Re: [Freeipa-devel] [SSSD] [RFC] Matching and Mapping Certificates

On Fri, Apr 07, 2017 at 10:38:55AM +0200, Jakub Hrozek wrote: > On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote: > > Hi, > > > > I've started to write a SSSD design page about enhancing the current > > mapping of certificates to users and how to select/match

[Freeipa-devel] [freeipa PR#672][opened] IPA-KDB: use relative path in ipa-certmap config snippet

URL: https://github.com/freeipa/freeipa/pull/672 Author: sumit-bose Title: #672: IPA-KDB: use relative path in ipa-certmap config snippet Action: opened PR body: """ Architecture specific paths should be avoided in the global Kerberos configuration because it is read e.g. by

[Freeipa-devel] [freeipa PR#644][synchronized] extdom: improve certificate request

URL: https://github.com/freeipa/freeipa/pull/644 Author: sumit-bose Title: #644: extdom: improve certificate request Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/644/head:pr644 git checkout pr644 From

[Freeipa-devel] [freeipa PR#657][synchronized] configure: fix --disable-server with certauth plugin

URL: https://github.com/freeipa/freeipa/pull/657 Author: sumit-bose Title: #657: configure: fix --disable-server with certauth plugin Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/657/head:pr657 git

[Freeipa-devel] [freeipa PR#657][synchronized] configure: fix --disable-server with certauth plugin

URL: https://github.com/freeipa/freeipa/pull/657 Author: sumit-bose Title: #657: configure: fix --disable-server with certauth plugin Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/657/head:pr657 git

[Freeipa-devel] [freeipa PR#657][opened] configure: fix --disable-server with certauth plugin

URL: https://github.com/freeipa/freeipa/pull/657 Author: sumit-bose Title: #657: configure: fix --disable-server with certauth plugin Action: opened PR body: """ Resolves https://pagure.io/freeipa/issue/6816 """ To pull the PR as Git branch: git remote ad

[Freeipa-devel] [freeipa PR#644][closed] extdom: improve certificate request

URL: https://github.com/freeipa/freeipa/pull/644 Author: sumit-bose Title: #644: extdom: improve certificate request Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/644/head:pr644 git checkout pr644 -- Manage

[Freeipa-devel] [freeipa PR#644][reopened] extdom: improve certificate request

URL: https://github.com/freeipa/freeipa/pull/644 Author: sumit-bose Title: #644: extdom: improve certificate request Action: reopened To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/644/head:pr644 git checkout pr644 -- Manage

[Freeipa-devel] [freeipa PR#575][reopened] IPA certauth plugin

URL: https://github.com/freeipa/freeipa/pull/575 Author: sumit-bose Title: #575: IPA certauth plugin Action: reopened To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/575/head:pr575 git checkout pr575 -- Manage your

[Freeipa-devel] [freeipa PR#575][closed] IPA certauth plugin

URL: https://github.com/freeipa/freeipa/pull/575 Author: sumit-bose Title: #575: IPA certauth plugin Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/575/head:pr575 git checkout pr575 -- Manage your subscription

[Freeipa-devel] [freeipa PR#644][synchronized] extdom: improve certificate request

URL: https://github.com/freeipa/freeipa/pull/644 Author: sumit-bose Title: #644: extdom: improve certificate request Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/644/head:pr644 git checkout pr644 From

[Freeipa-devel] [freeipa PR#575][synchronized] IPA certauth plugin

URL: https://github.com/freeipa/freeipa/pull/575 Author: sumit-bose Title: #575: IPA certauth plugin Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/575/head:pr575 git checkout pr575 From

[Freeipa-devel] [freeipa PR#644][synchronized] extdom: improve certificate request

URL: https://github.com/freeipa/freeipa/pull/644 Author: sumit-bose Title: #644: extdom: improve certificate request Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/644/head:pr644 git checkout pr644 From

[Freeipa-devel] [freeipa PR#575][synchronized] IPA certauth plugin

URL: https://github.com/freeipa/freeipa/pull/575 Author: sumit-bose Title: #575: IPA certauth plugin Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/575/head:pr575 git checkout pr575 From

[Freeipa-devel] [freeipa PR#575][synchronized] IPA certauth plugin

URL: https://github.com/freeipa/freeipa/pull/575 Author: sumit-bose Title: #575: IPA certauth plugin Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/575/head:pr575 git checkout pr575 From

[Freeipa-devel] [freeipa PR#644][opened] extdom: improve certificate request

URL: https://github.com/freeipa/freeipa/pull/644 Author: sumit-bose Title: #644: extdom: improve certificate request Action: opened PR body: """ Certificates can be assigned to multiple user so the extdom plugin must use sss_nss_getlistbycert() instead of sss_nss_getnamebyce

[Freeipa-devel] [freeipa PR#575][comment] IPA certauth plugin

URL: https://github.com/freeipa/freeipa/pull/575 Title: #575: IPA certauth plugin sumit-bose commented: """ I updated the code to reflect the latest changes in the interface from https://github.com/krb5/krb5/pull/610. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#575][synchronized] IPA certauth plugin

