On 5.5.2014 16:46, Tomas Hozza wrote:
Fix crash in create_zone().
dns_zone_getmgr(zone) call in cleanup section was called even if zone
was NULL.
This patch should go to master, v4 and v3 branches where applicable.
You probably need to use debugger to reproduce this crash. I have encountered
On 5.5.2014 16:56, Tomas Hozza wrote:
Hello,
Handle paths without trailing / in fs_dirs_create().
This patch should go to all branches with fs_dirs_create() function.
--
Petr^2 Spacek
Looks good.
ACK
Pushed to master:
21136d9b6933a733586fba3a83e9b2be050a948d
--
Petr^2 Spacek
On 5.5.2014 16:56, Tomas Hozza wrote:
Hello,
Update .gitignore to skip Eclipse and Autotools files.
--
Petr^2 Spacek
ACK
Pushed to master:
5dbb7fa8426cd5512cd7ce99dc6546b7928cfbfb
--
Petr^2 Spacek
___
Freeipa-devel mailing list
On 1.5.2014 16:10, Rich Megginson wrote:
On 04/30/2014 10:19 AM, Petr Spacek wrote:
Hello list,
following text summarizes schema DIT layout for DNSSEC key storage in LDAP.
This is subset of full PKCS#11 schema [0]. It stores bare keys with few
metadata attributes when necessary
On 30.4.2014 09:12, Martin Kosek wrote:
On 04/30/2014 08:21 AM, Fraser Tweedale wrote:
Hi all,
Fraser Tweedale, brand new Red Hatter, working in the Brisbane
office on FreeIPA/Dogtag, and needing the wisdom of seasoned IPA
developers on how best to set things up.
In particular, is it common
Hello list,
following text summarizes schema DIT layout for DNSSEC key storage in LDAP.
This is subset of full PKCS#11 schema [0]. It stores bare keys with few
metadata attributes when necessary.
The intention is to make transition to full PKCS#11-in-LDAP schema [0] as easy
as possible.
Hello Gabe!
On 25.4.2014 16:28, Gabe Alford wrote:
Here is a patch for https://fedorahosted.org/freeipa/ticket/3735.
It seemed better to try to stop ntpd before running ntpdate rather than not
running ntpdate if ntpd was already running. I believe this patch only
applies to the ipa-3-3
Hello,
This patch set adds support for NSEC3. See commit messages for details.
--
Petr^2 Spacek
From 2a1bae4420a587ffbd660071a4a8af9bb1db4ec2 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Tue, 29 Apr 2014 18:34:48 +0200
Subject: [PATCH] Fix false error message about secure
On 21.4.2014 14:48, Simo Sorce wrote:
On Mon, 2014-04-21 at 08:39 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Thu, 2014-04-17 at 18:25 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Thu, 2014-04-17 at 15:00 -0400, Rob Crittenden wrote:
Simo Sorce wrote:
On Thu, 2014-04-17 at 15:48
Hello,
This patch set configures secure zones according to policies in LDAP.
--
Petr^2 Spacek
From 68a247c0abc6a3ba8c0eb4f849eef2868f85bb82 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Wed, 23 Apr 2014 18:04:55 +0200
Subject: [PATCH] Move secure zone configuration from
: Petr Spacek pspa...@redhat.com
Date: Wed, 23 Apr 2014 18:09:57 +0200
Subject: [PATCH] Rename zone variables in update_record().
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
Signed-off-by: Petr Spacek pspa...@redhat.com
---
src/ldap_helper.c | 34 +++---
1 file
On 22.4.2014 11:34, Jan Cholasta wrote:
On 11.4.2014 17:23, Martin Basti wrote:
Updated patches attached.
Patch 0047-1 should be applied between patches 0040-2 and 0041-2
Patch 0043-1 was squashed into 0038-2
Patch 0044-1 was squashed into 0039-2
Patch 0034-1 was squashed into 0032-2
Patch
On 17.4.2014 20:00, Petr Spacek wrote:
Hello,
This patch set attempts to move ldap_parse_master_zoneentry() a little bit
closer to sane code.
It is preparation for
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
bind-dyndb-ldap-pspacek-0242-2-Refactor-master-zone-configuration.patch fixes
:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Fri, 18 Apr 2014 14:43:04 +0200
Subject: [PATCH] Separate raw and secure zones in Zone Register.
