On Wed, Mar 15, 2017 at 09:13:35AM +0100, Martin Basti wrote:
>
>
> On 15.03.2017 00:49, Fraser Tweedale wrote:
> > On Tue, Mar 14, 2017 at 01:51:19PM +0100, Martin Basti wrote:
> >> Hello,
> >>
> >> DRAFT for FreeIPA 4.5.0 release notes is ready
>
On Tue, Mar 14, 2017 at 01:51:19PM +0100, Martin Basti wrote:
> Hello,
>
> DRAFT for FreeIPA 4.5.0 release notes is ready
> http://www.freeipa.org/page/Releases/4.5.0
>
> Please update/let me know what is missing, what is extra.
>
>
> Martin^2
>
I think we should add
On Wed, Feb 22, 2017 at 10:17:32AM +0100, Martin Kosek wrote:
> On 02/20/2017 06:03 AM, Fraser Tweedale wrote:
> > On Fri, Feb 10, 2017 at 11:48:39AM +0100, Martin Kosek wrote:
> >> On 02/10/2017 10:37 AM, Fraser Tweedale wrote:
> >>> On Fri, Feb 10, 2017 at 09:23:
On Wed, Feb 22, 2017 at 10:00:04AM -0500, Simo Sorce wrote:
> On Wed, 2017-02-22 at 10:59 +, Oucema Bellagha wrote:
> > I want to figure out a solution which allow user"a" to authenticate to
> > a host only when user"b" is accessing the host for security reasons.
> >
> >
> > Easy
On Wed, Feb 22, 2017 at 01:41:22PM +0100, Tomas Krizek wrote:
> On 02/22/2017 12:28 AM, Fraser Tweedale wrote:
> > On Tue, Feb 21, 2017 at 05:23:07PM +0100, Standa Laznicka wrote:
> >> On 02/21/2017 04:24 PM, Tomas Krizek wrote:
> >>> On 02/21/2017 03:23 PM, Rob C
On Tue, Feb 21, 2017 at 06:12:23PM +0100, Petr Vobornik wrote:
> On 02/21/2017 05:15 PM, Florence Blanc-Renaud wrote:
> > Hi,
> >
> > related to the Certificate Identity Mapping feature, a new CLI will be
> > needed to find all the users matching a given certificate.
> >
> > I propose to provide
On Tue, Feb 21, 2017 at 05:23:07PM +0100, Standa Laznicka wrote:
> On 02/21/2017 04:24 PM, Tomas Krizek wrote:
> > On 02/21/2017 03:23 PM, Rob Crittenden wrote:
> > > Standa Laznicka wrote:
> > > > Hello,
> > > >
> > > > Since we're trying to make FreeIPA work in FIPS we got to the point
> > > >
On Fri, Feb 10, 2017 at 11:48:39AM +0100, Martin Kosek wrote:
> On 02/10/2017 10:37 AM, Fraser Tweedale wrote:
> > On Fri, Feb 10, 2017 at 09:23:10AM +0100, Martin Kosek wrote:
> >> On 02/09/2017 10:44 PM, Fraser Tweedale wrote:
> >>> On Thu, Feb 09, 2017 at 08:37:
On Fri, Feb 10, 2017 at 09:23:10AM +0100, Martin Kosek wrote:
> On 02/09/2017 10:44 PM, Fraser Tweedale wrote:
> > On Thu, Feb 09, 2017 at 08:37:23AM +0100, Martin Kosek wrote:
> >> On 02/09/2017 02:12 AM, Fraser Tweedale wrote:
> >>> On Wed, Feb 08, 2017 at 10:19
On Thu, Feb 09, 2017 at 08:37:23AM +0100, Martin Kosek wrote:
> On 02/09/2017 02:12 AM, Fraser Tweedale wrote:
> > On Wed, Feb 08, 2017 at 10:19:54AM +0200, Alexander Bokovoy wrote:
> >> On ke, 08 helmi 2017, Martin Kosek wrote:
> >>> Hi Fraser and th
On Wed, Feb 08, 2017 at 10:19:54AM +0200, Alexander Bokovoy wrote:
> On ke, 08 helmi 2017, Martin Kosek wrote:
> > Hi Fraser and the list,
> >
> > I recently was in a conversation about integrating OpenShift with FreeIPA.