URL: https://github.com/freeipa/freeipa/pull/575 Author: sumit-bose Title: #575: IPA certauth plugin Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/575/head:pr575 git checkout pr575 From

[Freeipa-devel] [freeipa PR#575][comment] IPA certauth plugin

URL: https://github.com/freeipa/freeipa/pull/575 Title: #575: IPA certauth plugin sumit-bose commented: """ This patch depends on https://github.com/SSSD/sssd/pull/192 (SSSD's certmap library) and https://github.com/krb5/krb5/pull/610 (MIT Kerberos certauth plugin support) &q

[Freeipa-devel] [freeipa PR#575][opened] IPA certauth plugin

URL: https://github.com/freeipa/freeipa/pull/575 Author: sumit-bose Title: #575: IPA certauth plugin Action: opened PR body: """ This patch add a certauth plugin which allows the IPA server to support PKINIT for certificates which do not include a special SAN extension

Re: [Freeipa-devel] [RFC] Smartcard authentication with PKINIT and local authentication

On Fri, Mar 10, 2017 at 01:39:27PM +0200, Alexander Bokovoy wrote: > On pe, 10 maalis 2017, Sumit Bose wrote: > > On Fri, Mar 10, 2017 at 11:58:25AM +0200, Alexander Bokovoy wrote: > > > On pe, 10 maalis 2017, Sumit Bose wrote: > > > > Hi, > > > > > >

Re: [Freeipa-devel] [RFC] Smartcard authentication with PKINIT and local authentication

On Fri, Mar 10, 2017 at 11:58:25AM +0200, Alexander Bokovoy wrote: > On pe, 10 maalis 2017, Sumit Bose wrote: > > Hi, > > > > with the recent addition of PKINIT support there is now a second method > > available to Smartcard authentication besides local authentication.

[Freeipa-devel] [RFC] Smartcard authentication with PKINIT and local authentication

Hi, with the recent addition of PKINIT support there is now a second method available to Smartcard authentication besides local authentication. I was about to add some sssd.conf option which can control the fallback to local authentication if PKINIT fails. Currently there is only a fallback to

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card sumit-bose commented: """ I agree, it would be good if the help text can mention that cached data is used and maybe even mention the sss_cache utility to inval

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card sumit-bose commented: """ Yes, a hint aka user name will be used during authentication. But this PR here is about to get an idea which user is allowed to aut

[Freeipa-devel] [freeipa PR#398][comment] Support for Certificate Identity Mapping

URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping sumit-bose commented: """ Ok, sorry for the noise, I tested on a fresh install again and now it is working as expected. I guess I shouldn't have tried to update from an older

[Freeipa-devel] [freeipa PR#398][comment] Support for Certificate Identity Mapping

URL: https://github.com/freeipa/freeipa/pull/398 Title: #398: Support for Certificate Identity Mapping sumit-bose commented: """ It looks like the ACis on the latest version do not allow hosts to access the rules. When I do 'kinit -k' on the IPA server or a client and call

Re: [Freeipa-devel] Certificate Identity Mapping - new API to retrieve matching users

On Wed, Feb 22, 2017 at 10:02:24AM +0100, Petr Vobornik wrote: > On 02/22/2017 12:43 AM, Fraser Tweedale wrote: > > On Tue, Feb 21, 2017 at 06:12:23PM +0100, Petr Vobornik wrote: > > > On 02/21/2017 05:15 PM, Florence Blanc-Renaud wrote: > > > > Hi, > > > > > > > > related to the Certificate

[Freeipa-devel] [freeipa PR#410][comment] ipa-kdb: support KDB DAL version 6.1

URL: https://github.com/freeipa/freeipa/pull/410 Title: #410: ipa-kdb: support KDB DAL version 6.1 sumit-bose commented: """ Are there any plans how to handle 6.0? Should configure at least show a warning if KRB5_KDB_DAL_MAJOR_VERSION == 6 but no free e_data callback was

Re: [Freeipa-devel] Certificate Identity Mapping

On Wed, Jan 18, 2017 at 09:59:49AM +0100, David Kupka wrote: > Hello everyone! > I would like to bring your attention to just published PRs implementing > FreeIPA part of Certificate Identity Mapping feature [0]: > > - certmap plugin [1] by Flo > - WebUI for certmap plugin [3] by Pavel > - tests

Re: [Freeipa-devel] Certificate Identity Mapping

On Fri, Jan 06, 2017 at 08:40:31AM +0100, Jan Cholasta wrote: > On 5.1.2017 13:15, Sumit Bose wrote: > > On Mon, Jan 02, 2017 at 08:06:04AM +0100, Jan Cholasta wrote: > > > On 19.12.2016 12:13, Sumit Bose wrote: > > > > On Mon, Dec 19, 2016 at 10:02:58AM +0100, J

