Re: [Freeipa-devel] Moving our wiki back to password login

2017-05-11 Thread Martin Kosek
On 05/09/2017 04:29 PM, Martin Kosek wrote: > Hello all, > > As some of you noticed, FreeIPA wiki authentication via OpenID was > broken in the last days. I suspect (but did get reply from Patrick who > running the Fedora infra yet) that it was caused by Fedora moving t

[Freeipa-devel] Moving our wiki back to password login

2017-05-09 Thread Martin Kosek
reset it before logging in and you should get an email (the mail part did not work for martbab this afternoon, though). In the worst case, I can reset the password for you, just shoot me an email. Thanks! -- Martin Kosek <mko...@redhat.com> Manager, Software Engineering - Identity Managemen

Re: [Freeipa-devel] KDC proxy URI records

2017-04-28 Thread Martin Kosek
On 04/27/2017 04:16 PM, Simo Sorce wrote: > On Thu, 2017-04-27 at 15:56 +0200, Petr Vobornik wrote: >> On 04/27/2017 02:19 PM, Christian Heimes wrote: >>> On 2017-04-27 14:00, Martin Bašti wrote: I would like to discuss consequences of adding kdc URI records: 1. basically all ipa

[Freeipa-devel] Release: script for updating contributors

2017-02-23 Thread Martin Kosek
/page/Release#Update_Contributors.txt HTH! -- Martin Kosek <mko...@redhat.com> Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA

Re: [Freeipa-devel] FreeIPA and wildcard certificates

2017-02-22 Thread Martin Kosek
On 02/20/2017 06:03 AM, Fraser Tweedale wrote: > On Fri, Feb 10, 2017 at 11:48:39AM +0100, Martin Kosek wrote: >> On 02/10/2017 10:37 AM, Fraser Tweedale wrote: >>> On Fri, Feb 10, 2017 at 09:23:10AM +0100, Martin Kosek wrote: >>>> On 02/09/2017 10:44 PM, Fraser Twe

Re: [Freeipa-devel] FreeIPA and wildcard certificates

2017-02-10 Thread Martin Kosek
On 02/10/2017 10:37 AM, Fraser Tweedale wrote: > On Fri, Feb 10, 2017 at 09:23:10AM +0100, Martin Kosek wrote: >> On 02/09/2017 10:44 PM, Fraser Tweedale wrote: >>> On Thu, Feb 09, 2017 at 08:37:23AM +0100, Martin Kosek wrote: >>>> On 02/09/2017 02:12 AM, Fraser Twe

Re: [Freeipa-devel] FreeIPA and wildcard certificates

2017-02-10 Thread Martin Kosek
On 02/09/2017 10:44 PM, Fraser Tweedale wrote: > On Thu, Feb 09, 2017 at 08:37:23AM +0100, Martin Kosek wrote: >> On 02/09/2017 02:12 AM, Fraser Tweedale wrote: >>> On Wed, Feb 08, 2017 at 10:19:54AM +0200, Alexander Bokovoy wrote: >>>> On ke, 08 helmi 2017, Marti

Re: [Freeipa-devel] FreeIPA and wildcard certificates

2017-02-08 Thread Martin Kosek
On 02/09/2017 02:12 AM, Fraser Tweedale wrote: > On Wed, Feb 08, 2017 at 10:19:54AM +0200, Alexander Bokovoy wrote: >> On ke, 08 helmi 2017, Martin Kosek wrote: >>> Hi Fraser and the list, >>> >>> I recently was in a conversation about integrating OpenShift wi

[Freeipa-devel] FreeIPA and wildcard certificates

2017-02-07 Thread Martin Kosek
/install_config/router/default_haproxy_router.html#using-wildcard-certificates [2] https://fedorahosted.org/freeipa/ticket/3475 -- Martin Kosek <mko...@redhat.com> Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] FedoraHosted.org sunset

2016-09-30 Thread Martin Kosek
On 09/23/2016 09:54 AM, Jakub Hrozek wrote: > On Thu, Sep 22, 2016 at 06:09:43PM +0200, Petr Vobornik wrote: >> Hi all, >> >> As you know, FedoraHosted.org will be decommissioned. >> https://communityblog.fedoraproject.org/fedorahosted-sunset-2017-02-28/ >> >> We use Trac instance there. Let's

Re: [Freeipa-devel] FreeIPA wiki - fighting the spammers

2016-08-19 Thread Martin Kosek
On 08/19/2016 08:43 AM, Petr Spacek wrote: > On 18.8.2016 16:25, Martin Kosek wrote: >> Hello everyone, >> >> As some of you noticed, we had lately an increasing number of spam attacks >> against FreeIPA.org wiki. Even though we did not accept user registration >&g

[Freeipa-devel] FreeIPA wiki - fighting the spammers

2016-08-18 Thread Martin Kosek
the easiest way to fight spam on our precious wiki, please let me know. -- Martin Kosek <mko...@redhat.com> Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freei

Re: [Freeipa-devel] [PATCH 0004-0012] Automatic CSR generation

2016-08-16 Thread Martin Kosek
On 08/16/2016 08:12 PM, Alexander Bokovoy wrote: > On Tue, 16 Aug 2016, Ben Lipton wrote: >> On 08/10/2016 08:52 AM, Ben Lipton wrote: >>> The pull request at https://github.com/LiptonB/freeipa/pull/4/commits has >>> been brought up to date (with a force push), and also includes 3 more >>>

Re: [Freeipa-devel] [PATCH] 0078-82: webui tests: tests for new certificate widget