> > One
> > of the gaps was around generating a wildcard certificate by
On Wed, Feb 08, 2017 at 08:02:18AM +0100, Jan Cholasta wrote:
> On 8.2.2017 07:29, Fraser Tweedale wrote:
> > On Mon, Feb 06, 2017 at 10:24:31AM +0100, Jan Cholasta wrote:
> > > On 17.1.2017 08:57, David Kupka wrote:
> > > > On 13/01/17 08:07, Fraser Tweedale wrot
On Mon, Feb 06, 2017 at 10:24:31AM +0100, Jan Cholasta wrote:
> On 17.1.2017 08:57, David Kupka wrote:
> > On 13/01/17 08:07, Fraser Tweedale wrote:
> > > Related to design:
> > > http://www.freeipa.org/page/V4/Dogtag_GSS-API_Authentication
> > >
> > >
On Mon, Feb 06, 2017 at 10:37:34AM +0200, Alexander Bokovoy wrote:
> On ma, 06 helmi 2017, Jan Cholasta wrote:
> > On 11.1.2017 02:09, Fraser Tweedale wrote:
> > > On Tue, Jan 10, 2017 at 10:48:08AM +0100, Martin Babinsky wrote:
> > > > Hi Fraser,
> > > >
Related to design:
http://www.freeipa.org/page/V4/Dogtag_GSS-API_Authentication
Currently there are some operations that hit the CA that involve a
number of privileged operations against the CA, but for which there
is only one associated IPA permission. Deleting a CA is a good
example (but it is
In ca_add.pre_callback, we have:
if not ldap.can_add(dn[1:]):
raise ACIError(...)
`can_add' uses the GetEffectiveRights control to see what rights the
user has.
When a user with the 'System: Add CA' permission attempts to add a
CA, the above ACIError gets raised. This is definitely a
On Tue, Jan 10, 2017 at 10:48:08AM +0100, Martin Babinsky wrote:
> Hi Fraser,
>
> I have some rather inane comments. I guess Jan cholasta will do a more
> thorough review of your design. See below:
>
> On 01/06/2017 09:08 AM, Fraser Tweedale wrote:
> > Hi comrades,
&g
Hi comrades,
I have written up the high-level details of the FreeIPA->Dogtag
GSS-API authentication design. The goal is improve security by
removing an egregious privilege separation violation: the RA Agent
cert.
There is a fair bit of work still to do on the Dogtag side but
things are shaping
On Thu, Jan 05, 2017 at 09:38:03AM +0100, Tomas Krizek wrote:
> On 01/05/2017 09:25 AM, Fraser Tweedale wrote:
> > On Thu, Jan 05, 2017 at 08:53:14AM +0100, Martin Babinsky wrote:
> >> On 01/05/2017 08:06 AM, Fraser Tweedale wrote:
> >>> Hi all,
> >>>
&
On Thu, Jan 05, 2017 at 08:53:14AM +0100, Martin Babinsky wrote:
> On 01/05/2017 08:06 AM, Fraser Tweedale wrote:
> > Hi all,
> >
> > Although it has been discussed before and met with some skepticism,
> > here is a POC that exporting test runner output to, e.g
Hi all,
Although it has been discussed before and met with some skepticism,
here is a POC that exporting test runner output to, e.g. a pastebin,
does work:
- experimental commit: https://github.com/freeipa/freeipa/pull/370
- example paste: https://paste.fedoraproject.org/520085/
(it is gzipped
On Tue, Dec 13, 2016 at 01:11:37PM +0100, Martin Babinsky wrote:
> On 12/13/2016 01:07 PM, Fraser Tweedale wrote:
> > On Tue, Dec 13, 2016 at 09:41:40AM +0100, Martin Babinsky wrote:
> > > Hi list,
> > >
> > > https://github.com/freeipa/freeipa/pull/177 was r
On Tue, Dec 13, 2016 at 09:41:40AM +0100, Martin Babinsky wrote:
> Hi list,
>
> https://github.com/freeipa/freeipa/pull/177 was recently merged despite
> causing nearly half of the tests in our Travis CI gating to fail. This broke
> Travis CI for all other PR that were rebased after this merge,
Hi all,
The CI failures caused by one of my recent commits have me baffled.
It is exactly this commit[1] at which the problems begin. I cannot
see anything in the commit to point a finger at. In-tree tests run
fine.
[1]
On Mon, Dec 12, 2016 at 02:04:37PM +0100, Jan Cholasta wrote:
> On 12.12.2016 13:49, Fraser Tweedale wrote:
> > (This is a tangential discussion, but...)