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

On Fri, Jan 06, 2017 at 08:50:14AM +0100, Jan Cholasta wrote: > On 5.1.2017 10:39, Sumit Bose wrote: > > On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote: > > > On 18.10.2016 07:34, Jan Cholasta wrote: > > > > On 17.10.2016 16:50, Rob Crittenden wrote

Re: [Freeipa-devel] Certificate Identity Mapping

On Tue, Dec 20, 2016 at 10:10:29AM +0100, Florence Blanc-Renaud wrote: > Hi Sumit and Jan, > > thanks to both of you for providing detailed comments. Please find answers > inline. > > On 12/19/2016 12:13 PM, Sumit Bose wrote: > > On Mon, Dec 19, 2016 at 10:02:58AM +

Re: [Freeipa-devel] Certificate Identity Mapping

On Mon, Jan 02, 2017 at 08:06:04AM +0100, Jan Cholasta wrote: > On 19.12.2016 12:13, Sumit Bose wrote: > > On Mon, Dec 19, 2016 at 10:02:58AM +0100, Jan Cholasta wrote: > > > I agree with *almost* everything Sumit said. See my inline comments below. > > > > >

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote: > On 18.10.2016 07:34, Jan Cholasta wrote: > > On 17.10.2016 16:50, Rob Crittenden wrote: > > > Jan Cholasta wrote: > > > > Hi, > > > > > > > > On 13.10.2016 18:52, Sumi

Re: [Freeipa-devel] Certificate Identity Mapping

On Mon, Dec 19, 2016 at 10:02:58AM +0100, Jan Cholasta wrote: > I agree with *almost* everything Sumit said. See my inline comments below. > > On 16.12.2016 11:53, Sumit Bose wrote: > > On Tue, Dec 06, 2016 at 04:39:10PM +0100, Florence Blanc-Renaud wrote: > > > Hi, >

Re: [Freeipa-devel] Certificate Identity Mapping

mail.domain altSecurityIdentities: X509:O=Red Hat,OU=prod,CN=Certificate AuthorityDC =com,DC=redhat,OU=users,OID.0.9.2342.19200300.100.1.1=sbose,E=sb...@redhat.co m,CN=Sumit Bose Sumit Bose * Certificate Mapping Administrators or re-use Certificate Administrators: I would prefer a new 'Certific

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

On Tue, Oct 11, 2016 at 01:37:09PM +0200, Sumit Bose wrote: > On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote: > > Hi, > > > > I've started to write a SSSD design page about enhancing the current > > mapping of certificates to users and how to select/match

Re: [Freeipa-devel] FleetCommander integration

On Tue, Sep 06, 2016 at 01:18:14PM +0300, Alexander Bokovoy wrote: > Hi, > > Now that FreeIPA 4.4.1 is out, I've pushed to github my prototype for > FleetCommander integration: https://github.com/abbra/freeipa-desktop-profile/ > > You can read the design page: >

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote: > Hi, > > I've started to write a SSSD design page about enhancing the current > mapping of certificates to users and how to select/match a suitable > certificate if multiple certificates are on a Smartcard. > >

Re: [Freeipa-devel] kinit: Cannot contact any KDC for realm... from Freeipa clinet (Active Directory trust setup)

On Mon, Oct 10, 2016 at 09:43:24AM +0200, rajat gupta wrote: > https://access.redhat.com/documentation/en-US/Red_Hat_ > Enterprise_Linux/7/html/Windows_Integration_Guide/ > trust-requirements.html#trust-req-ports > > these port are required for trust. Is port 88 required to open from ipa > client

Re: [Freeipa-devel] [RFC] Matching and Mapping Certificates

On Thu, Oct 06, 2016 at 10:33:48AM -0400, Rob Crittenden wrote: > Sumit Bose wrote: > > Hi, > > > > > > Wow, this is really great. Hi Rob, thank you for the feedback. > > I think I'd pre-plan to support different configuration per issuer subject, >

[Freeipa-devel] [RFC] Matching and Mapping Certificates

Hi, I've started to write a SSSD design page about enhancing the current mapping of certificates to users and how to select/match a suitable certificate if multiple certificates are on a Smartcard. My currently thoughts and idea and be found at

Re: [Freeipa-devel] [Test][Patch-0049, 0050] Certs in ID overrides test

On Wed, Sep 14, 2016 at 06:03:37PM +0200, Martin Basti wrote: > > > On 14.09.2016 17:53, Alexander Bokovoy wrote: > > On Wed, 14 Sep 2016, Martin Basti wrote: > > > > > > > > > On 14.09.2016 17:41, Alexander Bokovoy wrote: > > > > On Wed, 14 Sep 2016, Martin Basti wrote: > > > > > 1) > > > > >

