On Fri, Apr 07, 2017 at 10:38:55AM +0200, Jakub Hrozek wrote:
> On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > I've started to write a SSSD design page about enhancing the current
> > mapping of certificates to users and how to select/match
URL: https://github.com/freeipa/freeipa/pull/672
Author: sumit-bose
Title: #672: IPA-KDB: use relative path in ipa-certmap config snippet
Action: opened
PR body:
"""
Architecture specific paths should be avoided in the global Kerberos
configuration because it is read e.g. by
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/644/head:pr644
git checkout pr644
From
URL: https://github.com/freeipa/freeipa/pull/657
Author: sumit-bose
Title: #657: configure: fix --disable-server with certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/657/head:pr657
git
URL: https://github.com/freeipa/freeipa/pull/657
Author: sumit-bose
Title: #657: configure: fix --disable-server with certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/657/head:pr657
git
URL: https://github.com/freeipa/freeipa/pull/657
Author: sumit-bose
Title: #657: configure: fix --disable-server with certauth plugin
Action: opened
PR body:
"""
Resolves https://pagure.io/freeipa/issue/6816
"""
To pull the PR as Git branch:
git remote ad
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/644/head:pr644
git checkout pr644
--
Manage
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: reopened
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/644/head:pr644
git checkout pr644
--
Manage
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: reopened
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
--
Manage your subscription
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/644/head:pr644
git checkout pr644
From
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/644/head:pr644
git checkout pr644
From
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: opened
PR body:
"""
Certificates can be assigned to multiple user so the extdom plugin must use
sss_nss_getlistbycert() instead of sss_nss_getnamebyce
URL: https://github.com/freeipa/freeipa/pull/575
Title: #575: IPA certauth plugin
sumit-bose commented:
"""
I updated the code to reflect the latest changes in the interface from
https://github.com/krb5/krb5/pull/610.
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From
URL: https://github.com/freeipa/freeipa/pull/575
Title: #575: IPA certauth plugin
sumit-bose commented:
"""
This patch depends on https://github.com/SSSD/sssd/pull/192 (SSSD's certmap
library) and https://github.com/krb5/krb5/pull/610 (MIT Kerberos certauth
plugin support)
&q
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: opened
PR body:
"""
This patch add a certauth plugin which allows the IPA server to support
PKINIT for certificates which do not include a special SAN extension
On Fri, Mar 10, 2017 at 01:39:27PM +0200, Alexander Bokovoy wrote:
> On pe, 10 maalis 2017, Sumit Bose wrote:
> > On Fri, Mar 10, 2017 at 11:58:25AM +0200, Alexander Bokovoy wrote:
> > > On pe, 10 maalis 2017, Sumit Bose wrote:
> > > > Hi,
> > > >
> >
On Fri, Mar 10, 2017 at 11:58:25AM +0200, Alexander Bokovoy wrote:
> On pe, 10 maalis 2017, Sumit Bose wrote:
> > Hi,
> >
> > with the recent addition of PKINIT support there is now a second method
> > available to Smartcard authentication besides local authentication.
Hi,
with the recent addition of PKINIT support there is now a second method
available to Smartcard authentication besides local authentication.