2016-08-15 Thread Martin Kosek
On 07/29/2016 03:00 PM, Pavel Vomacka wrote: > > > On 07/28/2016 08:16 AM, Lenka Doudova wrote: >> >> >> >> On 07/20/2016 04:51 PM, Pavel Vomacka wrote: >>> Please review attached patches, which add tests for new certificate widget >>> in >>> WebUI. >>> >>>

Re: [Freeipa-devel] [PATCH] 0002 Added support for authentication with user certificate

2016-08-08 Thread Martin Kosek
On 08/08/2016 01:31 PM, Jan Pazdziora wrote: > On Mon, Aug 08, 2016 at 12:52:33PM +0200, Martin Kosek wrote: >> >> I discussed this with Jan Pazdziora on IRC, outside of this mail thread, so >> let >> me repeat my suggestion here. I still think it is premat

Re: [Freeipa-devel] [PATCH] 0002 Added support for authentication with user certificate

2016-08-08 Thread Martin Kosek
On 08/05/2016 02:57 PM, Tibor Dudlak wrote: > Hi, > > I have extended my previous patch for authentication with user > certificate/smartcard. This patch includes patches and plugin described here: > http://www.freeipa.org/page/V4/External_Authentication/Setup > Page also contains steps to

Re: [Freeipa-devel] FreeIPA Sub-CA: certificate subject

2016-06-28 Thread Martin Kosek
On 06/28/2016 02:05 PM, Fraser Tweedale wrote: > On Tue, Jun 28, 2016 at 12:49:26PM +0200, Martin Kosek wrote: >> On 06/28/2016 12:49 PM, Jan Cholasta wrote: >>> On 28.6.2016 12:33, Martin Kosek wrote: >>>> On 06/28/2016 12:23 PM, Fraser Tweedale wrote: >>&g

Re: [Freeipa-devel] FreeIPA Sub-CA: certificate subject

2016-06-28 Thread Martin Kosek
On 06/28/2016 12:49 PM, Jan Cholasta wrote: > On 28.6.2016 12:33, Martin Kosek wrote: >> On 06/28/2016 12:23 PM, Fraser Tweedale wrote: >>> On Tue, Jun 28, 2016 at 11:00:17AM +0200, Martin Kosek wrote: >>>> Hi Fraser, >>>> >>>> I was testing F

Re: [Freeipa-devel] [PATCH] 498 Update Contributors.txt

2016-06-24 Thread Martin Kosek
On 06/23/2016 07:39 PM, Lukas Slebodnik wrote: > On (23/06/16 15:22), Martin Kosek wrote: >> Update .mailmap to fix wrong commit author and re-generate >> the Developer contributor list. >> >> -- >> Martin Kosek <mko...@redhat.com> >> Manager, So

[Freeipa-devel] [PATCH] 498 Update Contributors.txt

2016-06-23 Thread Martin Kosek
Update .mailmap to fix wrong commit author and re-generate the Developer contributor list. -- Martin Kosek <mko...@redhat.com> Manager, Software Engineering - Identity Management Team Red Hat, Inc. From 4271bdb36d111b90da3daf3f4312ec40d7db590f Mon Sep 17 00:00:00 2001 From: Martin Kose

Re: [Freeipa-devel] I plan to delete my FreeIPA COPR repos

2016-06-17 Thread Martin Kosek
On 05/13/2016 01:43 PM, Martin Kosek wrote: > Hi all, > > When we were starting building FreeIPA in the Fedora COPR service [1], the > service did not support the organizations as it can do now and we did the > official repos in my personal name space [2] as I was the com

[Freeipa-devel] [PATCH] 497 Update Developers in Contributors.txt

2016-06-16 Thread Martin Kosek
Since we are close to 4.4 release, let's add the latest contributors. (master branch should be enough). -- Martin Kosek <mko...@redhat.com> Manager, Software Engineering - Identity Management Team Red Hat, Inc. From 2f3b4706fbdf4319a54ef679042cdf1b156787b5 Mon Sep 17 00:00:00 2001 From:

Re: [Freeipa-devel] Using JSON for tlog config files

2016-06-15 Thread Martin Kosek
Removing the secondary list from this discussion. On 06/15/2016 01:29 PM, Nikolai Kondrashov wrote: > Hi Simo, > > On 06/15/2016 12:25 AM, Simo Sorce wrote: >> On Tue, 2016-06-14 at 16:40 +0300, Nikolai Kondrashov wrote: >>> Although this was mentioned several times before, I'd like to bring

Re: [Freeipa-devel] [PATCH] 0203 adtrust: remove ipanttrustpartner parameter

2016-06-10 Thread Martin Kosek
On 06/10/2016 10:01 AM, Martin Basti wrote: > > > On 09.06.2016 21:45, Alexander Bokovoy wrote: >> On Thu, 09 Jun 2016, Martin Basti wrote: >>> >>> >>> On 09.06.2016 17:56, Martin Babinsky wrote: On 06/06/2016 01:37 PM, Alexander Bokovoy wrote: > On Mon, 06 Jun 2016, Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCH 0473-0476, 0478-0482]DNS Locations: Prologue

2016-06-06 Thread Martin Kosek
On 06/03/2016 12:51 PM, Martin Basti wrote: > > > On 03.06.2016 08:53, Petr Spacek wrote: >> On 2.6.2016 17:53, Martin Basti wrote: >>> Typo - redundant ' ' at the end. Conditional NACK, warnings mentioned in

Re: [Freeipa-devel] Questions on git

2016-05-25 Thread Martin Kosek
On 05/25/2016 11:55 AM, Christian Heimes wrote: > On 2016-05-25 11:46, Martin Kosek wrote: >> On 05/25/2016 10:03 AM, Jan Pazdziora wrote: >>> On Mon, May 23, 2016 at 04:24:38PM +0200, Florence Blanc-Renaud wrote: >>>> >>>> - I start working on a specific