Re: [Freeipa-devel] [Testplan] Support of UPN for trusted domains

On Mon, Jul 11, 2016 at 09:44:46AM +0200, Lenka Doudova wrote: > > > On 07/07/2016 11:13 AM, Sumit Bose wrote: > > On Fri, May 27, 2016 at 11:24:24AM +0300, Alexander Bokovoy wrote: > > > On Fri, 27 May 2016, Sumit Bose wrote: > > > > On Fri, May 27, 2016 at 0

Re: [Freeipa-devel] [PATCH] kdb: check for local realm in enterprise principals

On Thu, Jul 07, 2016 at 01:31:03PM +0200, Petr Vobornik wrote: > On 07/06/2016 07:01 PM, Sumit Bose wrote: > > Hi, > > > > although enterprise principals for trusted domains now are working as > > expected they do not work for the local domain: > > &

Re: [Freeipa-devel] [Testplan] Support of UPN for trusted domains

On Fri, May 27, 2016 at 11:24:24AM +0300, Alexander Bokovoy wrote: > On Fri, 27 May 2016, Sumit Bose wrote: > > On Fri, May 27, 2016 at 09:57:37AM +0200, Lenka Doudova wrote: > > > Hi all, > > > > > > > > > here [1] is a draft of test plan for V4

[Freeipa-devel] [PATCH] kdb: check for local realm in enterprise principals

accordingly or if the current version is ok, bye, Sumit From a1ca7928148a58a1ac61f6d418750200866a4a63 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Wed, 6 Jul 2016 17:29:37 +0200 Subject: [PATCH] kdb: check for local realm in enterprise principals --- daemons/i

Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

On Tue, Jun 28, 2016 at 10:43:00AM +0200, Oleg Fayans wrote: > Hi Sumit, > > The testplan is updated according to your second note. The WebUI part > I'll test once Pavel's patch is merged. Thank you. bye, Sumit > > On 06/27/2016 10:28 AM, Sumit Bose wrote: > > On Mo

Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

> > > On 06/09/2016 05:06 PM, Sumit Bose wrote: > > On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote: > >> Hi guys, > >> > >> Here is the first somewhat skeletal and pretty short version of the > >> testplan. Could

Re: [Freeipa-devel] [PATCH 0096] Add authentication indicators support to Host objects

On Tue, Jun 21, 2016 at 02:25:49PM -0400, Nathaniel McCallum wrote: > https://fedorahosted.org/freeipa/ticket/433 The patch works for me as expected, but the API.txt update is missing in the patch. bye, Sumit > From c7254a9dd182b34665b50c45c5ece42a3cbc56e2 Mon Sep 17 00:00:00 2001 > From:

Re: [Freeipa-devel] [PATCH] 0156 extdom: add certificate request

29), Martin Basti wrote: > > > > > > > > On 09.06.2016 14:22, Alexander Bokovoy wrote: > > > > > > > > > On Thu, 09 Jun 2016, Jakub Hrozek wrote: > > > > > > > > > > On Fri, May 20, 2016 at 09:23:46PM +0200, Sumit Bose wrote: &g

Re: [Freeipa-devel] [Testplan Review] Certs in ID overrides

On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote: > Hi guys, > > Here is the first somewhat skeletal and pretty short version of the > testplan. Could you please review it anyone? > > http://www.freeipa.org/page/V4/Certs_in_ID_overrides/Test_Plan Hi Oleg, 'Make sure the id view is

Re: [Freeipa-devel] [PATCH] 0208-0209 webUI changes for external trust and UPN suffixes

On Thu, Jun 09, 2016 at 02:30:52PM +0300, Alexander Bokovoy wrote: > Hi, > > webUI changes to support external trust and showing UPN suffixes are > attached. > > UPN Suffixes defined on AD side and fetched with 'ipa trust-fetch-domains'. > They cannot be disabled individually as they come from

Re: [Freeipa-devel] [Testplan] Support of UPN for trusted domains

On Fri, May 27, 2016 at 09:57:37AM +0200, Lenka Doudova wrote: > Hi all, > > > here [1] is a draft of test plan for V4 RFE Support of UPN for trusted > domains. > > Please review this and let me know if there's something missing or wrong. Hi Lenka, thank you for the test plan. About the TBD,

Re: [Freeipa-devel] [PATCHES 0089-0093] Authentication Indicators

ssion, see below. bye, Sumit > > On Tue, 2016-05-24 at 12:08 -0400, Nathaniel McCallum wrote: > > I have attached new versions of the patches. Comments below. > > > > On Tue, 2016-05-24 at 15:25 +0200, Sumit Bose wrote: > > > On Thu, May 12, 2016 at 05:33:26P

Re: [Freeipa-devel] [PATCHES 0089-0093] Authentication Indicators

On Thu, May 12, 2016 at 05:33:26PM -0400, Nathaniel McCallum wrote: > On Fri, 2016-05-06 at 14:44 +0200, Sumit Bose wrote: > > On Wed, May 04, 2016 at 05:33:55PM -0400, Nathaniel McCallum wrote: > > > This series of patches implements authentication indicator > > >

