URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
We need to find why it breaks though, but yeah I think we can go forward with
this patch of others agree.
Can you open a separate bug for the failure you
URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
I meant my setup was unclean.
I will try to reproduce here.
Does master w/o this patch work properly against 4.4.4 ?
"""
See the full comment
URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
I've seen this once but thought it was a fluke due to my "unclean" master, as
the following times it did not happen.
Can you reproduce the error a
URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
Turned out my master had some more relaxed permissions I added when developing
the feature.
I now have added a new function to just check for the host keys
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From
URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
Nevermind I finally reproduced
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/679#issuecomment-298750030
--
Manage you
URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
@stlaz just FYI, I am sking this info because I cannot reproduce locally with a
single replica.
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
Can you please attach more of the logs before the failure ?
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/679#issuecom
URL: https://github.com/freeipa/freeipa/pull/746
Title: #746: KDC proxy URI records
simo5 commented:
"""
We can probably defer.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/746#issuecomment-298087667
--
Manage your subscription for the Fre
URL: https://github.com/freeipa/freeipa/pull/746
Title: #746: KDC proxy URI records
simo5 commented:
"""
@MartinBasti In this case we need a way to tell the system what are the
priorities and which protocols are enabled, priorities are important too,
admins need to be able
URL: https://github.com/freeipa/freeipa/pull/746
Title: #746: KDC proxy URI records
simo5 commented:
"""
I am not entirely sure we want to care for the cse where an admin disables KDC
Proxy in an automatic fashion; otherwise we would also need to check if TCP or
UDP are disa
URL: https://github.com/freeipa/freeipa/pull/742
Title: #742: Revert "Store GSSAPI session key in /var/run/ipa"
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/743
Title: #743: [ipa-4-5] Revert "Store GSSAPI session key in /var/run/ipa"
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/742
Title: #742: Revert "Store GSSAPI session key in /var/run/ipa"
Label: -ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/742
Title: #742: Revert "Store GSSAPI session key in /var/run/ipa"
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/723
Title: #723: Store GSSAPI session key in /var/run/httpd
simo5 commented:
"""
The current patch moved the key in a place where apache cannot write, resulting
in an ephemeral key that is thrown away each time apache is restarted/rel
URL: https://github.com/freeipa/freeipa/pull/723
Title: #723: Store GSSAPI session key in /var/run/httpd
simo5 commented:
"""
As I noted in the ticket: "At most you may want to store it in
/var/lib/ipa/somewhere, but we do not want to break sessions (there are people
URL: https://github.com/freeipa/freeipa/pull/723
Author: MartinBasti
Title: #723: Store GSSAPI session key in /var/run/httpd
Action: reopened
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/723/head:pr723
git checkout pr723
--
URL: https://github.com/freeipa/freeipa/pull/723
Title: #723: Store GSSAPI session key in /var/run/httpd
simo5 commented:
"""
This patch is wrong please revert
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/723#issuecomment-29769961
URL: https://github.com/freeipa/freeipa/pull/738
Title: #738: restore: restart gssproxy after restore
simo5 commented:
"""
will a "systemctl reload gssproxy" do the right thing @frozencemetery ?
"""
See the full comment at
https://github.com/freeipa
URL: https://github.com/freeipa/freeipa/pull/738
Title: #738: restore: restart gssproxy after restore
simo5 commented:
"""
The name of the project is GSS-Proxy, the package name is gssproxy.
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From
URL: https://github.com/freeipa/freeipa/pull/727
Title: #727: Regenerate ASN.1 code with asn1c 0.9.28
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/709
Author: simo5
Title: #709: Fix s4u2self with adtrust
Action: opened
PR body:
"""
When ADtrust is installed we add a PAC to all tickets, during protocol
transition we need to generate a new PAC for the requested user ti
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From
URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
Nevermind they are not duplicates.
I'll fix the commit message.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/679#iss
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: opened
PR body:
"""
In complex replication setups a replica may try to obtain CA keys from a
host that is not the master we initially create the keys agains
URL: https://github.com/freeipa/freeipa/pull/679
Title: #679: Make sure remote hosts have our keys
simo5 commented:
"""
I haven't tested this yet ... but what could possibily go wrong? :-)
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From
URL: https://github.com/freeipa/freeipa/pull/679
Author: simo5
Title: #679: Make sure remote hosts have our keys
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/679/head:pr679
git checkout pr679
From
URL: https://github.com/freeipa/freeipa/pull/664
Author: simo5
Title: #664: Backport of client session storage patches
Action: opened
PR body:
"""
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghf
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
Should I make a new PR for 4.5 ?