Re: [Freeipa-devel] Questions on git

2016-05-25 Thread Martin Kosek
On 05/25/2016 10:03 AM, Jan Pazdziora wrote: > On Mon, May 23, 2016 at 04:24:38PM +0200, Florence Blanc-Renaud wrote: >> >> - I start working on a specific issue and decide to create a branch on my >> git repository (on my laptop) >> git clone git://git.fedorahosted.org/git/freeipa.git >> git

Re: [Freeipa-devel] [PATCH 0094] Migrate from #ifndef guards to #pragma once

2016-05-24 Thread Martin Kosek
On 05/24/2016 04:29 PM, Nathaniel McCallum wrote: > Using a pragma instead of guards is easier to write, less error prone > and avoids name clashes (a source of very subtle bugs). This pragma > is supported on almost all compilers, including all the compilers we > care about:

[Freeipa-devel] FreeIPA.org mediawiki upgraded to 1.26.3

2016-05-23 Thread Martin Kosek
, please let me know. -- Martin Kosek <mko...@redhat.com> Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.or

Re: [Freeipa-devel] Reviving FreeIPA translations

2016-05-16 Thread Martin Kosek
On 05/15/2016 09:34 PM, Yuri Chornoivan wrote: > написане Sun, 15 May 2016 21:51:45 +0300, Martin Kosek <mko...@redhat.com>: > >> On 05/14/2016 01:29 PM, Yuri Chornoivan wrote: >>> написане Sat, 14 May 2016 12:57:13 +0300, Jérôme Fenal <jfe...@gmail.com>: &g

Re: [Freeipa-devel] Reviving FreeIPA translations

2016-05-15 Thread Martin Kosek
On 05/14/2016 01:29 PM, Yuri Chornoivan wrote: > написане Sat, 14 May 2016 12:57:13 +0300, Jérôme Fenal <jfe...@gmail.com>: > >> 2016-05-13 13:32 GMT+02:00 Martin Kosek <mko...@redhat.com>: >> >>> Hello, >>> >>> As you may or may

[Freeipa-devel] I plan to delete my FreeIPA COPR repos

2016-05-13 Thread Martin Kosek
any blocker. So please holler if you depend on some of my repos. [1] https://copr.fedorainfracloud.org [2] https://copr.fedorainfracloud.org/coprs/mkosek/ [3] https://copr.fedorainfracloud.org/groups/g/freeipa/coprs/ -- Martin Kosek <mko...@redhat.com> Manager, Software Engineering - Id

[Freeipa-devel] Reviving FreeIPA translations

2016-05-13 Thread Martin Kosek
as in current FreeIPA git). -- Martin Kosek <mko...@redhat.com> Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.or

Re: [Freeipa-devel] Provisioning throughput

2016-05-13 Thread Martin Kosek
On 05/12/2016 04:16 PM, Ludwig Krispenz wrote: > > On 05/12/2016 03:45 PM, Ludwig Krispenz wrote: >> >> On 05/12/2016 02:16 PM, Petr Vobornik wrote: >>> On 05/10/2016 05:50 PM, thierry bordaz wrote: On 05/05/2016 03:44 PM, Petr Vobornik wrote: > On 05/04/2016 02:20 PM, thierry

Re: [Freeipa-devel] #5881 / bz1327092 ; fixing broken caIPAserviceCert profile

2016-05-12 Thread Martin Kosek
On 05/12/2016 12:56 AM, Fraser Tweedale wrote: > On Wed, May 11, 2016 at 04:36:34PM +0200, Jan Cholasta wrote: >> On 11.5.2016 15:04, Fraser Tweedale wrote: >>> On Wed, May 11, 2016 at 01:31:36PM +0200, Jan Cholasta wrote: ... 3) I would rather avoid adding new commands just to work around

Re: [Freeipa-devel] [DESIGN] Kerberos principal alias handling

2016-05-06 Thread Martin Kosek
On 04/18/2016 10:31 AM, Martin Kosek wrote: > On 04/08/2016 05:10 PM, Martin Babinsky wrote: >> Hi list, >> >> I have put together a draft [1] outlining the effort to reimplement the >> handling of Kerberos principals in both backend and frontend layers of >&g

Re: [Freeipa-devel] [PATCH] pwpolicy: Do not expire passwords when maxlife is set to 0 (infinity).

2016-05-04 Thread Martin Kosek
On 05/02/2016 02:28 PM, David Kupka wrote: > https://fedorahosted.org/freeipa/ticket/2795 That patch looks suspiciously short given the struggles I saw in http://www.redhat.com/archives/freeipa-devel/2015-June/msg00198.html :-) Instead of setting to IPAPWD_END_OF_TIME, should we instead avoid

Re: [Freeipa-devel] [DESIGN] Kerberos principal alias handling

2016-04-18 Thread Martin Kosek
On 04/08/2016 05:10 PM, Martin Babinsky wrote: > Hi list, > > I have put together a draft [1] outlining the effort to reimplement the > handling of Kerberos principals in both backend and frontend layers of FreeIPA > so that we may have multiple aliases per user, host or service and thus >

Re: [Freeipa-devel] URI in HBAC - design page

2016-03-24 Thread Martin Kosek
On 03/24/2016 01:24 PM, Jan Pazdziora wrote: > On Thu, Mar 24, 2016 at 12:38:37PM +0100, Martin Kosek wrote: >> On 03/24/2016 10:24 AM, Jan Pazdziora wrote: >>> On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote: >> ... >>> You present two solut