[Freeipa-devel] [PATCH] 0156 extdom: add certificate request

b7b84fb4192af70e784c4cee18ff4be532d0f83f Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Tue, 26 Apr 2016 13:22:40 +0200 Subject: [PATCH] extdom: add certificate request Related to https://fedorahosted.org/freeipa/ticket/4955 --- .../ipa-extdom-extop/ipa_extdom.h | 4 ++- .../ipa-

Re: [Freeipa-devel] [PATCHES 0089-0093] Authentication Indicators

On Wed, May 04, 2016 at 05:33:55PM -0400, Nathaniel McCallum wrote: > This series of patches implements authentication indicator insertion, > evaluation and management in FreeIPA. Besides these patches, two other > patches are needed to round out support. > > First, we need a UI patch: 

Re: [Freeipa-devel] [PATCH] 0001 ipa_kdb add krbPrincipalAuthInd handling

On Mon, May 02, 2016 at 11:47:41AM -0400, Matt Rogers wrote: > On 05/02, Sumit Bose wrote: > > On Thu, Apr 28, 2016 at 02:58:07PM -0400, Matt Rogers wrote: > > > On 04/27, Matt Rogers wrote: > > > > On 04/27, Sumit Bose wrote: > > > > > On Tue, Apr 26

Re: [Freeipa-devel] [PATCH] 0001 ipa_kdb add krbPrincipalAuthInd handling

On Thu, Apr 28, 2016 at 02:58:07PM -0400, Matt Rogers wrote: > On 04/27, Matt Rogers wrote: > > On 04/27, Sumit Bose wrote: > > > On Tue, Apr 26, 2016 at 02:02:04PM -0400, Matt Rogers wrote: > > > > On 04/26, Sumit Bose wrote: > > > > > On Thu, Apr 14

Re: [Freeipa-devel] [PATCH] 0001 ipa_kdb add krbPrincipalAuthInd handling

On Tue, Apr 26, 2016 at 02:02:04PM -0400, Matt Rogers wrote: > On 04/26, Sumit Bose wrote: > > On Thu, Apr 14, 2016 at 12:59:55PM -0400, Matt Rogers wrote: > > > > > > > > > - Original Message - > > > > From: "Nathaniel McCallum&quo

Re: [Freeipa-devel] [PATCH] 0001 ipa_kdb add krbPrincipalAuthInd handling

On Thu, Apr 14, 2016 at 12:59:55PM -0400, Matt Rogers wrote: > > > - Original Message - > > From: "Nathaniel McCallum" > > To: "Matt Rogers" , freeipa-devel@redhat.com > > Sent: Thursday, April 14, 2016 10:32:15 AM > > Subject: Re:

Re: [Freeipa-devel] [PATCH 0405] idviews: Add user certificate attribute to user ID overrides

On Mon, Apr 04, 2016 at 04:27:02PM +0200, Jan Cholasta wrote: > Hi, > > On 1.4.2016 16:53, Tomas Babej wrote: > >Hi, > > > >this extends the user ID overrides with capability to store the user > >certificate. > > > >https://fedorahosted.org/freeipa/ticket/4955 > > The preferred way of managing

Re: [Freeipa-devel] Supporting UPNs of trusted forests

On Wed, Mar 02, 2016 at 05:24:55PM +0200, Alexander Bokovoy wrote: > On Wed, 02 Mar 2016, Petr Vobornik wrote: > >On 03/02/2016 11:55 AM, Alexander Bokovoy wrote: > >>Hi, > >> > >>http://www.freeipa.org/page/V4/Support_of_UPN_for_trusted_domains > >>describes a design page to support name suffixes

Re: [Freeipa-devel] IPA client realm/domain autodiscovery improvements

On Wed, Feb 24, 2016 at 04:08:14PM +0100, David Kupka wrote: > On 24/02/16 15:55, Sumit Bose wrote: > >On Wed, Feb 24, 2016 at 03:30:40PM +0100, Martin Babinsky wrote: > >>On 02/24/2016 03:20 PM, Sumit Bose wrote: > >>>On Wed, Feb 24, 2016 at 01:31:55PM +0100, Petr

Re: [Freeipa-devel] IPA client realm/domain autodiscovery improvements

On Wed, Feb 24, 2016 at 03:30:40PM +0100, Martin Babinsky wrote: > On 02/24/2016 03:20 PM, Sumit Bose wrote: > >On Wed, Feb 24, 2016 at 01:31:55PM +0100, Petr Vobornik wrote: > >>On 02/16/2016 02:23 PM, Martin Babinsky wrote: > >>>Hi list, > >&g

Re: [Freeipa-devel] IPA client realm/domain autodiscovery improvements

On Wed, Feb 24, 2016 at 01:31:55PM +0100, Petr Vobornik wrote: > On 02/16/2016 02:23 PM, Martin Babinsky wrote: > >Hi list, > > > >WARNING: huge brain dump ahead. > > > >During investigation of https://fedorahosted.org/freeipa/ticket/4305 me > >and Petr Spaced (CC'ed) came to a conclusion that the