> >
> > On Mon, Dec 12, 2016 at 09:52:02AM +0100, Jan Cholasta wrote:
> > > IMO profile ID should default to
Hi,
I can no longer create or edit pages on the FreeIPA wiki. Could
someone who administers the wiki help out? (Please follow up
off-list.)
Thanks,
Fraser
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to
On Tue, Nov 08, 2016 at 10:29:29AM +0800, 郑磊 wrote:
> Hello everyone,
>
> I have successfully set up the FreeIPA environment on Ubuntu when selinux is
> disable. But when selinux is enable, there is a configuring ipa-otpd error
> occurred.
>
> The ipaserver-install.log shows following
Patches have been reborn as
https://github.com/freeipa/freeipa/pull/177.
Brief commentary inline. If any further issues, let us continue
discussion at GitHub.
Thanks,
Fraser
On Thu, Oct 06, 2016 at 10:02:55AM +0200, Jan Cholasta wrote:
> On 23.9.2016 05:29, Fraser Tweedale wrote:
>
On Fri, Oct 07, 2016 at 09:35:00AM +0300, Alexander Bokovoy wrote:
> On pe, 07 loka 2016, Fraser Tweedale wrote:
> > On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> >
> > > Question, do we need search-and-replace at all (or at this
> > > stage)? Mo
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> Question, do we need search-and-replace at all (or at this
> stage)? Most of the interesting values from the SAN should be
> directly map-able to LDAP attributes. And processing the string
> representation of might be tricky as
Bump for review.
On Wed, Sep 07, 2016 at 04:06:25PM +0700, Fraser Tweedale wrote:
> Attached patch fixes https://fedorahosted.org/freeipa/ticket/6305
>
> Thanks,
> Fraser
> From d4d7e77795f96a4970058e61d99c70522689b22d Mon Sep 17 00:00:00 2001
> From: Fraser Tweedale &l
Bump for review.
Rebased patches attached (there was a trivial conflict in imports).
Thanks,
Fraser
On Tue, Sep 06, 2016 at 02:05:06AM +1000, Fraser Tweedale wrote:
> On Fri, Aug 26, 2016 at 10:28:58AM +0200, Jan Cholasta wrote:
> > On 19.8.2016 13:11, Fraser Tweedale wrote:
&
On Thu, Sep 08, 2016 at 01:15:03PM +0200, Martin Babinsky wrote:
> On 09/08/2016 04:00 AM, Fraser Tweedale wrote:
> > The attached patch fixes regression in cert-request:
> > https://fedorahosted.org/freeipa/ticket/6309
> >
> > Thanks,
> > Fraser
> &
The attached patch fixes regression in cert-request:
https://fedorahosted.org/freeipa/ticket/6309
Thanks,
Fraser
From b27eef53ee36b7cae70206c37dea6aaa3bcfc940 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Thu, 8 Sep 2016 11:56:16 +1000
Subject: [PATCH] cert-r
Attached patch fixes https://fedorahosted.org/freeipa/ticket/6305
Thanks,
Fraser
From d4d7e77795f96a4970058e61d99c70522689b22d Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Wed, 7 Sep 2016 19:00:18 +1000
Subject: [PATCH] Fix cert revocation when removing all cer
On Wed, Sep 07, 2016 at 10:39:59AM +0200, Jan Cholasta wrote:
> On 7.9.2016 10:28, Fraser Tweedale wrote:
> > On Wed, Sep 07, 2016 at 08:32:42AM +0200, Jan Cholasta wrote:
> > > On 6.9.2016 19:36, Fraser Tweedale wrote:
> > > > On Tue, Sep 06, 2016 at 10:19:
On Wed, Sep 07, 2016 at 08:32:42AM +0200, Jan Cholasta wrote:
> On 6.9.2016 19:36, Fraser Tweedale wrote:
> > On Tue, Sep 06, 2016 at 10:19:14AM +0200, Jan Cholasta wrote:
> > > On 5.9.2016 17:30, Fraser Tweedale wrote:
> > > > On Mon, Sep 05, 2016 at 11:59:11P
On Tue, Sep 06, 2016 at 10:19:14AM +0200, Jan Cholasta wrote:
> On 5.9.2016 17:30, Fraser Tweedale wrote:
> > On Mon, Sep 05, 2016 at 11:59:11PM +1000, Fraser Tweedale wrote:
> > > On Tue, Aug 30, 2016 at 10:39:16AM +0200, Jan Cholasta wrote:
> > > > Hi,
> > >
On Tue, Aug 30, 2016 at 10:54:32AM +0200, Martin Babinsky wrote:
> On 08/26/2016 04:19 AM, Fraser Tweedale wrote:
> > The attached patches add better handling of cert-request failure due
> > to target CA being disabled (#6260). To do this, rather than go and
> > do extra w
On Tue, Aug 30, 2016 at 10:23:10AM +0200, Martin Babinsky wrote:
> On 08/30/2016 10:09 AM, Jan Cholasta wrote:
> > Hi,
> >
> > On 30.8.2016 09:56, Martin Babinsky wrote:
> > > On 08/25/2016 10:25 AM, Fraser Tweedale wrote:
> > > > Hi team,
> > >
On Tue, Aug 30, 2016 at 08:48:58AM +0200, Jan Cholasta wrote:
> On 29.8.2016 07:57, Fraser Tweedale wrote:
> > On Fri, Aug 26, 2016 at 10:41:37AM +0200, Jan Cholasta wrote:
> > > Hi,
> > >
> > > On 22.7.2016 07:18, Fraser Tweedale wrote:
> > > >
On Fri, Aug 26, 2016 at 10:28:58AM +0200, Jan Cholasta wrote:
> On 19.8.2016 13:11, Fraser Tweedale wrote:
> > Bump for review.
