URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
HonzaCholasta commented:
"""
`ipa-replica-install` with `--setup-ca` fails with:
```
2017-02-28T07:38:41Z DEBUG File
"/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
return_
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
HonzaCholasta commented:
"""
CA-less to CA-full `ipa-ca-install` fails with:
```
2017-02-28T07:24:47Z DEBUG File
"/usr/lib/python2.7/site-packages/ipaserver/install/installutils.py", line 892,
in run_script
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
HonzaCholasta commented:
"""
Upgrade from 4.3 fails with:
```
2017-02-28T07:07:18Z DEBUG Starting external process
2017-02-28T07:07:18Z DEBUG args=/usr/bin/pk12util -d /etc/httpd/alias -o (6,
'/etc/httpd/alias/
URL: https://github.com/freeipa/freeipa/pull/434
Title: #434: csrgen: Automate full cert request flow
LiptonB commented:
"""
@HonzaCholasta thanks, updated!
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/434#issuecomment-282931634
--
Manage your subscription for the Freei
URL: https://github.com/freeipa/freeipa/pull/434
Author: LiptonB
Title: #434: csrgen: Automate full cert request flow
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/434/head:pr434
git checkout pr434
From 8
URL: https://github.com/freeipa/freeipa/pull/501
Author: tiran
Title: #501: C compilation fixes and hardening
Action: edited
Changed field: body
Original value:
"""
Fix "implicit declaration of function ‘strlen’" in ipa_pwd_ntlm.c,
credits to Lukas.
Add -Werror=implicit-function-declaration
URL: https://github.com/freeipa/freeipa/pull/400
Title: #400: WebUI: Certificate Mapping
pvomacka commented:
"""
Hello @flo-renaud and @pvoborni
thank you for reviews, all proposed changes are done in last commits, please
look at them. Thank you very much.
"""
See the full comment at
https:
URL: https://github.com/freeipa/freeipa/pull/400
Author: pvomacka
Title: #400: WebUI: Certificate Mapping
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/400/head:pr400
git checkout pr400
From c2a6ce41c54cc
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
martbab commented:
"""
OK I will then hard-code `add_sids=True` in ipa-server-install
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/479#issuecomment-282784419
--
Ma
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
abbra commented:
"""
Unless you specified --add-sids to ipa-adtrust-install (or `add_sids=True` in
ADTrustInstance.setup() call), no task would be run. 'Activating sidgen task'
only adds
URL: https://github.com/freeipa/freeipa/pull/514
Title: #514: Limit sessions to 30 minutes by default
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/C
URL: https://github.com/freeipa/freeipa/pull/514
Title: #514: Limit sessions to 30 minutes by default
simo5 commented:
"""
No, we do not store sessions in a session db, so that setting is not useful to
us.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/514#issuecomment-28
URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
simo5 commented:
"""
Seemed worth fixing at the same time, but I won't insist.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/508#issuecomment-282770785
--
Manage your subscrip
URL: https://github.com/freeipa/freeipa/pull/514
Title: #514: Limit sessions to 30 minutes by default
tiran commented:
"""
Would it makes sense to add
https://httpd.apache.org/docs/trunk/mod/mod_session.html#sessionexpiryupdateinterval
and set it to a small value like 30 seconds?
> The Sessio
URL: https://github.com/freeipa/freeipa/pull/515
Author: tiran
Title: #515: Re-add ipapython.config.config for backwards compatibilty
Action: opened
PR body:
"""
IPAConfig, config and init_config were removed in rev 7b966e85. Ipsilon uses
ipapython.config to get realm, domain and server of an
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
martbab commented:
"""
@abbra I think that I am confused by the way sidgen plugin works. During LDAP
configuration I can see that sidgen/extdom plugins are activated. e.g:
```
...
[43/4
Rawhide has an updated python-pyasn1, v0.2,3, and F-25 will soon have it
in updates-testing.
It worked in my limited testing in IPA.
It is primarily a performance release but includes some fixes from 0.2.2
which I never pushed into Fedora.
rob
--
Manage your subscription for the Freeipa-devel
URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
flo-renaud commented:
"""
@simo5 @abbra I agree but this should be tracked in a separate issue.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/508#issuecomment-282761362
--
Man
URL: https://github.com/freeipa/freeipa/pull/514
Author: simo5
Title: #514: Limit sessions to 30 minutes by default
Action: opened
PR body:
"""
When we changed the session handling code we unintentinally extended
sessions expiraion time to the whole ticket lifetime of 24h.
Related to https://
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
stlaz commented:
"""
There's going to be 0.6.3 version fixing some more issues.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/511#issuecomment-282757858
--
Manage you
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
Label: -ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribut
URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
abbra commented:
"""
Good point. I think we shouldn't restart ourselves as we anyway are listening
on all interfaces with 0.0.0.0.
"""
See the full comment at
https://github.com/freeipa/freeipa/pul
URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
simo5 commented:
"""
Should we also change the Requires on network.target ?
Do we really want to have a restart of IPa if someone restarts the network ?
"""
See the full comment at
https://github.co
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
abbra commented:
"""
If you can differentiate how the installer is being run, then for composite
installer always run add_sids.
"""
See the full comment at
https://github.com/freeipa/fre
URL: https://github.com/freeipa/freeipa/pull/512
Title: #512: test_config: fix fips_mode key in Env
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Cod
URL: https://github.com/freeipa/freeipa/pull/513
Title: #513: certdb: Don't restore_context() of new NSSDB
tiran commented:
"""
I also dropped =1 check. http://man7.org/linux/man-pages/man2/chown.2.html
> If the owner or group is specified as -1, then that ID is not changed.