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
Signed-off-by: Petr Spacek pspa...@redhat.com
---
src/ldap_helper.c | 67
Hello,
This patch set attempts to move ldap_parse_master_zoneentry() a little bit
closer to sane code.
It is preparation for
https://fedorahosted.org/bind-dyndb-ldap/ticket/56
--
Petr^2 Spacek
From bfa03960c700bedda454bb7cef5c89bbfce1bbba Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa
On 16.4.2014 05:01, Gabe Alford wrote:
The following patches update the Solaris documentation and add a proxy
agent/profile for Solaris.
- Solaris documentation update
https://fedorahosted.org/freeipa/ticket/3731
- Patch adds default Proxy Agent and default_secure profile through
Hello,
Update .gitignore to skip Eclipse and Autotools files.
--
Petr^2 Spacek
From e16b64e91d2b2153b296d0429d04097ba2823134 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Wed, 16 Apr 2014 16:00:23 +0200
Subject: [PATCH] Update .gitignore to skip Eclipse and Autotools files
code ...
--
Petr^2 Spacek
From 5a929a3543df69eb6ee3029429c6c6e3653d54e7 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Tue, 15 Apr 2014 18:44:34 +0200
Subject: [PATCH] Fix crash in create_zone().
dns_zone_getmgr(zone) call in cleanup section was called even if zone
was NULL
On 9.4.2014 10:03, Tomas Hozza wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/01/2014 08:29 PM, Petr Spacek wrote:
Hello,
Fix record parsing to prevent child zone corruption.
Child zone hosted on the same server as parent zone was
corrupted by bug in update_record().
Child zone's
Hello,
Add bind-lite-devel to BuildRequires.
Pushed to master: 0a3160bd3a4195429d082d7d48ffa596212c4b82
Bump NVR to 4.2.
Pushed to master: 2568801743900684e00cc466deef1c5919d3480f
--
Petr^2 Spacek
From 0a3160bd3a4195429d082d7d48ffa596212c4b82 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa
Spacek
From 388b8b36b719c34c7fd4e8aab98eefc9c3130181 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Wed, 9 Apr 2014 14:01:00 +0200
Subject: [PATCH] Prevent NULL dereference before sync_concurr_limit_signal()
calls.
Missing check was causing NULL dereference in case where
On 9.4.2014 15:50, Ludwig Krispenz wrote:
On 04/09/2014 12:31 AM, Simo Sorce wrote:
On Tue, 2014-04-08 at 12:00 +0200, Ludwig Krispenz wrote:
Replication storms. In my opinion the replication of a mod of one or
two attribute in a entry will be faster than the bind itself.
Think about the
On 9.4.2014 15:20, Tomas Hozza wrote:
On 04/09/2014 02:07 PM, Petr Spacek wrote:
Hello,
Prevent NULL dereference before sync_concurr_limit_signal() calls.
Missing check was causing NULL dereference in case where
manager_get_ldap_instance() failed. This typically happens when BIND
On 9.4.2014 17:39, Lukas Slebodnik wrote:
On (09/04/14 16:38), Petr Spacek wrote:
On 9.4.2014 15:20, Tomas Hozza wrote:
On 04/09/2014 02:07 PM, Petr Spacek wrote:
Hello,
Prevent NULL dereference before sync_concurr_limit_signal() calls.
Missing check was causing NULL dereference in case
Hello,
Bump NVR to 4.3.
Pushed to master: 89f1751ff8f8582d628652060eff3bf5a9d7254a
--
Petr^2 Spacek
From 89f1751ff8f8582d628652060eff3bf5a9d7254a Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Wed, 9 Apr 2014 17:59:32 +0200
Subject: [PATCH] Bump NVR to 4.3.
Signed-off
and send any other feedback via the
freeipa-users mailing list:
http://www.redhat.com/mailman/listinfo/freeipa-users
--
Petr Spacek @ Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 8.4.2014 09:22, Jan Cholasta wrote:
On 4.4.2014 12:59, Petr Spacek wrote:
On 3.4.2014 15:35, Jan Cholasta wrote:
I would shorten origin_sign to just sign.