I was about to add some sssd.conf option which can control the fallback
to local authentication if PKINIT fails. Currently there is only a
fallback to
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
sumit-bose commented:
"""
I agree, it would be good if the help text can mention that cached data is used
and maybe even mention the sss_cache utility to inval
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
sumit-bose commented:
"""
Yes, a hint aka user name will be used during authentication. But this PR here
is about to get an idea which user is allowed to aut
URL: https://github.com/freeipa/freeipa/pull/398
Title: #398: Support for Certificate Identity Mapping
sumit-bose commented:
"""
Ok, sorry for the noise, I tested on a fresh install again and now it is
working as expected. I guess I shouldn't have tried to update from an older
URL: https://github.com/freeipa/freeipa/pull/398
Title: #398: Support for Certificate Identity Mapping
sumit-bose commented:
"""
It looks like the ACis on the latest version do not allow hosts to access the
rules. When I do 'kinit -k' on the IPA server or a client and call
On Wed, Feb 22, 2017 at 10:02:24AM +0100, Petr Vobornik wrote:
> On 02/22/2017 12:43 AM, Fraser Tweedale wrote:
> > On Tue, Feb 21, 2017 at 06:12:23PM +0100, Petr Vobornik wrote:
> > > On 02/21/2017 05:15 PM, Florence Blanc-Renaud wrote:
> > > > Hi,
> > > >
> > > > related to the Certificate
URL: https://github.com/freeipa/freeipa/pull/410
Title: #410: ipa-kdb: support KDB DAL version 6.1
sumit-bose commented:
"""
Are there any plans how to handle 6.0? Should configure at least show a warning
if KRB5_KDB_DAL_MAJOR_VERSION == 6 but no free e_data callback was
On Wed, Jan 18, 2017 at 09:59:49AM +0100, David Kupka wrote:
> Hello everyone!
> I would like to bring your attention to just published PRs implementing
> FreeIPA part of Certificate Identity Mapping feature [0]:
>
> - certmap plugin [1] by Flo
> - WebUI for certmap plugin [3] by Pavel
> - tests
On Fri, Jan 06, 2017 at 08:40:31AM +0100, Jan Cholasta wrote:
> On 5.1.2017 13:15, Sumit Bose wrote:
> > On Mon, Jan 02, 2017 at 08:06:04AM +0100, Jan Cholasta wrote:
> > > On 19.12.2016 12:13, Sumit Bose wrote:
> > > > On Mon, Dec 19, 2016 at 10:02:58AM +0100, J
On Fri, Jan 06, 2017 at 08:50:14AM +0100, Jan Cholasta wrote:
> On 5.1.2017 10:39, Sumit Bose wrote:
> > On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
> > > On 18.10.2016 07:34, Jan Cholasta wrote:
> > > > On 17.10.2016 16:50, Rob Crittenden wrote
On Tue, Dec 20, 2016 at 10:10:29AM +0100, Florence Blanc-Renaud wrote:
> Hi Sumit and Jan,
>
> thanks to both of you for providing detailed comments. Please find answers
> inline.
>
> On 12/19/2016 12:13 PM, Sumit Bose wrote:
> > On Mon, Dec 19, 2016 at 10:02:58AM +
On Mon, Jan 02, 2017 at 08:06:04AM +0100, Jan Cholasta wrote:
> On 19.12.2016 12:13, Sumit Bose wrote:
> > On Mon, Dec 19, 2016 at 10:02:58AM +0100, Jan Cholasta wrote:
> > > I agree with *almost* everything Sumit said. See my inline comments below.
> > >
> >
On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
> On 18.10.2016 07:34, Jan Cholasta wrote:
> > On 17.10.2016 16:50, Rob Crittenden wrote:
> > > Jan Cholasta wrote:
> > > > Hi,
> > > >
> > > > On 13.10.2016 18:52, Sumi
On Mon, Dec 19, 2016 at 10:02:58AM +0100, Jan Cholasta wrote:
> I agree with *almost* everything Sumit said. See my inline comments below.
>
> On 16.12.2016 11:53, Sumit Bose wrote:
> > On Tue, Dec 06, 2016 at 04:39:10PM +0100, Florence Blanc-Renaud wrote:
> > > Hi,
>
mail.domain
altSecurityIdentities: X509:O=Red Hat,OU=prod,CN=Certificate
AuthorityDC
=com,DC=redhat,OU=users,OID.0.9.2342.19200300.100.1.1=sbose,E=sb...@redhat.co
m,CN=Sumit Bose Sumit Bose
* Certificate Mapping Administrators or re-use Certificate
Administrators: I would prefer a new 'Certific
On Tue, Oct 11, 2016 at 01:37:09PM +0200, Sumit Bose wrote:
> On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > I've started to write a SSSD design page about enhancing the current
> > mapping of certificates to users and how to select/match
On Tue, Sep 06, 2016 at 01:18:14PM +0300, Alexander Bokovoy wrote:
> Hi,
>
> Now that FreeIPA 4.4.1 is out, I've pushed to github my prototype for
> FleetCommander integration: https://github.com/abbra/freeipa-desktop-profile/
>
> You can read the design page:
>
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> Hi,
>
> I've started to write a SSSD design page about enhancing the current
> mapping of certificates to users and how to select/match a suitable
> certificate if multiple certificates are on a Smartcard.