Re: [Freeipa-devel] [PATCH] extdom: Remove unused macro

On Fri, Jan 29, 2016 at 01:11:32PM +0100, Lukas Slebodnik wrote: > ehlo, > > Last usage of the macro SSSD_SYSDB_SID_STR was removed > in the commit 0ee8fe11aea9811c724182def3f50960d5dd87b3 > > LS ACK bye, Sumit -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] [PATCH 155] ipa-kdb: get_authz_data_types() make sure entry can be NULL

ac3468375a71da08d1437362caabae4504c87386 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Wed, 16 Dec 2015 12:37:50 +0100 Subject: [PATCH] ipa-kdb: get_authz_data_types() make sure entry can be NULL --- daemons/ipa-kdb/ipa_kdb_mspac.c | 2 +- daemons/ipa-kdb/tests/ipa_kdb_tests

[Freeipa-devel] [PATCH 154] ipa-kdb: map_groups() consider all results

are taken into account. This makes sure all expected local group memberships are added to the PAC which resolves https://fedorahosted.org/freeipa/ticket/5573. bye, Sumit From 60748d2da05261df937eba85cee27c2ea0d7e893 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Wed, 16 Dec 2015

Re: [Freeipa-devel] limiting SyncRepl's scope

On Wed, Dec 16, 2015 at 08:49:04AM +0100, Petr Spacek wrote: > On 15.12.2015 19:10, Christian Heimes wrote: > > Hi, > > > > in ticket https://fedorahosted.org/freeipa/ticket/5538 Ludwig has > > suggested to exclude Dogtag's o=ipaca tree from the changelog. Sometimes > > vault-archive fails

Re: [Freeipa-devel] [PATCH] Add option to disable setkeytab extended operations

On Tue, Nov 24, 2015 at 02:42:32PM -0500, Simo Sorce wrote: > Since some time we use the getkeytab operation to fetch keytabs on newer > clients. According to bug #232 setkeytab can be used to circumvent > password quality controls so it needs to be slowly retired. ipasam uses this exop to create

[Freeipa-devel] [PATCHES 151-153] ipasam: fix wrong usage of talloc_new()

was checking the other issue. bye, Sumit From 8b4025136271f158ae50172cdbc6dca4fbe2ee65 Mon Sep 17 00:00:00 2001 From: Sumit Bose <sb...@redhat.com> Date: Wed, 18 Nov 2015 12:29:43 +0100 Subject: [PATCH 151/153] ipasam: fix wrong usage of talloc_new() Fixes https://fedorahosted.org/freeipa/ticke

Re: [Freeipa-devel] [PATCH] 0197 client referral support for trusted domain principal

On Thu, Oct 08, 2015 at 01:36:23PM +0300, Alexander Bokovoy wrote: > On Mon, 05 Oct 2015, Sumit Bose wrote: > >On Thu, Sep 03, 2015 at 06:22:05PM +0300, Alexander Bokovoy wrote: > >>On Thu, 03 Sep 2015, Alexander Bokovoy wrote: > >>>Hi, > >>> > >

Re: [Freeipa-devel] [PATCH] 0197 client referral support for trusted domain principal

On Thu, Sep 03, 2015 at 06:22:05PM +0300, Alexander Bokovoy wrote: > On Thu, 03 Sep 2015, Alexander Bokovoy wrote: > >Hi, > > > >attached patch adds support for issuing client referrals when FreeIPA > >KDC is asked to give a TGT for a principal from a trusted forest. > > > >We return a matching

Re: [Freeipa-devel] fixing Kerberos principal aliases handling in IPA

On Wed, Sep 02, 2015 at 02:10:52PM +0200, Martin Kosek wrote: > On 09/01/2015 04:53 PM, Simo Sorce wrote: > > On Tue, 2015-09-01 at 16:39 +0200, Martin Babinsky wrote: > >> Hi list, > >> > >> I own the following ticket https://fedorahosted.org/freeipa/ticket/3864 > >> and I would like to clarify

Re: [Freeipa-devel] [PATCH 149] IPA KDB: allow case in-sensitive realm in AS request

On Wed, Jul 22, 2015 at 09:41:51AM -0400, Simo Sorce wrote: - Original Message - From: Sumit Bose sb...@redhat.com To: freeipa-devel freeipa-devel@redhat.com Sent: Tuesday, July 21, 2015 7:41:14 AM Subject: [Freeipa-devel] [PATCH 149] IPA KDB: allow case in-sensitive realm

Re: [Freeipa-devel] [PATCH 149] IPA KDB: allow case in-sensitive realm in AS request

On Tue, Jul 28, 2015 at 02:26:34PM +0300, Alexander Bokovoy wrote: On Tue, 28 Jul 2015, Simo Sorce wrote: On Tue, 2015-07-28 at 12:15 +0200, Sumit Bose wrote: On Wed, Jul 22, 2015 at 09:41:51AM -0400, Simo Sorce wrote: - Original Message - From: Sumit Bose sb...@redhat.com