Sign of what? Decay? :-) I don't think that sign is descriptive enough,
I would personally stick with origin_sign.
Whoops, I meant
On 8.4.2014 10:14, Jan Cholasta wrote:
On 8.4.2014 10:09, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Jan Cholasta wrote:
On 8.4.2014 10:01, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Petr Spacek wrote:
On 8.4.2014 09:22, Jan Cholasta wrote:
On 4.4.2014 12:59, Petr Spacek wrote
On 8.4.2014 10:29, Jan Cholasta wrote:
On 8.4.2014 10:19, Petr Spacek wrote:
On 8.4.2014 10:14, Jan Cholasta wrote:
On 8.4.2014 10:09, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Jan Cholasta wrote:
On 8.4.2014 10:01, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Petr Spacek wrote
On 8.4.2014 10:49, Jan Cholasta wrote:
On 8.4.2014 10:31, Petr Spacek wrote:
On 8.4.2014 10:29, Jan Cholasta wrote:
On 8.4.2014 10:19, Petr Spacek wrote:
On 8.4.2014 10:14, Jan Cholasta wrote:
On 8.4.2014 10:09, Alexander Bokovoy wrote:
On Tue, 08 Apr 2014, Jan Cholasta wrote:
On 8.4.2014
On 4.4.2014 09:17, Martin Kosek wrote:
On 04/04/2014 09:04 AM, Justin Brown wrote:
I would actually do it the opposite way and open the ports after the FreeIPA
server is fully configured. After all, I do not think we want to open the ports
when the server is just half-configured and for
On 3.4.2014 15:35, Jan Cholasta wrote:
On 2.4.2014 14:07, Martin Basti wrote:
Patch 30:
2)
+if isinstance(labels, str):
+if not labels:
+raise ValueError('empty string')
...
+elif isinstance(labels, unicode):
+if not labels:
+
On 4.4.2014 10:20, Ludwig Krispenz wrote:
In the review discussion for the ldap schema for pkcs11 there was one topic,
which we wanted to get the opinion from a broader audience before making a
final decision.
I'll add my opinion for the record:
In pkcs11 there are many boolean attributes,
changes in LDAP and DNS.
My personal recommendation is to use value 5 (for testing!).
--
Petr^2 Spacek
From 5509f954308b910a8b100aaf14239202f6635762 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Wed, 2 Apr 2014 11:04:07 +0200
Subject: [PATCH] Add wait_for_dns option
On 2.4.2014 14:36, Petr Spacek wrote:
Hello,
Add wait_for_dns option to default.conf.
This option makes record changes in DNS tree synchronous.
IPA calls will wait until new data are visible over DNS protocol
or until timeout.
It is intended only for testing. It should prevent tests from
On 28.3.2014 09:43, Martin Kosek wrote:
On 03/28/2014 09:37 AM, Petr Viktorin wrote:
On 03/27/2014 05:44 PM, Petr Spacek wrote:
On 27.3.2014 13:15, Martin Kosek wrote:
On 02/20/2014 03:56 PM, Martin Basti wrote:
On Thu, 2014-02-20 at 14:36 +0100, Petr Spacek wrote:
On 19.2.2014 17:55
/ticket/134
--
Petr^2 Spacek
From 644d8e4d66107bd081dd0023f5b44d1c176861be Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Tue, 1 Apr 2014 18:38:35 +0200
Subject: [PATCH] Fix record parsing to prevent child zone corruption.
Child zone hosted on the same server as parent zone
Hello list,
FYI d...@ietf.org list hosts a discussion about PKI certificate handling in
DNSSEC world. PKIX experts are needed here, please comment (not only) on
following draft.
Glossary for the alphabet soup below:
http://tools.ietf.org/html/draft-ietf-dane-registry-acronyms-04
Hello list,
thread [Freeipa-devel] Read access to container entries reminds me an idea I
have in mind for a while:
We could check effective ACIs [1] for interesting objects (Kerberos master
key, trust objects etc.) and make sure that there is nothing like 'read by
anonymous' etc.
Method
ACK. Please change the IP address before push to something from:
http://tools.ietf.org/html/rfc5737#section-3
192.0.2.1 sounds like a good candidate.
Thanks!