> >
> > On Wed, Aug 17, 2016 at 12:09:39AM +1000, Fraser Tweedale wrote:
> > > On Tue, Aug 16, 2016 at 08:10:08AM +0200, Jan Cholasta wro
On Mon, Sep 05, 2016 at 11:59:11PM +1000, Fraser Tweedale wrote:
> On Tue, Aug 30, 2016 at 10:39:16AM +0200, Jan Cholasta wrote:
> > Hi,
> >
> > On 26.8.2016 07:42, Fraser Tweedale wrote:
> > > On Fri, Aug 26, 2016 at 03:37:17PM +1000, Fraser
On Tue, Aug 30, 2016 at 10:39:16AM +0200, Jan Cholasta wrote:
> Hi,
>
> On 26.8.2016 07:42, Fraser Tweedale wrote:
> > On Fri, Aug 26, 2016 at 03:37:17PM +1000, Fraser Tweedale wrote:
> > > Hi all,
> > >
> > > Attached patch fixes https://fedorahosted
On Thu, Sep 01, 2016 at 07:37:53PM +0200, Tomas Krizek wrote:
> On 09/01/2016 03:58 PM, Florence Blanc-Renaud wrote:
> > Hi,
> >
> > please find attached a patch for ipa-certupdate in CA-less deployment.
> > https://fedorahosted.org/freeipa/ticket/6288
> >
> > Flo.
> >
> >
> >
> The patch is
On Fri, Aug 26, 2016 at 10:41:37AM +0200, Jan Cholasta wrote:
> Hi,
>
> On 22.7.2016 07:18, Fraser Tweedale wrote:
> > While I was poking around SAN-processing code, I decided to
> > implement a small enhancement: allowing the subject principal's DN
> > to ap
On Fri, Aug 26, 2016 at 03:37:17PM +1000, Fraser Tweedale wrote:
> Hi all,
>
> Attached patch fixes https://fedorahosted.org/freeipa/ticket/6221.
> It depends on Honza's PR #20
> https://github.com/freeipa/freeipa/pull/20.
>
> Thanks,
> Fraser
>
It does help
Hi all,
Attached patch fixes https://fedorahosted.org/freeipa/ticket/6221.
It depends on Honza's PR #20
https://github.com/freeipa/freeipa/pull/20.
Thanks,
Fraser
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to
for testing :)
Thanks,
Fraser
From 97501fad9bfe64af076a8c1a65bd732ac265b940 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Fri, 26 Aug 2016 08:59:10 +1000
Subject: [PATCH 102/105] Allow Dogtag RestClient to perform requests without
logging in
Currently the
Thanks for review; rebased and updated patch attached. Only 0090
has substantive changes.
Cheers,
Fraser
On Mon, Aug 22, 2016 at 09:22:08AM +0200, Jan Cholasta wrote:
> On 19.8.2016 13:11, Fraser Tweedale wrote:
> > Bump for review.
> >
> > On Mon, Aug 15, 2016 at 05:
Hi folks,
Please review attached patch which fixes
https://fedorahosted.org/freeipa/ticket/6019.