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/649#issuecomment-28976119
URL: https://github.com/freeipa/freeipa/pull/649
Author: simo5
Title: #649: Session cookie storage and handling fixes
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/649/head:pr649
git checkout pr649
From
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
I should have addressed all comments.
I did not comment on krb5_principal_compare() because I think that is obvious
and the function definition also
URL: https://github.com/freeipa/freeipa/pull/649
Author: simo5
Title: #649: Session cookie storage and handling fixes
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/649/head:pr649
git checkout pr649
From
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
Thank you @tiran @abbra all very good comments, I'll address soon all of them
"""
See the full comment at
https://github.com/freeipa
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
I aded a 4th patch to address the FILE ccache growth issue.
It is a bit unorthodox but it works. Please review carefully and let me know if
you are ok wit
URL: https://github.com/freeipa/freeipa/pull/649
Author: simo5
Title: #649: Session cookie storage and handling fixes
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/649/head:pr649
git checkout pr649
From
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
The FILE ccache is still growing because we keep getting updated cookies (where
the only thing that changes is the expiration date.
"""
URL: https://github.com/freeipa/freeipa/pull/638
Title: #638: ipalib/rpc.py: Fix session handling for KEYRING: ccaches
simo5 commented:
"""
This PR has been obsoleted by #649
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/638#issuecom
URL: https://github.com/freeipa/freeipa/pull/638
Author: abbra
Title: #638: ipalib/rpc.py: Fix session handling for KEYRING: ccaches
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/638/head:pr638
git checkout
URL: https://github.com/freeipa/freeipa/pull/649
Title: #649: Session cookie storage and handling fixes
simo5 commented:
"""
Note I am still running tests, but I think the patchset is good for review
already.
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/649
Author: simo5
Title: #649: Session cookie storage and handling fixes
Action: opened
PR body:
"""
This patchset improves the behavior of the client in various ways.
- Avoids unbounded growth of FILE ccaches
- Fix regression with
URL: https://github.com/freeipa/freeipa/pull/638
Title: #638: ipalib/rpc.py: Fix session handling for KEYRING: ccaches
simo5 commented:
"""
One way to deal with this in the FILE case is to copy the ccache to a tmp file
and then rename to the original one. There is a risk of raci
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/543
Title: #543: Add options to allow ticket caching
simo5 commented:
"""
@MartinBasti can we push this ? It makes a big difference in framework
performance and load on the KDC
"""
See the full comment at
https://g
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/594
Title: #594: Fix Python 3 pylint errors
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/587
Title: #587: Python 3: Fix session storage
simo5 commented:
"""
Technically principal names could use any encoding ... but we make the
assumption they are utf-8 in freeIPA, so this should be ok.
"""
See the full
URL: https://github.com/freeipa/freeipa/pull/587
Title: #587: Python 3: Fix session storage
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/585
Title: #585: Remove allow_constrained_delegation from gssproxy.conf
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/585
Title: #585: Remove allow_constrained_delegation from gssproxy.conf
simo5 commented:
"""
Please change commit message to:
The Apache process *must* not allowed to use constrained delegation to contact
services because it is
URL: https://github.com/freeipa/freeipa/pull/559
Title: #559: WebUI: Certificate login
Label: -ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/559
Author: pvomacka
Title: #559: WebUI: Certificate login
Action: reopened
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/559/head:pr559
git checkout pr559
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/559
Title: #559: WebUI: Certificate login
simo5 commented:
"""
You need to wait to get th gssproxy fix I've been developing today and set the
minimum gssproxy version to the one with the fix once we get to publish it
"&quo
URL: https://github.com/freeipa/freeipa/pull/559
Title: #559: WebUI: Certificate login
simo5 commented:
"""
NACK NACK NACK
Pleas revert the change to the gssproxy template, it undoes half the work done
in privilege separation
"""
See the full comment at
http
URL: https://github.com/freeipa/freeipa/pull/567
Title: #567: Configure KDC to use certs after they are deployed
simo5 commented:
"""
Sure no prob
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/567#issuecomment-286391140
--
Manage your subs
URL: https://github.com/freeipa/freeipa/pull/567
Title: #567: Configure KDC to use certs after they are deployed
simo5 commented:
"""
Can you figure out exactly why certmonger is doing this ?