Petr^2 Spacek
On Thu, Mar 27, 2014 at 4:14 AM, Martin Basti mba...@redhat.com wrote:
On Thu, 2014-03-27 at 10:33 +0100, Petr Spacek
On 27.3.2014 00:40, Gabe Alford wrote:
All,
Please review patch for https://fedorahosted.org/freeipa/ticket/3085
Added note that 'nameserver 127.0.0.1' is added to resolv.conf, that it is
recommended to add more replicas to resolv.conf, and the max nameservers
allowed in resolv.conf.
Thank
On 27.3.2014 10:23, Martin Basti wrote:
On Wed, 2014-03-26 at 17:40 -0600, Gabe Alford wrote:
All,
Please review patch for https://fedorahosted.org/freeipa/ticket/3085
Added note that 'nameserver 127.0.0.1' is added to resolv.conf, that
it is recommended to add more replicas to resolv.conf,
On 27.3.2014 13:15, Martin Kosek wrote:
On 02/20/2014 03:56 PM, Martin Basti wrote:
On Thu, 2014-02-20 at 14:36 +0100, Petr Spacek wrote:
On 19.2.2014 17:55, Martin Basti wrote:
On Wed, 2014-02-19 at 17:10 +0100, Petr Spacek wrote:
On 19.2.2014 15:11, Petr Spacek wrote:
On 18.2.2014 17:34
Hello list,
I think that crypto-folks could be interested in discussion on dane-list:
http://www.ietf.org/mail-archive/web/dane/current/msg06599.html
As usual, there are two sides in this discussion and some input from an expert
could help...
Thank you for your time!
--
Petr^2 Spacek
On 19.3.2014 14:33, Jan Cholasta wrote:
freeipa-jcholast-190.2-Store-information-about-which-CA-server-is-master-in.patch
From 147ab524032902f29b8c3048cdaf21c5606f2274 Mon Sep 17 00:00:00 2001
From: Jan Cholastajchol...@redhat.com
Date: Wed, 16 Oct 2013 08:51:06 +
Subject: [PATCH 17/23]
Hello list,
FYI I have come across following RFC drafts:
(please start with the first one :-)
http://www.ietf.org/id/draft-bannister-dbis-mapping-03.txt
http://tools.ietf.org/html/draft-bannister-dbis-passwd-02
http://www.ietf.org/id/draft-bannister-dbis-policy-03.txt
Hello list,
my journey to the IETF land revealed following RFC drafts:
System for Cross-Domain Identity Management
2. SCIM User Scenarios
2.1. Background Context
The System for Cross-domain Identity Management (SCIM) specification
is designed to make managing user identity in cloud based
Hello list,
my journey to the IETF wonderland revealed one more RFC draft:
LDAP Queue Length Control
http://tools.ietf.org/html/draft-hollstein-queuelength-control-01
I have no idea if this can really improve LDAP client performance or not but
IMHO it is worth exploring it.
Maybe only an
On 13.3.2014 13:20, Martin Kosek wrote:
On 03/13/2014 01:10 PM, Alexander Bokovoy wrote:
On Thu, 13 Mar 2014, Martin Kosek wrote:
On 03/13/2014 01:01 PM, Alexander Bokovoy wrote:
On Thu, 13 Mar 2014, Martin Kosek wrote:
On 03/13/2014 12:45 PM, Tomas Babej wrote:
Hi,
Changes the code in the
On 11.3.2014 21:19, Martin Kosek wrote:
On 03/11/2014 07:40 PM, Simo Sorce wrote:
On Tue, 2014-03-11 at 11:33 +0100, Petr Spacek wrote:
Yesterday we have agreed that DNSSEC support is not going to depend on Vault
...