Re: [Freeipa-devel] URI in HBAC - design page

2016-03-24 Thread Martin Kosek
On 03/24/2016 10:24 AM, Jan Pazdziora wrote: > On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote: ... > You present two solutions to the problem -- deny rules, and regular > expressions. For the record, HBAC deny rules is something we will want to avoid. Deny HBAC rules were

Re: [Freeipa-devel] URI in HBAC - design page

2016-03-24 Thread Martin Kosek
On 03/23/2016 04:41 PM, Lukáš Hellebrandt wrote: > I created a design page for the feature: > > http://www.freeipa.org/page/URI-based-HBAC-design Technicality update: - I changed the name and moved it to consistent location: http://www.freeipa.org/page/V4/URI-based_HBAC - I removed

Re: [Freeipa-devel] [DRAFT] FreeIPA 4.3.1 release notes

2016-03-23 Thread Martin Kosek
On 03/22/2016 06:35 PM, Petr Vobornik wrote: > Hello all, > > I prepared the release notes on FreeIPA.org wiki: > http://www.freeipa.org/page/Releases/4.3.1 > > Updates or improvements to release notes page welcome. Particularly if > you think some bug fixes/improvements deserves to be noted out

Re: [Freeipa-devel] [DESIGN] Server Roles

2016-03-21 Thread Martin Kosek
On 03/18/2016 03:43 PM, Martin Babinsky wrote: > On 03/18/2016 02:44 PM, Petr Vobornik wrote: >> On 03/18/2016 10:59 AM, Martin Kosek wrote: >>> On 03/18/2016 10:47 AM, Martin Babinsky wrote: >>>> On 03/18/2016 10:21 AM, Martin Kosek wrote: >>>>>

Re: [Freeipa-devel] [DESIGN] Server Roles

2016-03-21 Thread Martin Kosek
On 03/18/2016 03:58 PM, Simo Sorce wrote: > On Fri, 2016-03-18 at 15:28 +0100, Petr Vobornik wrote: >> On 03/18/2016 02:59 PM, Simo Sorce wrote: ... >> Use cases I see: >> 1. Administrator wants to know which servers are configured with >> CA|KRA|DNS. >> 2. Administrator wants to know which

Re: [Freeipa-devel] [DESIGN] Server Roles

2016-03-19 Thread Martin Kosek
On 03/18/2016 10:47 AM, Martin Babinsky wrote: > On 03/18/2016 10:21 AM, Martin Kosek wrote: >> On 03/17/2016 06:16 PM, Martin Babinsky wrote: >>> Hi list, >>> >>> here is a link (http://www.freeipa.org/page/V4/Server_Roles) to WIP design >>> do

Re: [Freeipa-devel] [DESIGN] Server Roles

2016-03-18 Thread Martin Kosek
On 03/17/2016 06:16 PM, Martin Babinsky wrote: > Hi list, > > here is a link (http://www.freeipa.org/page/V4/Server_Roles) to WIP design > document concerning the concept of Server Roles as a user-friendly abstraction > of the services running on IPA masters. > > The main aim of this feature is

Re: [Freeipa-devel] [PATCH] 0050 caacl: correctly handle full user principal name

2016-03-14 Thread Martin Kosek
On 03/14/2016 06:18 AM, Alexander Bokovoy wrote: > On Mon, 14 Mar 2016, Fraser Tweedale wrote: >> The attached patch fixes >> https://fedorahosted.org/freeipa/ticket/5733. Thanks to Alexander >> for finding and reporting. >> >> Cheers, >> Fraser > >> From 9bd7b74d9c928f386bd7dae59588580881ed1a9d

Re: [Freeipa-devel] [PATCH 0434] log: add timestamp to filename of logs

2016-03-11 Thread Martin Kosek
On 03/11/2016 09:55 AM, Jan Cholasta wrote: > On 11.3.2016 09:33, Martin Kosek wrote: >> On 03/08/2016 07:07 PM, Martin Basti wrote: >>> >>> >>> On 08.03.2016 16:37, Martin Basti wrote: >>>> >>>> >>>> On 08.03.2016 16:31

Re: [Freeipa-devel] [PATCH 0434] log: add timestamp to filename of logs

2016-03-11 Thread Martin Kosek
On 03/08/2016 07:07 PM, Martin Basti wrote: > > > On 08.03.2016 16:37, Martin Basti wrote: >> >> >> On 08.03.2016 16:31, Martin Basti wrote: >>> https://fedorahosted.org/freeipa/ticket/4501 >>> >>> Patch attached. >>> >>> >> Rebased patch attached. >> >> > > self-NACK > > Scripts print to CLI

Re: [Freeipa-devel] [PATCH 0067-0069] Various IPA log fixes

2016-03-10 Thread Martin Kosek
On 03/10/2016 03:44 PM, Rob Crittenden wrote: > Gabe Alford wrote: >> Hello, >> >> Attached patches fix the following tickets related to IPA log files: >> >> https://fedorahosted.org/freeipa/ticket/5724 >> https://fedorahosted.org/freeipa/ticket/5726 >> https://fedorahosted.org/freeipa/ticket/5727

Re: [Freeipa-devel] [PATCH 0137] spec: add conflict with bind-chroot to freeipa-server-dns

2016-03-07 Thread Martin Kosek
On 03/07/2016 03:17 PM, Petr Spacek wrote: > On 7.3.2016 13:27, Jan Cholasta wrote: >> Hi, >> >> On 7.3.2016 12:47, Martin Babinsky wrote: >>> https://fedorahosted.org/freeipa/ticket/5696 >> >> Shouldn't we rather fix IPA to work with bind running in chroot (which is >> AFAIK considered good