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/567
Author: simo5
Title: #567: Configure KDC to use certs after they are deployed
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/567/head:pr567
git checkout
URL: https://github.com/freeipa/freeipa/pull/567
Title: #567: Configure KDC to use certs after they are deployed
simo5 commented:
"""
Should have addressed all concerns in this push
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/567#issuecom
URL: https://github.com/freeipa/freeipa/pull/511
Title: #511: Bump required version of gssproxy to 0.6.2
simo5 commented:
"""
Can you prepare patch for spec file that requires gssproxy >= 0.7.0 and
mod_auth_gssapi >= 1.5.0 ?
"""
See the full comment at
htt
URL: https://github.com/freeipa/freeipa/pull/564
Title: #564: Reconfigure Kerberos library config as the last step of KDC install
simo5 commented:
"""
@martbab @abbra see the pull request in #567
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/567
Title: #567: Configure KDC to use certs after they are deployed
simo5 commented:
"""
Still testing but this should be the way to go to fix the bug reported in #564
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/567
Author: simo5
Title: #567: Configure KDC to use certs after they are deployed
Action: opened
PR body:
"""
Certmonger needs to access the KDC when it tries to obtain certs,
so make sure the KDC can run, then reconfigure it to use
URL: https://github.com/freeipa/freeipa/pull/564
Title: #564: Reconfigure Kerberos library config as the last step of KDC install
simo5 commented:
"""
I do not think this is the correct fix/bug
What we want to do is to change kdc.conf to require certs only after we have
installe
URL: https://github.com/freeipa/freeipa/pull/546
Title: #546: Store session cookie in a ccache option
simo5 commented:
"""
Oops sorry, forgot to run make pylint on my last iteration, should be all fixed
now
"""
See the full comment at
https://github.com/freeipa
URL: https://github.com/freeipa/freeipa/pull/546
Author: simo5
Title: #546: Store session cookie in a ccache option
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/546/head:pr546
git checkout pr546
From
URL: https://github.com/freeipa/freeipa/pull/546
Title: #546: Store session cookie in a ccache option
simo5 commented:
"""
Ok I decide to do away with the whole class stuff, given we never really keep a
round the class object for more than one operation at a time in actual us
URL: https://github.com/freeipa/freeipa/pull/546
Author: simo5
Title: #546: Store session cookie in a ccache option
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/546/head:pr546
git checkout pr546
From
URL: https://github.com/freeipa/freeipa/pull/546
Author: simo5
Title: #546: Store session cookie in a ccache option
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/546/head:pr546
git checkout pr546
From
URL: https://github.com/freeipa/freeipa/pull/546
Title: #546: Store session cookie in a ccache option
simo5 commented:
"""
I also renamed the module and the class, makes more sense to me this way around.
"""
See the full comment at
https://github.com/freeipa
URL: https://github.com/freeipa/freeipa/pull/546
Title: #546: Store session cookie in a ccache option
simo5 commented:
"""
Ok removed a bunch of code and made sure pylint passes.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/546#issuecom
URL: https://github.com/freeipa/freeipa/pull/546
Author: simo5
Title: #546: Store session cookie in a ccache option
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/546/head:pr546
git checkout pr546
From
URL: https://github.com/freeipa/freeipa/pull/546
Title: #546: Store session cookie in a ccache option
simo5 commented:
"""
@rcritten the keyring stuff is still used for detection of keyring in other
places, so I did not touch it as those uses are still vaild
"&quo
URL: https://github.com/freeipa/freeipa/pull/543
Title: #543: Add options to allow ticket caching
simo5 commented:
"""
Yes, I think we should add a new PR later once we release gssproxy 0.7
"""
See the full comment at
https://github.com/freeipa/freeipa/p
URL: https://github.com/freeipa/freeipa/pull/547
Title: #547: Use GSS-SPNEGO if connecting locally
simo5 commented:
"""
We actually do not need to put a strong require, this patch will work
regardless, but won't provide any performance advantage on older versions.