- walk through cn=masters,cn=ipa,cn=etc,dc=ipa,dc=example and check
On 12.3.2014 12:12, Ludwig Krispenz wrote:
On 03/11/2014 11:33 AM, Petr Spacek wrote:
On 10.3.2014 12:08, Martin Kosek wrote:
On 03/10/2014 11:49 AM, Petr Spacek wrote:
On 7.3.2014 17:33, Dmitri Pal wrote:
I do not think it is the right architectural approach to try to fix a
specific
use
On 12.3.2014 14:07, Ludwig Krispenz wrote:
On 03/12/2014 01:09 PM, Petr Spacek wrote:
On 12.3.2014 12:12, Ludwig Krispenz wrote:
On 03/11/2014 11:33 AM, Petr Spacek wrote:
On 10.3.2014 12:08, Martin Kosek wrote:
On 03/10/2014 11:49 AM, Petr Spacek wrote:
On 7.3.2014 17:33, Dmitri Pal wrote
On 10.3.2014 12:08, Martin Kosek wrote:
On 03/10/2014 11:49 AM, Petr Spacek wrote:
On 7.3.2014 17:33, Dmitri Pal wrote:
I do not think it is the right architectural approach to try to fix a specific
use case with one off solution while we already know that we need a key storage.
I would rather
On 11.3.2014 12:21, Martin Kosek wrote:
On 03/11/2014 11:33 AM, Petr Spacek wrote:
On 10.3.2014 12:08, Martin Kosek wrote:
On 03/10/2014 11:49 AM, Petr Spacek wrote:
On 7.3.2014 17:33, Dmitri Pal wrote:
I do not think it is the right architectural approach to try to fix a specific
use case
On 11.3.2014 15:32, Alexander Bokovoy wrote:
after discussing with Petr Spacek, following patch fixes ticket 4224.
Code seems okay but I didn't do functional test.
--
Petr^2 Spacek
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https
On 11.3.2014 16:09, Petr Viktorin wrote:
On 03/11/2014 03:08 PM, Jan Pazdziora wrote:
On Fri, Feb 21, 2014 at 03:30:22PM +0100, Petr Viktorin wrote:
Hello,
A permission object was not removed in permission-add when adding
the ACI failed. Here is a fix.
On 7.3.2014 17:33, Dmitri Pal wrote:
I do not think it is the right architectural approach to try to fix a specific
use case with one off solution while we already know that we need a key storage.
I would rather do things right and reusable than jam them into the currently
proposed release
On 5.3.2014 23:18, Simo Sorce wrote:
Thanks for reading this far :-)
I will bikeshed this thread a little bit:
Can we use kadmin protocol instead of the proprietary LDAP control?
If I remember correctly one of objections was that we do not allow admin to
read the key but it is not true
On 5.3.2014 23:18, Simo Sorce wrote:
Thanks for reading this far :-)
I will bikeshed this thread a little bit:
Can we use kadmin protocol instead of the proprietary LDAP control?
If I remember correctly one of objections was that we do not allow admin to
read the key but it is not true
On 5.3.2014 08:48, Jan Cholasta wrote:
On 5.3.2014 05:10, Simo Sorce wrote:
On Tue, 2014-03-04 at 18:32 -0500, Dmitri Pal wrote:
Remote means that there is a PKCS#11 library that can be loaded into a
process and would remotely connect to a central server via
LDAP/REST/whatever. My point is
On 5.3.2014 14:21, Simo Sorce wrote:
On Wed, 2014-03-05 at 10:53 +0100, Petr Spacek wrote:
On 5.3.2014 08:48, Jan Cholasta wrote:
On 5.3.2014 05:10, Simo Sorce wrote:
On Tue, 2014-03-04 at 18:32 -0500, Dmitri Pal wrote:
Remote means that there is a PKCS#11 library that can be loaded
On 26.2.2014 16:00, Simo Sorce wrote:
need to be protected as carefully as the private key.
This is something I meant to discuss too, how do we protect them ?
Clearly we have ACIs but I am wondering if we want to encrypt them with
keys not immediately or easily available via LDAP ?
It's
On 16.2.2014 13:22, Simo Sorce wrote:
On Fri, 2014-02-14 at 14:51 +0100, Petr Spacek wrote:
Hello,
I have got an silly idea to use TPM (Trusted Platform Module) as backend for
Keytab storage (via GSS-Proxy).
GSS-Proxy prevents application from accessing key material, right? So
GSS-Proxy could
On 4.3.2014 17:00, Dmitri Pal wrote:
On 03/04/2014 10:26 AM, Simo Sorce wrote:
On Tue, 2014-03-04 at 13:51 +0100, Petr Spacek wrote:
On 26.2.2014 16:00, Simo Sorce wrote:
need to be protected as carefully as the private key.