[Freeipa-devel] [PATCH 149] IPA KDB: allow case in-sensitive realm in AS request

From: Sumit Bose sb...@redhat.com Date: Tue, 21 Jul 2015 12:12:56 +0200 Subject: [PATCH] IPA KDB: allow case in-sensitive realm in AS request If the canonicalization flag is set the realm of the client principal in an AS request (kinit) may only match case in-sensitive. Resolves https

Re: [Freeipa-devel] [PATCH 149] IPA KDB: allow case in-sensitive realm in AS request

On Tue, Jul 21, 2015 at 01:41:14PM +0200, Sumit Bose wrote: Hi, this patch is my suggestion to solve https://fedorahosted.org/freeipa/ticket/4844 . The original issue in the ticket has two part. One is a loop in libkrb5 which is already fixed. The other is to handle canonicalization

Re: [Freeipa-devel] [PATCHES 145-148] ipa-kdb: add unit-test for filter_logon_info()

On Tue, May 26, 2015 at 01:36:35PM +0200, Martin Kosek wrote: On 05/26/2015 01:33 PM, Sumit Bose wrote: Hi, these patches add some unit tests and some additional improvements related to the issues described in https://bugzilla.redhat.com/show_bug.cgi?id=1222475 . The original issue

Re: [Freeipa-devel] [PATCH 144] extdom: add unit-test for get_user_grouplist()

On Tue, May 26, 2015 at 02:47:02PM +0300, Alexander Bokovoy wrote: On Tue, 26 May 2015, Sumit Bose wrote: On Tue, May 26, 2015 at 01:24:30PM +0200, Petr Vobornik wrote: On 05/26/2015 01:21 PM, Sumit Bose wrote: Hi, this tests should have gone together

Re: [Freeipa-devel] #4905: [RFE] Allow Kerberos authentication for users with certificates on smart cards (pkinit)

On Fri, May 29, 2015 at 10:38:41AM +0200, Martin Kosek wrote: Hello all, I would like to discuss the scope needed for ticket 4905 [1]. This is mostly question for Sumit as he is working on the SSSD SC support. The main minimal target is to allow SSSD get a ticket for a user once he

Re: [Freeipa-devel] #4905: [RFE] Allow Kerberos authentication for users with certificates on smart cards (pkinit)

On Fri, May 29, 2015 at 12:10:24PM +0200, Martin Kosek wrote: On 05/29/2015 11:26 AM, Sumit Bose wrote: On Fri, May 29, 2015 at 10:38:41AM +0200, Martin Kosek wrote: Hello all, I would like to discuss the scope needed for ticket 4905 [1]. This is mostly question for Sumit as he is working

Re: [Freeipa-devel] #4905: [RFE] Allow Kerberos authentication for users with certificates on smart cards (pkinit)

On Fri, May 29, 2015 at 12:54:13PM +0200, Martin Kosek wrote: On 05/29/2015 12:33 PM, Sumit Bose wrote: On Fri, May 29, 2015 at 12:10:24PM +0200, Martin Kosek wrote: On 05/29/2015 11:26 AM, Sumit Bose wrote: On Fri, May 29, 2015 at 10:38:41AM +0200, Martin Kosek wrote: Hello all, I would

Re: [Freeipa-devel] [PATCH 0014] Support multiple user and host certificates

On Wed, May 27, 2015 at 06:12:50PM +0200, Martin Basti wrote: On 27/05/15 15:53, Fraser Tweedale wrote: This patch adds supports for multiple user / host certificates. No schema change is needed ('usercertificate' attribute is already multi-value). The revoke-previous-cert behaviour of

[Freeipa-devel] [PATCHES 145-148] ipa-kdb: add unit-test for filter_logon_info()

() in the 3rd patch. The last patch add unit tests for those two calls as well. bye, Sumit From ddd3ac0a38521ae9450f9dee46fbd8434ac85870 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Wed, 20 May 2015 18:31:19 +0200 Subject: [PATCH 145/148] ipa-kdb: convert test to cmocka --- daemons/ipa

[Freeipa-devel] [PATCH 143] ipa-sam: use proper domain GUID

45af7302b80bff25892bb6629689dbf4dfa3b37d Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@ipa-devel.ipa.devel Date: Fri, 16 Jan 2015 12:35:57 +0100 Subject: [PATCH] ipa-sam: use proper domain GUID --- daemons/ipa-sam/ipa_sam.c | 28 1 file changed, 16 insertions(+), 12 deletions(-) diff --git

[Freeipa-devel] [PATCH 144] extdom: add unit-test for get_user_grouplist()

Hi, this tests should have gone together with c1114ef82516002de08e004a930b5ba4a1791b25 but got lost somehow during the bugzilla processing. bye, Sumit From 724258fc3eff2872cf95a5401f25b8134233ee68 Mon Sep 17 00:00:00 2001 From: Sumit Bose sb...@redhat.com Date: Thu, 26 Feb 2015 14:08:06 +0100