Thanks,
Fraser
From 558ec02053154b472b0505e6c2279095f296cb9c Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Tue, 23 Aug 2016 16:14:30 +1000
Subject: [PATCH]
On Mon, Aug 22, 2016 at 10:00:57AM +0200, Jan Cholasta wrote:
> Hi,
>
> On 22.8.2016 09:37, Fraser Tweedale wrote:
> > #6019 requires adding tracking requests for existing lightweight CAs
> > as part of replica installation. ipa-certupdate has logic to do
> > this.
#6019 requires adding tracking requests for existing lightweight CAs
as part of replica installation. ipa-certupdate has logic to do
this.
Before I go ahead and implement, there are a few approaches I want
to mention and seek feedback from team members before I commit to
one.
1. invoke
On Fri, Aug 19, 2016 at 08:09:33PM +1000, Fraser Tweedale wrote:
> On Mon, Aug 15, 2016 at 10:54:25PM +1000, Fraser Tweedale wrote:
> > On Mon, Aug 15, 2016 at 02:08:54PM +0200, Jan Cholasta wrote:
> > > On 19.7.2016 12:05, Jan Cholasta wrote:
> > > > On 19.7.201
Bump for review.
On Wed, Aug 17, 2016 at 12:09:39AM +1000, Fraser Tweedale wrote:
> On Tue, Aug 16, 2016 at 08:10:08AM +0200, Jan Cholasta wrote:
> > On 16.8.2016 07:24, Fraser Tweedale wrote:
> > > On Mon, Aug 15, 2016 at 08:19:33AM +0200, Jan Cholasta wrote:
> > >
This patch fixes CVE-2016-5404. Versions for master, ipa-4-3 and
ipa-4-2 branches are attached.
Thanks,
Fraser
From 61590c223aa51668b3f661fc91bc35f2dfae8ae6 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Thu, 30 Jun 2016 10:21:01 +1000
Subject: [PATCH] cert-
On Mon, Aug 15, 2016 at 10:54:25PM +1000, Fraser Tweedale wrote:
> On Mon, Aug 15, 2016 at 02:08:54PM +0200, Jan Cholasta wrote:
> > On 19.7.2016 12:05, Jan Cholasta wrote:
> > > On 19.7.2016 11:54, Fraser Tweedale wrote:
> > > > On Tue, Jul 19, 2016 at 09:36:
On Tue, Aug 16, 2016 at 08:10:08AM +0200, Jan Cholasta wrote:
> On 16.8.2016 07:24, Fraser Tweedale wrote:
> > On Mon, Aug 15, 2016 at 08:19:33AM +0200, Jan Cholasta wrote:
> > > On 9.8.2016 16:47, Fraser Tweedale wrote:
> > > > On Mon, Aug 08, 2016 at 10:49:
On Tue, Aug 16, 2016 at 08:10:08AM +0200, Jan Cholasta wrote:
> On 16.8.2016 07:24, Fraser Tweedale wrote:
> > On Mon, Aug 15, 2016 at 08:19:33AM +0200, Jan Cholasta wrote:
> > > On 9.8.2016 16:47, Fraser Tweedale wrote:
> > > > On Mon, Aug 08, 2016 at 10:49:
On Mon, Aug 15, 2016 at 08:19:33AM +0200, Jan Cholasta wrote:
> On 9.8.2016 16:47, Fraser Tweedale wrote:
> > On Mon, Aug 08, 2016 at 10:49:27AM +0200, Jan Cholasta wrote:
> > > On 8.8.2016 09:06, Fraser Tweedale wrote:
> > > > On Mon, Aug 08, 2016 at 08:54:
On Mon, Aug 15, 2016 at 03:58:40PM +0200, Petr Spacek wrote:
> On 15.8.2016 15:54, Fraser Tweedale wrote:
> > On Mon, Aug 15, 2016 at 03:31:20PM +0200, Petr Spacek wrote:
> >> On 15.8.2016 15:16, Fraser Tweedale wrote:
> >>> On Mon, Aug 15, 2016 at 02:52
On Mon, Aug 15, 2016 at 03:31:20PM +0200, Petr Spacek wrote:
> On 15.8.2016 15:16, Fraser Tweedale wrote:
> > On Mon, Aug 15, 2016 at 02:52:46PM +0200, Petr Spacek wrote:
> >> On 2.8.2016 05:57, Fraser Tweedale wrote:
> >>>>> Hah! This is what I get for thinkin
On Mon, Aug 15, 2016 at 02:52:46PM +0200, Petr Spacek wrote:
> On 2.8.2016 05:57, Fraser Tweedale wrote:
> >> > Hah! This is what I get for thinking I know what the output has to look
> >> > like, and not testing all the way through to requesting the cert. I'l
On Mon, Aug 15, 2016 at 07:48:22AM +0200, Jan Cholasta wrote:
> On 12.8.2016 18:57, Petr Spacek wrote:
> > On 12.8.2016 11:33, Jan Cholasta wrote:
> > > On 4.8.2016 18:18, Petr Vobornik wrote:
> > > > On 07/22/2016 07:13 AM, Fraser Tweedale wrote:
> > > >
On Mon, Aug 15, 2016 at 02:08:54PM +0200, Jan Cholasta wrote:
> On 19.7.2016 12:05, Jan Cholasta wrote:
> > On 19.7.2016 11:54, Fraser Tweedale wrote:
> > > On Tue, Jul 19, 2016 at 09:36:17AM +0200, Jan Cholasta wrote:
> > > > Hi,
> > > >
> &g
e
> param (unicode or ipapython.kerberos.Principal or
> ipapython.dnsutil.DNSName).