This is something I meant to discuss too, how do we protect them
On 4.3.2014 17:25, Dmitri Pal wrote:
On 03/04/2014 11:08 AM, Petr Spacek wrote:
On 16.2.2014 13:22, Simo Sorce wrote:
On Fri, 2014-02-14 at 14:51 +0100, Petr Spacek wrote:
Hello,
I have got an silly idea to use TPM (Trusted Platform Module) as backend for
Keytab storage (via GSS-Proxy).
GSS
Hello list,
On 13.2.2014 18:36, Petr Spacek wrote:
Automatic key rotation:
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/DNSSEC/Keys/Longterm
I have started discussion with OpenDNSSEC people about LDAP database backend
and distributed-key generation:
http://lists.opendnssec.org
On 4.3.2014 17:43, Dmitri Pal wrote:
On 03/04/2014 11:25 AM, Petr Spacek wrote:
On 4.3.2014 17:00, Dmitri Pal wrote:
On 03/04/2014 10:26 AM, Simo Sorce wrote:
On Tue, 2014-03-04 at 13:51 +0100, Petr Spacek wrote:
On 26.2.2014 16:00, Simo Sorce wrote:
need to be protected as carefully
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue, 2014-03-04 at 19:14 +0100, Petr Spacek wrote:
On 4.3.2014 17:43, Dmitri Pal wrote:
On 03/04/2014 11:25 AM, Petr Spacek wrote:
On 4.3.2014 17:00, Dmitri Pal wrote:
On 03/04/2014 10:26 AM, Simo
On 4.3.2014 21:25, Petr Spacek wrote:
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue, 2014-03-04 at 19:14 +0100, Petr Spacek wrote:
On 4.3.2014 17:43, Dmitri Pal wrote:
On 03/04/2014 11:25 AM, Petr Spacek wrote:
On 4.3.2014 17:00, Dmitri Pal
On 4.3.2014 22:15, Simo Sorce wrote:
On Tue, 2014-03-04 at 21:25 +0100, Petr Spacek wrote:
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue, 2014-03-04 at 19:14 +0100, Petr Spacek wrote:
On 4.3.2014 17:43, Dmitri Pal wrote:
On 03/04/2014 11:25
On 4.3.2014 22:53, Simo Sorce wrote:
On Tue, 2014-03-04 at 22:38 +0100, Petr Spacek wrote:
On 4.3.2014 22:15, Simo Sorce wrote:
On Tue, 2014-03-04 at 21:25 +0100, Petr Spacek wrote:
On 4.3.2014 20:48, Simo Sorce wrote:
On Tue, 2014-03-04 at 14:19 -0500, Simo Sorce wrote:
On Tue, 2014-03-04
On 4.3.2014 23:18, Dmitri Pal wrote:
We need PKCS#11 for CA certificates, BIND and OpenDNSSEC anyway so we need
to design schema for *public* data. All private data can be stored in Vault
if we agree on that.
Do we need it on the server and if so can it be exposed by the vault rather
than via
Hello list,
Proposal for access control related to PC/SC smart cards follows.
I have no idea if it applies to PKCS#11 or not but I think somebody
knowledgeable in this area should look into it ...
I'm sorry Honza :-)
Petr^2 Spacek
Original Message
Subject: F21 System Wide
On 28.2.2014 11:53, Sumit Bose wrote:
Hi,
I just tried to install FreeIPA on a fresh F20 VM and
'ipa-server-install --setup-dns' failed to start FreeIPA finally after
everything was configured.
The reason was that starting named timed out because
generate-rndc-key.sh was basically blocking
On 28.2.2014 12:10, Sumit Bose wrote:
On Fri, Feb 28, 2014 at 11:59:57AM +0100, Petr Spacek wrote:
On 28.2.2014 11:53, Sumit Bose wrote:
I just tried to install FreeIPA on a fresh F20 VM and
'ipa-server-install --setup-dns' failed to start FreeIPA finally after
everything was configured
On 28.2.2014 15:25, Nathaniel McCallum wrote:
On Fri, 2014-02-28 at 10:47 +0100, Petr Vobornik wrote:
On 28.2.2014 04:02, Rob Crittenden wrote:
Alexander Bokovoy wrote:
On Thu, 27 Feb 2014, Nathaniel McCallum wrote:
So the recent discussion on importing tokens led me to write a script to
Hello,
Remove release tag from BIND dependency.