"""
See the full c
URL: https://github.com/freeipa/freeipa/pull/513
Author: tiran
Title: #513: certdb: Don't restore_context() of new NSSDB
Action: opened
PR body:
"""
It's not necesary to restore the context of newly created files. SELinux
ensures that new files have the correct permission. An explicit
restore_
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
martbab commented:
"""
I have noticed that the check for installed dependencies is buggy, I will have
to fix it before pushing.
Also we would need to move the 'editors' group addition to
URL: https://github.com/freeipa/freeipa/pull/512
Author: tomaskrizek
Title: #512: test_config: fix fips_mode key in Env
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/512/head:pr512
git checkout pr512
From
URL: https://github.com/freeipa/freeipa/pull/479
Title: #479: Merge AD trust installer into composite ones
Label: -ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contrib
URL: https://github.com/freeipa/freeipa/pull/512
Author: tomaskrizek
Title: #512: test_config: fix fips_mode key in Env
Action: opened
PR body:
"""
Setting fips_mode to object would fail if ipaplatform.tasks module
wasn't present.
https://fedorahosted.org/freeipa/ticket/5695
"""
To pull the
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribut
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
stlaz commented:
"""
NSS DB creation removed from server install, did not realize it does not matter
anymore.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/367#issuecomment-282703536
--
Hello list,
today and tomorrow a migration of FreeIPA issue tracker[1] and git repo
will take place.
It is due to FedoraHosted sunset [2]. Both will be migrated to pagure.io
[3].
During this migration it won't be possible to add new tickets and
comments to Trac or Pagure.
[1] https://fed
URL: https://github.com/freeipa/freeipa/pull/367
Title: #367: Remove nsslib from IPA
stlaz commented:
"""
All the raised issues should've been addressed in the latest PR. Except for the
NSS DB creation, please answer the question in
`ipaserver/install/server/install.py`
"""
See the full comme
URL: https://github.com/freeipa/freeipa/pull/509
Title: #509: Migrate OTP import script to python-cryptography
MartinBasti commented:
"""
@stlaz Why is this closed? I don't see any push/commit here
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/509#issuecomment-282687686
-
URL: https://github.com/freeipa/freeipa/pull/509
Title: #509: Migrate OTP import script to python-cryptography
MartinBasti commented:
"""
@stlaz Why is this closed? I don't see any push/commit here
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/509#issuecomment-282687686
-
URL: https://github.com/freeipa/freeipa/pull/509
Title: #509: Migrate OTP import script to python-cryptography
tiran commented:
"""
The importer uses RSAES-PKCS1 v1.5 to decrypt a session key. PKCS1 v1.5 is
potentially vulnerable to CCA Bleichenbacher. In my professional opinion, the
OTP impor
URL: https://github.com/freeipa/freeipa/pull/501
Author: tiran
Title: #501: C compilation fixes and hardening
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/501/head:pr501
git checkout pr501
From 244c9a552
URL: https://github.com/freeipa/freeipa/pull/510
Title: #510: Vault: port key wrapping to python-cryptography
tiran commented:
"""
I can answer the question myself. The side channel attack on RSAEP PKCS1 v1.5
is a chosen-ciphertext attack Bleichenbacher attack. It applies to unpadding
and RSA
URL: https://github.com/freeipa/freeipa/pull/510
Title: #510: Vault: port key wrapping to python-cryptography
tiran commented:
"""
@simo5 Do I remember correctly that PKCS1v1.5 side channel attacks applies only
to unpadding and not to padding?
"""
See the full comment at
https://github.com/fr
URL: https://github.com/freeipa/freeipa/pull/507
Author: tiran
Title: #507: Use https to get security domain from Dogtag
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/507/head:pr507
git checkout pr507
Fro
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
stlaz commented:
"""
@HonzaCholasta Thank you, please kick Travis once the build is done
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/511#issuecomment-282665763
--
M
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
HonzaCholasta commented:
"""
@stlaz,
https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-master/build/519196/
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/511#
URL: https://github.com/freeipa/freeipa/pull/448
Title: #448: Tests: Basic coverage with tree root domain
gkaihorodova commented:
"""
Bump for review
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/448#issuecomment-282664683
--
Manage your subscription for the Freeipa-deve
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
stlaz commented:
"""
Unfortunately, we can't push this until we find a way to provide the rpm for
Travis.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/511#issuecomme
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
stlaz commented:
"""
Works for me
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/511#issuecomment-282659959
--
Manage your subscription for the Freeipa-devel mailing l
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
Label: -ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribut
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
stlaz commented:
"""
Works for me
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/511#issuecomment-282659959
--
Manage your subscription for the Freeipa-devel mailing l
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribut
URL: https://github.com/freeipa/freeipa/pull/453
Author: tiran
Title: #453: Cleanup certdb
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/453/head:pr453
git checkout pr453
From be337e545ddfb65a34e3eb708702
URL: https://github.com/freeipa/freeipa/pull/510
Author: tiran
Title: #510: Vault: port key wrapping to python-cryptography
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/510/head:pr510
git checkout pr510
URL: https://github.com/freeipa/freeipa/pull/511
Author: dkupka
Title: #511: Bump required version of gssproxy to 0.6.2
Action: opened
PR body:
"""
https://fedorahosted.org/freeipa/ticket/6698
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fe
53 matches
Mail list logo