>
I now pass the value to the constructor of whatever type the
parameter uses:
attr_value = self.params[attr_name].type(name_formatted)
obj.setdefault(attr_name, []).append(attr_value)
Fr
On Mon, Aug 08, 2016 at 10:49:27AM +0200, Jan Cholasta wrote:
> On 8.8.2016 09:06, Fraser Tweedale wrote:
> > On Mon, Aug 08, 2016 at 08:54:05AM +0200, Jan Cholasta wrote:
> > > Hi,
> > >
> > > On 8.8.2016 06:34, Fraser Tweedale wrote:
> > >
On Mon, Aug 08, 2016 at 08:54:05AM +0200, Jan Cholasta wrote:
> Hi,
>
> On 8.8.2016 06:34, Fraser Tweedale wrote:
> > Please review the attached patch with adds --certificate-out and
> > --certificate-chain-out options to `ca-show' command.
> >
> > Note that
Thanks,
Fraser
From 6d3a153a954ab09022af6073ae9ea68668716618 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Mon, 8 Aug 2016 14:27:20 +1000
Subject: [PATCH] Add options to write lightweight CA cert or chain to file
Administrators need a way to retrieve the certi
On Wed, Aug 03, 2016 at 02:17:30PM +0200, Martin Basti wrote:
> Hello all,
>
>
> update resteasy-*-3.0.17 from updates-testing prevents IPA (PKI CA) to be
> installed on f24,
>
> ipa.ipaserver.install.cainstance.CAInstance: CRITICAL Failed to configure CA
> instance: Command '/usr/sbin/pkispawn
On Fri, Jul 29, 2016 at 11:13:16AM -0400, Ben Lipton wrote:
>
> On 07/29/2016 09:39 AM, Petr Spacek wrote:
> > On 27.7.2016 19:06, Ben Lipton wrote:
> > > Hi all,
> > >
> > > I think the automatic CSR generation feature
> > > (https://fedorahosted.org/freeipa/ticket/4899,
> > >
On Thu, Jul 28, 2016 at 09:56:30AM +0200, Martin Babinsky wrote:
> On 07/28/2016 03:31 AM, Fraser Tweedale wrote:
> > The attached patch fixes a kerberos.Principal-related regression.
> >
> > Thanks,
> > Fraser
> >
> Hi Fraser,
>
> The ticket you linke
The attached patch fixes a kerberos.Principal-related regression.