This change should allow to build v3 branch on RHEL/CentOS 6.
Pushed to v3 branch 2ec56086e811a2247e7a75b5eb5d4784751cb2a5.
--
Petr^2 Spacek
From 2ec56086e811a2247e7a75b5eb5d4784751cb2a5 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa
On 27.2.2014 17:24, Ludwig Krispenz wrote:
On 02/27/2014 03:56 PM, Jan Cholasta wrote:
On 27.2.2014 15:23, Ludwig Krispenz wrote:
On 02/27/2014 02:14 PM, Jan Cholasta wrote:
On 18.2.2014 17:19, Martin Kosek wrote:
On 02/18/2014 04:38 PM, Jan Cholasta wrote:
On 18.2.2014 16:35, Petr Spacek
On 27.2.2014 17:55, Ludwig Krispenz wrote:
On 02/27/2014 05:46 PM, Rich Megginson wrote:
On 02/27/2014 09:37 AM, Petr Spacek wrote:
On 27.2.2014 17:24, Ludwig Krispenz wrote:
On 02/27/2014 03:56 PM, Jan Cholasta wrote:
On 27.2.2014 15:23, Ludwig Krispenz wrote:
On 02/27/2014 02:14 PM
Hello,
Require BIND = 9.8.2 instead of = 9.9.0.
Pushed to v3 branch: 28cd600ddc0a9473b3adb31dd82ea99d7c92f983
--
Petr^2 Spacek
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 26.2.2014 15:20, Ludwig Krispenz wrote:
I was talking about 'layer of indirection' previously. I'm digging into
details and it seems like a good idea to imitate what DNS registrars do
- use concept of key sets. It means that keys are not linked to a zone
one by one but rather a whole set of
On 24.2.2014 18:56, Lukas Slebodnik wrote:
On (24/02/14 16:48), Petr Spacek wrote:
Hello,
Drop unnecessary #define _BSD_SOURCE.
--
Petr^2 Spacek
From 1b5105e3ab92f2a898313da5f7e20e6f3e9d1d2a Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Mon, 24 Feb 2014 16:48:09 +0100
Hello list,
I have seen talk Software Archaeology for Beginners from FOSDEM 2014 [1] and
I have couple notes:
1) User docs:
Make sure that project's documentation tells its own story:
Documentation is not so useful if it is a bunch of unrelated documents. Make
sure that there is
On 24.2.2014 20:20, Simo Sorce wrote:
On Mon, 2014-02-24 at 13:11 +0100, Ludwig Krispenz wrote:
Hi,
here is a draft to start discussion. Lt me know if it is the right
direction and what you're missing.
https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/Design/pkcs11Schema
I think we need to
On 25.2.2014 11:28, Ludwig Krispenz wrote:
On 02/24/2014 08:20 PM, Simo Sorce wrote:
On Mon, 2014-02-24 at 13:11 +0100, Ludwig Krispenz wrote:
Hi,
here is a draft to start discussion. Lt me know if it is the right
direction and what you're missing.
On 25.2.2014 13:49, Ludwig Krispenz wrote:
On 02/25/2014 01:30 PM, Petr Spacek wrote:
On 25.2.2014 11:28, Ludwig Krispenz wrote:
On 02/24/2014 08:20 PM, Simo Sorce wrote:
On Mon, 2014-02-24 at 13:11 +0100, Ludwig Krispenz wrote:
Hi,
here is a draft to start discussion. Lt me know
On 25.2.2014 13:47, Jan Cholasta wrote:
here is a draft of the PKCS#11 design:
http://www.freeipa.org/page/V3/PKCS11_in_LDAP.
I don't understand the purpose of cn=crypto suffix. I thought that PKCS#11
module will have to search for token with given TOKEN_ID or LABEL anyway,
right? Do I miss
On 25.2.2014 15:32, Simo Sorce wrote:
On Tue, 2014-02-25 at 14:52 +0100, Petr Spacek wrote:
On 25.2.2014 13:47, Jan Cholasta wrote:
here is a draft of the PKCS#11 design:
http://www.freeipa.org/page/V3/PKCS11_in_LDAP.