Re: [Freeipa-devel] French translation for FreeIPA

2016-03-07 Thread Martin Kosek
On 03/07/2016 12:57 PM, Lukas Slebodnik wrote: > On (07/03/16 12:20), Martin Kosek wrote: >> On 03/07/2016 11:48 AM, Jérôme Fenal wrote: >>> 2016-02-29 18:45 GMT+01:00 Jérôme Fenal <jfe...@gmail.com>: >>> >>>> Hi all, >>>> >>&

Re: [Freeipa-devel] French translation for FreeIPA

2016-03-07 Thread Martin Kosek
On 03/07/2016 11:48 AM, Jérôme Fenal wrote: > 2016-02-29 18:45 GMT+01:00 Jérôme Fenal : > >> Hi all, >> >> Just a quick note to let you that I completed the translation of what >> was available to translate on Zanata. >> >> Can you please check it passes the QA, that the

Re: [Freeipa-devel] Feature template - proposed changes

2016-03-06 Thread Martin Kosek
On 03/04/2016 03:59 PM, Petr Spacek wrote: > On 4.3.2016 15:23, Martin Kosek wrote: >> On 03/04/2016 03:11 PM, Petr Spacek wrote: >>> Hello, >>> >>> I've updated Feature template to make sure that important the design >>> decisions >>> are

Re: [Freeipa-devel] [WIP] Time-Based HBAC Policies

2016-03-04 Thread Martin Kosek
On 03/04/2016 03:39 PM, Stanislav Laznicka wrote: > Based on Alexander's suggestion I created a copr repo with latest > python-icalendar version. > > https://copr.fedorainfracloud.org/coprs/stlaz/python-icalendar/packages/ Thanks. When we get to end-to-end functionality (again), it should again

Re: [Freeipa-devel] Feature template - proposed changes

2016-03-04 Thread Martin Kosek
On 03/04/2016 03:11 PM, Petr Spacek wrote: > Hello, > > I've updated Feature template to make sure that important the design decisions > are recorded somewhere. > > Of course all this is open for discussion. I did this soon because I believe > that it is better to actually see how it looks like

[Freeipa-devel] Proposing design template changes (Re: Feature template - proposed changes)

2016-03-04 Thread Martin Kosek
On 03/04/2016 03:11 PM, Petr Spacek wrote: > Hello, > > I've updated Feature template to make sure that important the design decisions > are recorded somewhere. > > Of course all this is open for discussion. I did this soon because I believe > that it is better to actually see how it looks like

Re: [Freeipa-devel] Feature template - proposed changes

2016-03-04 Thread Martin Kosek
On 03/04/2016 03:11 PM, Petr Spacek wrote: > Hello, > > I've updated Feature template to make sure that important the design decisions > are recorded somewhere. > > Of course all this is open for discussion. I did this soon because I believe > that it is better to actually see how it looks like

Re: [Freeipa-devel] Disabling Schema Compatibility rule

2016-03-04 Thread Martin Kosek
On 03/04/2016 02:30 PM, Alexander Bokovoy wrote: > On Fri, 04 Mar 2016, Martin Kosek wrote: >> On 03/04/2016 01:09 PM, Alexander Bokovoy wrote: >>> On Fri, 04 Mar 2016, Martin Kosek wrote: >>>> On 03/04/2016 12:59 PM, Alexander Bokovoy wrote: >>>>

Re: [Freeipa-devel] Disabling Schema Compatibility rule

2016-03-04 Thread Martin Kosek
On 03/04/2016 01:09 PM, Alexander Bokovoy wrote: > On Fri, 04 Mar 2016, Martin Kosek wrote: >> On 03/04/2016 12:59 PM, Alexander Bokovoy wrote: >>> On Fri, 04 Mar 2016, Martin Kosek wrote: >>>> On 03/04/2016 10:10 AM, Alexander Bokovoy wrote: >>>>

Re: [Freeipa-devel] Disabling Schema Compatibility rule

2016-03-04 Thread Martin Kosek
On 03/04/2016 12:59 PM, Alexander Bokovoy wrote: > On Fri, 04 Mar 2016, Martin Kosek wrote: >> On 03/04/2016 10:10 AM, Alexander Bokovoy wrote: >>> On Fri, 04 Mar 2016, Martin Kosek wrote: >>>> Hi Alexander and others, >>>> >>>> As you know

Re: [Freeipa-devel] Disabling Schema Compatibility rule

2016-03-04 Thread Martin Kosek
On 03/04/2016 10:10 AM, Alexander Bokovoy wrote: > On Fri, 04 Mar 2016, Martin Kosek wrote: >> Hi Alexander and others, >> >> As you know, SSSD 1.13.4 added support of reading the native SUDO tree [1]. >> This means that FreeIPA deployments with all clients bei

[Freeipa-devel] Disabling Schema Compatibility rule

2016-03-04 Thread Martin Kosek
certain Schema Compatibility rules? Ideally having a config options something like: schema-compat-enabled: on|off That could be changed via ldapmodify. [1] https://fedorahosted.org/sssd/ticket/1108 -- Martin Kosek <mko...@redhat.com> Manager, Software Engineering - Identity Management Te

Re: [Freeipa-devel] [REVIEW] Intial stab towards Authentication Indicators

2016-03-01 Thread Martin Kosek
On 02/29/2016 11:35 PM, Nathaniel McCallum wrote: On Fri, 2016-02-26 at 09:00 +0100, Martin Kosek wrote: On 02/25/2016 10:51 PM, Simo Sorce wrote: On Thu, 2016-02-25 at 16:13 -0500, Nathaniel McCallum wrote: On Thu, 2016-02-25 at 12:19 -0500, Nathaniel McCallum wrote: On Thu, 2016-02-25

Re: [Freeipa-devel] [PATCH] 0001 Adding URL to HBAC rule

2016-02-28 Thread Martin Kosek
On 02/26/2016 04:38 PM, Lukáš Hellebrandt wrote: > On 02/26/2016 01:30 PM, Martin Kosek wrote: >> Greetings, welcome! >> >> On 02/26/2016 01:17 PM, Lukáš Hellebrandt wrote: >> ... >>> Btw, is there some better place to share patches than a pasting tool?