>
>
On Mon, Oct 10, 2016 at 09:43:24AM +0200, rajat gupta wrote:
> https://access.redhat.com/documentation/en-US/Red_Hat_
> Enterprise_Linux/7/html/Windows_Integration_Guide/
> trust-requirements.html#trust-req-ports
>
> these port are required for trust. Is port 88 required to open from ipa
> client
On Thu, Oct 06, 2016 at 10:33:48AM -0400, Rob Crittenden wrote:
> Sumit Bose wrote:
> > Hi,
> >
> >
>
> Wow, this is really great.
Hi Rob,
thank you for the feedback.
>
> I think I'd pre-plan to support different configuration per issuer subject,
>
Hi,
I've started to write a SSSD design page about enhancing the current
mapping of certificates to users and how to select/match a suitable
certificate if multiple certificates are on a Smartcard.
My currently thoughts and idea and be found at
On Wed, Sep 14, 2016 at 06:03:37PM +0200, Martin Basti wrote:
>
>
> On 14.09.2016 17:53, Alexander Bokovoy wrote:
> > On Wed, 14 Sep 2016, Martin Basti wrote:
> > >
> > >
> > > On 14.09.2016 17:41, Alexander Bokovoy wrote:
> > > > On Wed, 14 Sep 2016, Martin Basti wrote:
> > > > > 1)
> > > > >
On Mon, Jul 11, 2016 at 09:44:46AM +0200, Lenka Doudova wrote:
>
>
> On 07/07/2016 11:13 AM, Sumit Bose wrote:
> > On Fri, May 27, 2016 at 11:24:24AM +0300, Alexander Bokovoy wrote:
> > > On Fri, 27 May 2016, Sumit Bose wrote:
> > > > On Fri, May 27, 2016 at 0
On Thu, Jul 07, 2016 at 01:31:03PM +0200, Petr Vobornik wrote:
> On 07/06/2016 07:01 PM, Sumit Bose wrote:
> > Hi,
> >
> > although enterprise principals for trusted domains now are working as
> > expected they do not work for the local domain:
> >
&
On Fri, May 27, 2016 at 11:24:24AM +0300, Alexander Bokovoy wrote:
> On Fri, 27 May 2016, Sumit Bose wrote:
> > On Fri, May 27, 2016 at 09:57:37AM +0200, Lenka Doudova wrote:
> > > Hi all,
> > >
> > >
> > > here [1] is a draft of test plan for V4
accordingly or if the current version is ok,
bye,
Sumit
From a1ca7928148a58a1ac61f6d418750200866a4a63 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Wed, 6 Jul 2016 17:29:37 +0200
Subject: [PATCH] kdb: check for local realm in enterprise principals
---
daemons/i
On Tue, Jun 28, 2016 at 10:43:00AM +0200, Oleg Fayans wrote:
> Hi Sumit,
>
> The testplan is updated according to your second note. The WebUI part
> I'll test once Pavel's patch is merged.