Re: [Freeipa-devel] [PATCH 144] extdom: add unit-test for get_user_grouplist()

On Tue, May 26, 2015 at 01:24:30PM +0200, Petr Vobornik wrote: On 05/26/2015 01:21 PM, Sumit Bose wrote: Hi, this tests should have gone together with c1114ef82516002de08e004a930b5ba4a1791b25 but got lost somehow during the bugzilla processing. bye, Sumit So it has been acked

Re: [Freeipa-devel] [PATCH] extop: For printf formatting warning

On Thu, Mar 26, 2015 at 07:40:16PM +0100, Lukas Slebodnik wrote: On (18/03/15 12:33), Jakub Hrozek wrote: On Wed, Mar 18, 2015 at 11:39:15AM +0100, Sumit Bose wrote: On Wed, Mar 18, 2015 at 11:25:14AM +0100, Jakub Hrozek wrote: I could swear I sent the patch last time when I was reviewing

Re: [Freeipa-devel] [PATCH] extop: For printf formatting warning

On Wed, Mar 18, 2015 at 11:25:14AM +0100, Jakub Hrozek wrote: I could swear I sent the patch last time when I was reviewing Sumit's patches but apparently not. It's better to use %zu instead of %d for size_t formatting with recent compilers. From a088e8c8a9bd29b4c22f1579f2c3705652bf2730

Re: [Freeipa-devel] [PATCH 140] extdom: migrate check-based test to cmocka

On Fri, Mar 13, 2015 at 03:14:55PM +0100, Jakub Hrozek wrote: On Fri, Mar 13, 2015 at 11:56:46AM +0100, Sumit Bose wrote: On Wed, Mar 04, 2015 at 06:42:05PM +0100, Sumit Bose wrote: Hi, this is the first patch for https://fedorahosted.org/freeipa/ticket/4922 which converts

Re: [Freeipa-devel] [PATCHES 137-139] extdom: add err_msg member to request context

On Fri, Mar 13, 2015 at 03:17:10PM +0100, Jakub Hrozek wrote: On Fri, Mar 13, 2015 at 11:55:09AM +0100, Sumit Bose wrote: On Wed, Mar 04, 2015 at 06:35:22PM +0100, Sumit Bose wrote: Hi, this patch series improves error reporting of the extdom plugin especially on the client side

Re: [Freeipa-devel] [PATCH 140] extdom: migrate check-based test to cmocka

On Wed, Mar 18, 2015 at 12:53:04PM +0100, Martin Kosek wrote: On 03/18/2015 11:22 AM, Jakub Hrozek wrote: On Wed, Mar 18, 2015 at 11:01:35AM +0100, Sumit Bose wrote: On Fri, Mar 13, 2015 at 03:14:55PM +0100, Jakub Hrozek wrote: On Fri, Mar 13, 2015 at 11:56:46AM +0100, Sumit Bose wrote

Re: [Freeipa-devel] [PATCH 140] extdom: migrate check-based test to cmocka

On Wed, Mar 18, 2015 at 01:36:44PM +0100, Martin Kosek wrote: On 03/18/2015 01:32 PM, Sumit Bose wrote: On Wed, Mar 18, 2015 at 12:53:04PM +0100, Martin Kosek wrote: On 03/18/2015 11:22 AM, Jakub Hrozek wrote: On Wed, Mar 18, 2015 at 11:01:35AM +0100, Sumit Bose wrote: On Fri, Mar 13

Re: [Freeipa-devel] [PATCH 140] extdom: migrate check-based test to cmocka

On Wed, Mar 04, 2015 at 06:42:05PM +0100, Sumit Bose wrote: Hi, this is the first patch for https://fedorahosted.org/freeipa/ticket/4922 which converts the check-based tests of the extdom plugin to cmocka. bye, Sumit Rebased version attached. bye, Sumit From

Re: [Freeipa-devel] [PATCHES 137-139] extdom: add err_msg member to request context

On Wed, Mar 04, 2015 at 06:35:22PM +0100, Sumit Bose wrote: Hi, this patch series improves error reporting of the extdom plugin especially on the client side. Currently there is only SSSD ticket https://fedorahosted.org/sssd/ticket/2463 . Shall I create a corresponding FreeIPA ticket

Re: [Freeipa-devel] [PATCH 142] extdom: fix memory leak

On Tue, Mar 10, 2015 at 11:59:45AM +0100, Tomas Babej wrote: On 03/05/2015 08:00 AM, Alexander Bokovoy wrote: On Wed, 04 Mar 2015, Nathan Kinder wrote: On 03/04/2015 10:34 PM, Alexander Bokovoy wrote: On Wed, 04 Mar 2015, Sumit Bose wrote: Hi, while running 389ds with valgrind to see

  1   2   3   4   >