Thanks,
Fraser
From c3d4bee34f4a1aa6afafee07851e8b5557860331 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Thu, 28 Jul 2016 10:55:45 +1000
Subject: [PATCH] caacl: fix regression in rule instant
6a2ab7165c0ae600402c1c2794f2b10c9e38da05 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Fri, 22 Jul 2016 13:07:09 +1000
Subject: [PATCH] cert-request: allow directoryName in SAN extension
Allow directoryName in SAN extension if the value matches the
subject principal's DN in the IPA dir
On Tue, Jul 19, 2016 at 08:50:34AM +0200, Jan Cholasta wrote:
> Hi,
>
> On 14.7.2016 13:44, Fraser Tweedale wrote:
> > Hi all,
> >
> > The attached patch includes SANs in cert-show output. If you have
> > certs with esoteric altnames (especially any that ar
On Tue, Jul 19, 2016 at 02:21:05PM +0200, Martin Basti wrote:
>
>
> On 01.07.2016 13:26, Petr Spacek wrote:
> > On 20.1.2016 05:04, Fraser Tweedale wrote:
> > > On Tue, Dec 08, 2015 at 07:06:39PM +1000, Fraser Tweedale wrote:
> > > > On Mon, Dec 07, 2015 at 05
On Tue, Jul 19, 2016 at 09:36:17AM +0200, Jan Cholasta wrote:
> Hi,
>
> On 15.7.2016 07:05, Fraser Tweedale wrote:
> > On Fri, Jul 15, 2016 at 03:04:48PM +1000, Fraser Tweedale wrote:
> > > The attached patch is a work in progress for
> > > https://fedorahosted.o
On Tue, Jul 19, 2016 at 08:50:34AM +0200, Jan Cholasta wrote:
> Hi,
>
> On 14.7.2016 13:44, Fraser Tweedale wrote:
> > Hi all,
> >
> > The attached patch includes SANs in cert-show output. If you have
> > certs with esoteric altnames (especially any that ar
On Tue, Jul 19, 2016 at 08:26:22AM +0200, Jan Cholasta wrote:
> Hi,
>
> On 4.7.2016 09:06, Fraser Tweedale wrote:
> > On Tue, Jun 28, 2016 at 01:47:23PM -, freeipa wrote:
> > > #6002: Default CA can be used without an ACL
> > >
> > > Comment (by
On Mon, Jul 18, 2016 at 09:55:21AM +0200, Martin Basti wrote:
>
>
> On 13.07.2016 18:34, Petr Vobornik wrote:
> > On 07/12/2016 08:45 AM, Alexander Bokovoy wrote:
> > > On Tue, 12 Jul 2016, Fraser Tweedale wrote:
> > > > Attached patch is a doc change, address
On Fri, Jul 15, 2016 at 03:04:48PM +1000, Fraser Tweedale wrote:
> The attached patch is a work in progress for
> https://fedorahosted.org/freeipa/ticket/2614 (BZ 828866).
>
> I am sharing now to make the approach clear and solicit feedback.
>
> It has been tested for serve
The attached patch is a work in progress for
https://fedorahosted.org/freeipa/ticket/2614 (BZ 828866).
I am sharing now to make the approach clear and solicit feedback.
It has been tested for server install, replica install (with and
without CA) and CA-replica install (all hosts running
f56d698009f32a1b8760048848117148164fad33 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Thu, 14 Jul 2016 21:36:33 +1000
Subject: [PATCH] cert-show: show subject alternative names
Update the cert-show command to return subject alternative name
values.
Also move GeneralName parsing code from ipalib.
Attached patch is a doc change, addressing
https://fedorahosted.org/freeipa/ticket/6002.
Thanks,
Fraser
From 19c5fc60391d37c9d0500feb5d5d5a6628bc4d27 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Tue, 12 Jul 2016 15:11:11 +1000
Subject: [PATCH] caacl: expand
On Fri, Jul 08, 2016 at 01:54:33PM +0200, Sebastian Hetze wrote:
> On 07/08/2016 12:57 PM, Sebastian Hetze wrote:
> >
> >
> > With your proposal, a subject would look like this:
> > Subject: CN=Custom CA Name,E=caad...@example.com,OU=Example IT,O=Example
> > Corp,L=City,ST=State,C=US
> >
I was not
On Fri, Jul 08, 2016 at 01:18:23PM +0200, Petr Spacek wrote:
> On 8.7.2016 05:42, Fraser Tweedale wrote:
> >
> > 2. If argument contains CN but it is not the "most specific"
> > RDN, move it to the front (to satisfy requirement of Dogtag
> >
my testing VMs?
>
> Thanks.
> Petr^2 Spacek
>
Hi Petr,
The required features were released for Fedora as 10.3.3-3.
Attached patch retracts the min required version accordingly.
Thanks,
Fraser
From f6fd4c9c7838e841e1a3728d7e9afbe5f081927d Mon Sep 17 00:00:00 2001
From: Fraser Tweedale
On Thu, Jul 07, 2016 at 03:46:52PM +0200, Milan Kubík wrote:
> On 07/04/2016 08:57 AM, Fraser Tweedale wrote:
> > Hi Milan,
> >
> > Yes, we can :) Two issues, outlined below.