Re: [Freeipa-devel] URI in HBAC rules - patch - request for feedback

2016-02-26 Thread Martin Kosek
Greetings, welcome! On 02/26/2016 01:17 PM, Lukáš Hellebrandt wrote: ... > Btw, is there some better place to share patches than a pasting tool? > Maybe some form of pull request? There is :-) Please see advise here: http://www.freeipa.org/page/Contribute/Code#Submit_a_patch It has more

Re: [Freeipa-devel] [REVIEW] Intial stab towards Authentication Indicators

2016-02-26 Thread Martin Kosek
On 02/25/2016 10:51 PM, Simo Sorce wrote: > On Thu, 2016-02-25 at 16:13 -0500, Nathaniel McCallum wrote: >> On Thu, 2016-02-25 at 12:19 -0500, Nathaniel McCallum wrote: >>> On Thu, 2016-02-25 at 10:49 -0500, Simo Sorce wrote: On Thu, 2016-02-25 at 10:32 -0500, Nathaniel McCallum wrote:

Re: [Freeipa-devel] Locations design v2: LDAP schema & user interface

2016-02-24 Thread Martin Kosek
On 02/23/2016 06:59 PM, Petr Spacek wrote: > On 23.2.2016 18:14, Simo Sorce wrote: ... >> More seriously I think it is a great idea, but too premature to get all >> the way there now. We need to build schema and CLI that will allow us to >> get there without having to completely change interfaces

Re: [Freeipa-devel] [PATCH 0011] Move freeipa certmonger helpers to libexecdir.

2016-02-23 Thread Martin Kosek
On 02/23/2016 09:47 AM, David Kupka wrote: > On 22/02/16 16:15, Martin Kosek wrote: >> On 02/22/2016 04:04 PM, Jan Cholasta wrote: >>> On 22.2.2016 15:56, David Kupka wrote: >>>> On 22/02/16 07:28, Jan Cholasta wrote: >>>>> On 18.2.2016 10:10, David

Re: [Freeipa-devel] [PATCH 0011] Move freeipa certmonger helpers to libexecdir.

2016-02-22 Thread Martin Kosek
On 02/22/2016 04:04 PM, Jan Cholasta wrote: > On 22.2.2016 15:56, David Kupka wrote: >> On 22/02/16 07:28, Jan Cholasta wrote: >>> On 18.2.2016 10:10, David Kupka wrote: >>>> On 19/01/16 16:10, David Kupka wrote: >>>>> On 19/01/16 14:38, Jan Cholasta w

Re: [Freeipa-devel] [PATCH 0416][WIP] fix broken configuration of sidgen and extdom plugins

2016-02-19 Thread Martin Kosek
On 02/19/2016 03:14 PM, Alexander Bokovoy wrote: > On Fri, 19 Feb 2016, Martin Kosek wrote: >>>> Why trust-add? >>>> >>>> I'm not a big fan of cluttering existing commands(find, show, mod) with >>>> logic >>>> to fix one

Re: [Freeipa-devel] [PATCH 0416][WIP] fix broken configuration of sidgen and extdom plugins

2016-02-19 Thread Martin Kosek
On 02/19/2016 03:02 PM, Alexander Bokovoy wrote: > On Fri, 19 Feb 2016, Petr Vobornik wrote: >> On 02/19/2016 11:12 AM, Alexander Bokovoy wrote: >>> On Fri, 19 Feb 2016, Martin Basti wrote: WIP patch attached https://fedorahosted.org/freeipa/ticket/5665 >>> Comments inline. >>>

Re: [Freeipa-devel] [PATCH 0011] Move freeipa certmonger helpers to libexecdir.

2016-02-18 Thread Martin Kosek
On 02/18/2016 10:10 AM, David Kupka wrote: > From 9952937f207f9a0afae8211276f1b7d7e762fd4e Mon Sep 17 00:00:00 2001 > From: Timo Aaltonen > Date: Tue, 19 Jan 2016 12:37:56 +0100 > Subject: [PATCH] Move freeipa certmonger helpers to libexecdir. > > The scripts in this

Re: [Freeipa-devel] [PATCH 0030] Modernize mod_nss's cipher suites

2016-02-11 Thread Martin Kosek
On 02/11/2016 10:45 AM, Martin Basti wrote: > > > On 03.02.2016 15:35, Christian Heimes wrote: >> On 2016-01-29 15:05, Martin Basti wrote: >>> >>> On 29.01.2016 14:42, Christian Heimes wrote: >>>> On 2016-01-28 09:47, Martin Basti wrote:

Re: [Freeipa-devel] [PATCH 0411] upgrade: log to ipaupgrade.log if ipa is not installed

2016-01-29 Thread Martin Kosek
On 01/29/2016 10:48 AM, Martin Basti wrote: > Missing record in ipaupgrade.log that upgrade failed because IPA is not > installed, causes harder time to debugging upgrade from log. > > Patch attached. I am thinking that in these general catch-all clauses, it could be also useful to print the