Thank you.
bye,
Sumit
>
> On 06/27/2016 10:28 AM, Sumit Bose wrote:
> > On Mo
>
>
> On 06/09/2016 05:06 PM, Sumit Bose wrote:
> > On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote:
> >> Hi guys,
> >>
> >> Here is the first somewhat skeletal and pretty short version of the
> >> testplan. Could
On Tue, Jun 21, 2016 at 02:25:49PM -0400, Nathaniel McCallum wrote:
> https://fedorahosted.org/freeipa/ticket/433
The patch works for me as expected, but the API.txt update is missing in
the patch.
bye,
Sumit
> From c7254a9dd182b34665b50c45c5ece42a3cbc56e2 Mon Sep 17 00:00:00 2001
> From:
29), Martin Basti wrote:
> > > > > > > > On 09.06.2016 14:22, Alexander Bokovoy wrote:
> > > > > > > > > On Thu, 09 Jun 2016, Jakub Hrozek wrote:
> > > > > > > > > > On Fri, May 20, 2016 at 09:23:46PM +0200, Sumit Bose wrote:
&g
On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote:
> Hi guys,
>
> Here is the first somewhat skeletal and pretty short version of the
> testplan. Could you please review it anyone?
>
> http://www.freeipa.org/page/V4/Certs_in_ID_overrides/Test_Plan
Hi Oleg,
'Make sure the id view is
On Thu, Jun 09, 2016 at 02:30:52PM +0300, Alexander Bokovoy wrote:
> Hi,
>
> webUI changes to support external trust and showing UPN suffixes are
> attached.
>
> UPN Suffixes defined on AD side and fetched with 'ipa trust-fetch-domains'.
> They cannot be disabled individually as they come from
On Fri, May 27, 2016 at 09:57:37AM +0200, Lenka Doudova wrote:
> Hi all,
>
>
> here [1] is a draft of test plan for V4 RFE Support of UPN for trusted
> domains.
>
> Please review this and let me know if there's something missing or wrong.
Hi Lenka,
thank you for the test plan.
About the TBD,
ssion, see below.
bye,
Sumit
>
> On Tue, 2016-05-24 at 12:08 -0400, Nathaniel McCallum wrote:
> > I have attached new versions of the patches. Comments below.
> >
> > On Tue, 2016-05-24 at 15:25 +0200, Sumit Bose wrote:
> > > On Thu, May 12, 2016 at 05:33:26P
On Thu, May 12, 2016 at 05:33:26PM -0400, Nathaniel McCallum wrote:
> On Fri, 2016-05-06 at 14:44 +0200, Sumit Bose wrote:
> > On Wed, May 04, 2016 at 05:33:55PM -0400, Nathaniel McCallum wrote:
> > > This series of patches implements authentication indicator
> > >
b7b84fb4192af70e784c4cee18ff4be532d0f83f Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Tue, 26 Apr 2016 13:22:40 +0200
Subject: [PATCH] extdom: add certificate request
Related to https://fedorahosted.org/freeipa/ticket/4955
---
.../ipa-extdom-extop/ipa_extdom.h | 4 ++-
.../ipa-
On Wed, May 04, 2016 at 05:33:55PM -0400, Nathaniel McCallum wrote:
> This series of patches implements authentication indicator insertion,
> evaluation and management in FreeIPA. Besides these patches, two other
> patches are needed to round out support.
>
> First, we need a UI patch:
On Mon, May 02, 2016 at 11:47:41AM -0400, Matt Rogers wrote:
> On 05/02, Sumit Bose wrote:
> > On Thu, Apr 28, 2016 at 02:58:07PM -0400, Matt Rogers wrote:
> > > On 04/27, Matt Rogers wrote:
> > > > On 04/27, Sumit Bose wrote:
> > > > > On Tue, Apr 26
On Thu, Apr 28, 2016 at 02:58:07PM -0400, Matt Rogers wrote:
> On 04/27, Matt Rogers wrote:
> > On 04/27, Sumit Bose wrote:
> > > On Tue, Apr 26, 2016 at 02:02:04PM -0400, Matt Rogers wrote:
> > > > On 04/26, Sumit Bose wrote:
> > > > > On Thu, Apr 14
On Tue, Apr 26, 2016 at 02:02:04PM -0400, Matt Rogers wrote:
> On 04/26, Sumit Bose wrote:
> > On Thu, Apr 14, 2016 at 12:59:55PM -0400, Matt Rogers wrote:
> > >
> > >
> > > - Original Message -
> > > > From: "Nathaniel McCallum&quo
On Thu, Apr 14, 2016 at 12:59:55PM -0400, Matt Rogers wrote:
>
>
> - Original Message -
> > From: "Nathaniel McCallum"
> > To: "Matt Rogers" , freeipa-devel@redhat.com
> > Sent: Thursday, April 14, 2016 10:32:15 AM
> > Subject: Re:
On Mon, Apr 04, 2016 at 04:27:02PM +0200, Jan Cholasta wrote:
> Hi,
>
> On 1.4.2016 16:53, Tomas Babej wrote:
> >Hi,
> >
> >this extends the user ID overrides with capability to store the user
> >certificate.