You will
URL: https://github.com/freeipa/freeipa/pull/533
Title: #533: WebUI: Change structure of Identity submenu
simo5 commented:
"""
I do not have enough insights on the .js side to say this is all correct, but
having seen the mockups I want to give an ack from my side here.
&q
URL: https://github.com/freeipa/freeipa/pull/547
Author: simo5
Title: #547: Use GSS-SPNEGO if connecting locally
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/547/head:pr547
git checkout pr547
From
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/547
Author: simo5
Title: #547: Use GSS-SPNEGO if connecting locally
Action: opened
PR body:
"""
GSS-SPNEGO allows us to negotiate a SASL bind with less roundtrips
therefore use it when possible.
We only enable it for local conn
URL: https://github.com/freeipa/freeipa/pull/546
Author: simo5
Title: #546: Store session cookie in a ccache option
Action: opened
PR body:
"""
Instead of using the kernel keyring, store the session cookie within the
ccache. This way kdestroy will really wipe away all creded
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/543/head:pr543
git checkout pr543
From
URL: https://github.com/freeipa/freeipa/pull/543
Author: simo5
Title: #543: Add options to allow ticket caching
Action: opened
PR body:
"""
This new option (planned to land in gssproxy 0.7) we cache the ldap
ticket properly and avoid a ticket lookup to the KDC on each
URL: https://github.com/freeipa/freeipa/pull/532
Title: #532: Fix cookie with Max-Age processing
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/532
Title: #532: Fix cookie with Max-Age processing
simo5 commented:
"""
LGTM, please merge
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/532#issuecomment-284055799
--
Manage your subscription
URL: https://github.com/freeipa/freeipa/pull/532
Title: #532: Fix cookie with Max-Age processing
simo5 commented:
"""
Ok, sorry for some reason I thought this was on the server side, where we do
not care what the cookie looks like, but on the client side we indeed care.
&q
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
simo5 commented:
"""
I am not sure we want to wait for replies from trusted domains, it may be very
slow, and in some cases it will just not work right
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
simo5 commented:
"""
Why do we need to talk to SSSD to do this?
Don't we have all the needed data in LDAP already ?
"""
See the full comment
URL: https://github.com/freeipa/freeipa/pull/508
Title: #508: Fix ipa.service unit re. gssproxy
simo5 commented:
"""
Seemed worth fixing at the same time, but I won't insist.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/508#issuecom
URL: https://github.com/freeipa/freeipa/pull/514
Author: simo5
Title: #514: Limit sessions to 30 minutes by default
Action: opened
PR body:
"""
When we changed the session handling code we unintentinally extended
sessions expiraion time to the whole ticket lifetime of 24h.
R
URL: https://github.com/freeipa/freeipa/pull/506
Title: #506: Use IPA CA cert in Custodia secrets client
simo5 commented:
"""
Works for me.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/506#issuecomment-282282986
--
Manage your subscription
URL: https://github.com/freeipa/freeipa/pull/364
Title: #364: Client-only builds with --disable-server
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/364
Title: #364: Client-only builds with --disable-server
simo5 commented:
"""
So this is the reasoning and why I am approving this PR and not #494.
When you build all components, including server bits, tests are installed,
therefor
URL: https://github.com/freeipa/freeipa/pull/485
Author: simo5
Title: #485: Fix session logout
Action: opened
PR body:
"""
There were 2 issues with session logouts, one is that the logout_cookie
was checked and acted on in the wrong place, the other is that the wron
URL: https://github.com/freeipa/freeipa/pull/468
Author: simo5
Title: #468: Remove non-sensical kdestroy on https stop
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/468/head:pr468
git checkout pr468
From
URL: https://github.com/freeipa/freeipa/pull/468
Author: simo5
Title: #468: Remove non-sensical kdestroy on https stop
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/468/head:pr468
git checkout pr468
From
URL: https://github.com/freeipa/freeipa/pull/469
Title: #469: Ignore unlink error in ipa-otpd.socket
simo5 commented:
"""
@tiran I do not know, @npmccallum may know.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/469#issuecomment-28065689
1 - 100 of 207 matches
Mail list logo