Re: [Freeipa-devel] [PATCH 0030] Modernize mod_nss's cipher suites

2016-01-22 Thread Martin Kosek
On 01/21/2016 04:21 PM, Christian Heimes wrote: The list of supported TLS cipher suites in /etc/httpd/conf.d/nss.conf has been modernized. Insecure or less secure algorithms such as RC4, DES and 3DES are removed. Perfect forward secrecy suites with ephemeral ECDH key exchange have been added. IE

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

2016-01-21 Thread Martin Kosek
On 01/21/2016 04:22 PM, thierry bordaz wrote: > On 01/21/2016 03:46 PM, Martin Kosek wrote: >> On 01/21/2016 01:37 PM, thierry bordaz wrote: >> Thanks! Couple comments: >> >> I miss ticket number of description. > > Thanks Martin for looking at it. >

Re: [Freeipa-devel] [PATCH] 0017 configure DNA shared config entry to allow connection with GSSAPI

2016-01-21 Thread Martin Kosek
On 01/21/2016 01:37 PM, thierry bordaz wrote: > Thanks! Couple comments: I miss ticket number of description. Does this patch mean that all blocker on DS side preventing remote DNA were fixed? If yes, it may be worth updating Requires in the spec file in that case and making sure the backport

Re: [Freeipa-devel] [PATCH] 0049 Remove workaround for CA running check

2016-01-20 Thread Martin Kosek
On 01/20/2016 08:45 AM, Fraser Tweedale wrote: > The attached patch removes a workaround introduced as part of > https://fedorahosted.org/freeipa/ticket/4676. > > Alternatively, if we want to keep the "workaround" I will submit a > different patch that removes unused code and FIXME comments :) >

Re: [Freeipa-devel] [PATCH 0011] Move freeipa certmonger helpers to libexecdir.

2016-01-19 Thread Martin Kosek
On 01/19/2016 01:47 PM, David Kupka wrote: > I've polished the patch attached to #5586 by Timo Aaltonen. > > Thanks for the patch. I've fixed the path in specfile and removed unused > import > but otherwise it works, ACK. > > https://fedorahosted.org/freeipa/ticket/5586 Won't this break

Re: [Freeipa-devel] [PATCH 539] ipalib: assume version 2.0 when skip_version_check is enabled

2016-01-12 Thread Martin Kosek
On 01/12/2016 03:46 PM, Jan Cholasta wrote: > Hi, > > the attached patch fixes . > > Honza I see you set the version to 2.0. As I am reading https://bugzilla.redhat.com/show_bug.cgi?id=1297811#c1 , shouldn't the minimal version be set to something

[Freeipa-devel] FreeIPA github mirror/repo (Fwd: [SSSD] The mirror at https://github.com/SSSD/sssd is now automatically updated)

2016-01-11 Thread Martin Kosek
FIY, I suspect FreeIPA will want follow the same approach for https://github.com/freeipa/freeipa (to be created) :-) Martin Forwarded Message Subject: [SSSD] The mirror at https://github.com/SSSD/sssd is now automatically updated Date: Mon, 11 Jan 2016 11:33:06 +0100 From:

Re: [Freeipa-devel] [PATCH 0124] ipa-csreplica-manage: remove extraneous ldap2 connection

2016-01-11 Thread Martin Kosek
On 01/08/2016 06:31 PM, Martin Babinsky wrote: > On 01/08/2016 06:17 PM, Martin Basti wrote: >> >> >> On 08.01.2016 17:18, Martin Babinsky wrote: >>> fixes ipa-csreplica-manage del blowing up due >>> >>> https://fedorahosted.org/freeipa/ticket/5583 >>> >>> for master and ipa-4-3 only. >>> >> Give

Re: [Freeipa-devel] [PATCH 0373] Upgrade: Fix IPA version comparison

2016-01-08 Thread Martin Kosek
On 12/11/2015 09:36 AM, Martin Kosek wrote: > On 12/10/2015 05:09 PM, Martin Basti wrote: >> >> >> On 10.12.2015 15:49, Tomas Babej wrote: >>> >>> On 12/10/2015 11:23 AM, Martin Basti wrote: >>>> >>>> On 10.12.2015 09:13, Lukas

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

2016-01-08 Thread Martin Kosek
On 01/08/2016 02:18 PM, Martin Babinsky wrote: > On 01/08/2016 02:14 PM, Jan Cholasta wrote: >> On 8.1.2016 14:09, Martin Basti wrote: >>> >>> >>> On 08.01.2016 14:00, Martin Kosek wrote: >>>> On 01/08/2016 01:45 PM, Martin Basti wrote: &

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

2016-01-08 Thread Martin Kosek
On 01/08/2016 01:45 PM, Martin Basti wrote: > Hello all, > > fix for ticket https://fedorahosted.org/freeipa/ticket/5535 > requires to import rpm module > > This import somehow breaks nsslib in IPA > https://fedorahosted.org/freeipa/ticket/5572 > > > We have 2 ways how to fix it: > > 1) move

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

2016-01-08 Thread Martin Kosek
On 01/08/2016 02:22 PM, Jan Cholasta wrote: > On 8.1.2016 14:13, Martin Basti wrote: >> >> >> On 08.01.2016 14:14, Jan Cholasta wrote: >>> On 8.1.2016 14:09, Martin Basti wrote: >>>> >>>> >>>> On 08.01.2016 14:00, Martin Kosek wro

[Freeipa-devel] FreeIPA and modern requirements on certificates

2016-01-08 Thread Martin Kosek
maybe some change to our default certificate profiles? Thanks! -- Martin Kosek <mko...@redhat.com> Manager, Software Engineering - Identity Management Team Red Hat, Inc. -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