> >
> >
> > 1)
> > Running the tests, I get error in
> &
On Thu, Jul 07, 2016 at 04:10:51PM +0200, Sebastian Hetze wrote:
>
>
> On 07/07/2016 03:16 PM, Rob Crittenden wrote:
> > Sebastian Hetze wrote:
> >> Hi *
> >>
> >> attached you find a patch that adds new options --subject_cn and
> >> --subject_mail to ipa-server-install that make the CA cert
On Tue, Jun 28, 2016 at 01:47:23PM -, freeipa wrote:
> #6002: Default CA can be used without an ACL
>
> Comment (by ftweedal):
>
> This is expected behaviour; if a CA ACL does not reference any CAs,
> and does not have cacat=all, then it is assumed to refer to the
> default CA. This is
On Fri, Jul 01, 2016 at 03:57:29PM +0200, Milan Kubík wrote:
> On 06/27/2016 01:31 PM, Milan Kubík wrote:
> > On 06/27/2016 02:57 AM, Fraser Tweedale wrote:
> > > On Fri, Jun 24, 2016 at 12:08:24PM +0200, Milan Kubík wrote:
> > > > On 06/24/2016 03:42 AM, Fraser Tw
The attached patch fixes
https://fedorahosted.org/freeipa/ticket/6020
Thanks,
Fraser
From 15cca8e108c6d47a647cbc1dc647dcecbf334b9d Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Mon, 4 Jul 2016 13:05:28 +1000
Subject: [PATCH] uninstall: untrack lightweight CA
On Fri, Jul 01, 2016 at 10:05:48AM +0200, Jan Cholasta wrote:
> On 1.7.2016 08:57, Jan Cholasta wrote:
> > On 1.7.2016 06:54, Jan Cholasta wrote:
> > > On 1.7.2016 06:47, Fraser Tweedale wrote:
> > > > On Fri, Jul 01, 2016 at 05:55:35AM +0200, Jan Cholasta wrote:
>
On Fri, Jul 01, 2016 at 08:36:29AM +0200, Stanislav Laznicka wrote:
> On 06/17/2016 08:59 AM, Fraser Tweedale wrote:
> > The attached patches fix
> > https://fedorahosted.org/freeipa/ticket/5963
> >
> > Thanks Milan for reporting.
> >
> > Cheers,
&g
On Fri, Jul 01, 2016 at 05:55:35AM +0200, Jan Cholasta wrote:
> On 29.6.2016 12:18, Jan Cholasta wrote:
> > On 29.6.2016 10:47, Fraser Tweedale wrote:
> > > On Wed, Jun 29, 2016 at 10:04:05AM +0200, Jan Cholasta wrote:
> > > > Hi,
> > > >
> &g
On Thu, Jun 30, 2016 at 07:49:04PM +1000, Fraser Tweedale wrote:
> On Thu, Jun 30, 2016 at 11:38:35AM +0200, Florence Blanc-Renaud wrote:
> > On 06/30/2016 06:29 AM, Fraser Tweedale wrote:
> > > On Wed, Jun 29, 2016 at 11:30:14AM +0200, Florence Blanc-Renaud wrote:
> > &g
Hullo,
The attached patch fixes
https://fedorahosted.org/freeipa/ticket/6011.
Cheers,
Fraser
From c92ed38c0ef41814dec6ddf4a003948af5bc0beb Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Thu, 30 Jun 2016 21:01:07 +1000
Subject: [PATCH] Fix upgrade when Dogta
On Thu, Jun 30, 2016 at 11:38:35AM +0200, Florence Blanc-Renaud wrote:
> On 06/30/2016 06:29 AM, Fraser Tweedale wrote:
> > On Wed, Jun 29, 2016 at 11:30:14AM +0200, Florence Blanc-Renaud wrote:
> > > On 06/29/2016 07:25 AM, Fraser Tweedale wrote:
> > > > The atta
The attached patch fixes a regression on the ipa-4-3 branch, caused
by commit 3d71c43504ea7837ea14bb9dd4a469c07337293f.
Thanks,
Fraser
From 4d4c62a2c26affb82a7f2e40f36ad0de66beabf9 Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftwee...@redhat.com>
Date: Thu, 30 Jun 2016 14:30:30 +1000
S
On Wed, Jun 29, 2016 at 10:04:05AM +0200, Jan Cholasta wrote:
> Hi,
>
> On 29.6.2016 06:11, Fraser Tweedale wrote:
> > Dear team,
> >
> > The attached patch implements the --ca option for the rest of the
> > cert-blah commands (https://fedorahosted.org/freeipa/ti
1 - 100 of 356 matches
Mail list logo