On 24.5.2016 08:56, Alexander Bokovoy wrote: > On Mon, 23 May 2016, Petr Spacek wrote: >> On 20.5.2016 12:43, Alexander Bokovoy wrote: >>> On Fri, 20 May 2016, Petr Spacek wrote: Theory I have seen looks good to me but Security considerations section is missing. The design must spell out

Re: [Freeipa-devel] [DESIGN] IPA client in AD DNS domain

2016-05-24 Thread Alexander Bokovoy
On Mon, 23 May 2016, Petr Spacek wrote: On 20.5.2016 12:43, Alexander Bokovoy wrote: On Fri, 20 May 2016, Petr Spacek wrote: Theory I have seen looks good to me but Security considerations section is missing. The design must spell out what are security implications of ignore_acceptor_hostname