2016-01-08 Thread Martin Kosek
On 01/08/2016 02:09 PM, Martin Basti wrote: > > > On 08.01.2016 14:00, Martin Kosek wrote: >> On 01/08/2016 01:45 PM, Martin Basti wrote: >>> Hello all, >>> >>> fix for ticket https://fedorahosted.org/freeipa/ticket/5535 >>> requires to import r

Re: [Freeipa-devel] import rpm causes failure during IPA caless install

2016-01-08 Thread Martin Kosek
On 01/08/2016 02:32 PM, Martin Kosek wrote: > On 01/08/2016 02:22 PM, Jan Cholasta wrote: >> On 8.1.2016 14:13, Martin Basti wrote: >>> >>> >>> On 08.01.2016 14:14, Jan Cholasta wrote: >>>> On 8.1.2016 14:09, Martin Basti wrote: >>&

Re: [Freeipa-devel] FreeIPA and modern requirements on certificates

2016-01-08 Thread Martin Kosek
On 01/08/2016 02:24 PM, Christian Heimes wrote: > On 2016-01-08 13:26, Martin Kosek wrote: >> Hi Fraser and other X.509 SMEs, >> >> I wanted to check with you on what we have or plan to have with respect to >> certificate/cipher strength in FreeIPA. >> >&g

Re: [Freeipa-devel] FreeIPA and modern requirements on certificates

2016-01-08 Thread Martin Kosek
On 01/08/2016 02:17 PM, Fraser Tweedale wrote: > On Fri, Jan 08, 2016 at 02:02:07PM +0100, Martin Kosek wrote: >> On 01/08/2016 01:56 PM, Fraser Tweedale wrote: >>> On Fri, Jan 08, 2016 at 01:26:57PM +0100, Martin Kosek wrote: >>>> Hi Fraser and other X.509 SME

Re: [Freeipa-devel] FreeIPA and modern requirements on certificates

2016-01-08 Thread Martin Kosek
On 01/08/2016 01:56 PM, Fraser Tweedale wrote: > On Fri, Jan 08, 2016 at 01:26:57PM +0100, Martin Kosek wrote: >> Hi Fraser and other X.509 SMEs, >> >> I wanted to check with you on what we have or plan to have with respect to >> certificate/cipher strength in

Re: [Freeipa-devel] FreeIPA and modern requirements on certificates

2016-01-08 Thread Martin Kosek
On 01/08/2016 03:02 PM, Rob Crittenden wrote: > Alexander Bokovoy wrote: >> On Fri, 08 Jan 2016, Martin Kosek wrote: >>> On 01/08/2016 02:17 PM, Fraser Tweedale wrote: >>>> On Fri, Jan 08, 2016 at 02:02:07PM +0100, Martin Kosek wrote: >>>>>

Re: [Freeipa-devel] [PATCH 559] Fix kadmin for new users

2016-01-05 Thread Martin Kosek
On 01/06/2016 08:37 AM, Martin Babinsky wrote: > On 11/25/2015 03:41 PM, Martin Kosek wrote: >> On 11/25/2015 03:32 PM, Simo Sorce wrote: >>> On Wed, 2015-11-25 at 14:13 +0100, Tomas Babej wrote: >>>> >>>> On 11/25/2015 02:13 PM, Tomas Babej wrote: >&g

[Freeipa-devel] New FreeIPA official COPR URL (Re: ipa-devel repos on jdennis.fedorapeople.org)

2016-01-04 Thread Martin Kosek
On 01/04/2016 09:51 AM, Martin Kosek wrote: > On 12/22/2015 05:37 PM, Petr Vobornik wrote: >> On 12/22/2015 05:19 PM, Petr Spacek wrote: >>> On 22.12.2015 17:18, John Dennis wrote: >>>> On 12/22/2015 09:50 AM, Petr Spacek wrote: >>>>> John,

Re: [Freeipa-devel] ipa-devel repos on jdennis.fedorapeople.org

2016-01-04 Thread Martin Kosek
On 12/22/2015 05:37 PM, Petr Vobornik wrote: > On 12/22/2015 05:19 PM, Petr Spacek wrote: >> On 22.12.2015 17:18, John Dennis wrote: >>> On 12/22/2015 09:50 AM, Petr Spacek wrote: John, the machines which used to generate the repos are basically dead now. Could you remove the

Re: [Freeipa-devel] [PATCH 0069] Add 'review' target for make

2015-12-16 Thread Martin Kosek
On 12/16/2015 12:01 PM, Petr Spacek wrote: > On 16.12.2015 11:15, Martin Kosek wrote: >> On 12/16/2015 10:02 AM, Petr Spacek wrote: >>> On 16.12.2015 09:53, Jan Cholasta wrote: >>>> On 16.12.2015 09:45, Petr Spacek wrote: >>>>> On 11

Re: [Freeipa-devel] certmonger everywhere

2015-12-16 Thread Martin Kosek
On 12/16/2015 09:17 AM, Jan Cholasta wrote: > On 16.12.2015 08:54, Martin Kosek wrote: ... >>> 7. cert-request fetches the configuration for the specified sub-CA, >>> or the >>> default sub-CA if none was specified, from LDAP >>> >>> 8. cert-r

Re: [Freeipa-devel] [PATCH 0069] Add 'review' target for make

2015-12-16 Thread Martin Kosek
On 12/16/2015 10:02 AM, Petr Spacek wrote: > On 16.12.2015 09:53, Jan Cholasta wrote: >> On 16.12.2015 09:45, Petr Spacek wrote: >>> On 11.12.2015 15:50, Jan Cholasta wrote: Hi, On 10.12.2015 18:04, Petr Spacek wrote: > On 9.12.2015 15:30, Petr Spacek wrote: >> Hello, >>

  1   2   3   4   5   6   7   8   9   10   >