I don't understand the purpose of cn=crypto suffix. I thought that PKCS#11
On 25.2.2014 15:11, Simo Sorce wrote:
On Tue, 2014-02-25 at 14:54 +0100, Ludwig Krispenz wrote:
Any reason why we should follow in detail what softshm does ?
because I did't know what is really needed. If you want to have a
pkcs11
module, which stores data in ldap, I though it should have all
On 25.2.2014 18:26, Jan Cholasta wrote:
On 25.2.2014 17:36, Ludwig Krispenz wrote:
On 02/25/2014 05:12 PM, Simo Sorce wrote:
On Tue, 2014-02-25 at 16:18 +0100, Jan Cholasta wrote:
On 25.2.2014 16:11, Simo Sorce wrote:
On Tue, 2014-02-25 at 15:59 +0100, Petr Spacek wrote:
On 25.2.2014 15:11
Hello,
Remove unused variables and dead code from syncrepl_update().
--
Petr^2 Spacek
From 0a779d8cbf7a9d63567967600786202a060d7859 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Mon, 24 Feb 2014 13:35:23 +0100
Subject: [PATCH] Remove unused variables and dead code from
On 21.2.2014 16:16, Petr Spacek wrote:
On 21.2.2014 15:12, Lukas Slebodnik wrote:
ehlo,
Function get_krb5_tgt is declared in header file krb5_helper.h, but this header
file was not included in implementation file krb5_helper.c
Function fs_dirs_create is declared in header file fs.h
On 21.2.2014 19:14, Lukas Slebodnik wrote:
On (21/02/14 16:12), Petr Spacek wrote:
Hello,
Add function attributes warn_unused_result and nonnull
where appropriate and add missing CHECK()s to string operations.
Lukas, thanks for catching the missing CHECK() around str_new().
As a reward, you
On 24.2.2014 13:53, Lukas Slebodnik wrote:
On (24/02/14 13:36), Petr Spacek wrote:
Hello,
Remove unused variables and dead code from syncrepl_update().
--
Petr^2 Spacek
From 0a779d8cbf7a9d63567967600786202a060d7859 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Mon, 24
On 21.2.2014 19:35, Lukas Slebodnik wrote:
On (13/12/13 17:44), Petr Spacek wrote:
On 12.11.2013 16:13, Petr Spacek wrote:
On 5.11.2013 12:29, Tomas Hozza wrote:
- Original Message -
Hello,
Improve performance of initial LDAP synchronization.
Changes are not journaled and SOA
Hello,
Update NEWS for upcoming 4.1 release Bump NVR to 4.1.
Pushed to master:
da67bf43d89886dd2cce9f1fd3f75ce44c3ab9ed
2dec00224214045d7f00d901fb107b789c8c082d
--
Petr^2 Spacek
From da67bf43d89886dd2cce9f1fd3f75ce44c3ab9ed Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date
via the
freeipa-users mailing list:
http://www.redhat.com/mailman/listinfo/freeipa-users
--
Petr Spacek
Software engineer
Red Hat
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Hello,
Drop unnecessary #define _BSD_SOURCE.
--
Petr^2 Spacek
From 1b5105e3ab92f2a898313da5f7e20e6f3e9d1d2a Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Mon, 24 Feb 2014 16:48:09 +0100
Subject: [PATCH] Drop unnecessary #define _BSD_SOURCE.
Signed-off-by: Petr Spacek pspa
a7329ae3459a135eff2897d3de9da607280b4615 Mon Sep 17 00:00:00 2001
From: Petr Spacek pspa...@redhat.com
Date: Fri, 21 Feb 2014 10:35:35 +0100
Subject: [PATCH] Update to 4.0.
Signed-off-by: Petr Spacek pspa...@redhat.com
---
bind-dyndb-ldap.spec | 31 ---
1 file changed, 24 insertions(+), 7 deletions
On 28.1.2014 16:37, Petr Spacek wrote:
Hello,
Prevent crash if working directory for zone cannot be created.
This patch should go to master branch before 4.0 release.
Pushed to master branch: a2c5b89e46f556555dc82e42a754e0c2c4102dd6
--
Petr^2 Spacek
901 - 1000 of 1581 matches
Mail list logo