> >
> >https://fedorahosted.org/freeipa/ticket/4955
>
> The preferred way of managing
On Wed, Mar 02, 2016 at 05:24:55PM +0200, Alexander Bokovoy wrote:
> On Wed, 02 Mar 2016, Petr Vobornik wrote:
> >On 03/02/2016 11:55 AM, Alexander Bokovoy wrote:
> >>Hi,
> >>
> >>http://www.freeipa.org/page/V4/Support_of_UPN_for_trusted_domains
> >>describes a design page to support name suffixes
On Wed, Feb 24, 2016 at 04:08:14PM +0100, David Kupka wrote:
> On 24/02/16 15:55, Sumit Bose wrote:
> >On Wed, Feb 24, 2016 at 03:30:40PM +0100, Martin Babinsky wrote:
> >>On 02/24/2016 03:20 PM, Sumit Bose wrote:
> >>>On Wed, Feb 24, 2016 at 01:31:55PM +0100, Petr
On Wed, Feb 24, 2016 at 03:30:40PM +0100, Martin Babinsky wrote:
> On 02/24/2016 03:20 PM, Sumit Bose wrote:
> >On Wed, Feb 24, 2016 at 01:31:55PM +0100, Petr Vobornik wrote:
> >>On 02/16/2016 02:23 PM, Martin Babinsky wrote:
> >>>Hi list,
> >&g
On Wed, Feb 24, 2016 at 01:31:55PM +0100, Petr Vobornik wrote:
> On 02/16/2016 02:23 PM, Martin Babinsky wrote:
> >Hi list,
> >
> >WARNING: huge brain dump ahead.
> >
> >During investigation of https://fedorahosted.org/freeipa/ticket/4305 me
> >and Petr Spaced (CC'ed) came to a conclusion that the
On Fri, Jan 29, 2016 at 01:11:32PM +0100, Lukas Slebodnik wrote:
> ehlo,
>
> Last usage of the macro SSSD_SYSDB_SID_STR was removed
> in the commit 0ee8fe11aea9811c724182def3f50960d5dd87b3
>
> LS
ACK
bye,
Sumit
--
Manage your subscription for the Freeipa-devel mailing list:
ac3468375a71da08d1437362caabae4504c87386 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Wed, 16 Dec 2015 12:37:50 +0100
Subject: [PATCH] ipa-kdb: get_authz_data_types() make sure entry can be NULL
---
daemons/ipa-kdb/ipa_kdb_mspac.c | 2 +-
daemons/ipa-kdb/tests/ipa_kdb_tests
are taken into account. This makes sure all expected local group
memberships are added to the PAC which resolves
https://fedorahosted.org/freeipa/ticket/5573.
bye,
Sumit
From 60748d2da05261df937eba85cee27c2ea0d7e893 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Wed, 16 Dec 2015
On Wed, Dec 16, 2015 at 08:49:04AM +0100, Petr Spacek wrote:
> On 15.12.2015 19:10, Christian Heimes wrote:
> > Hi,
> >
> > in ticket https://fedorahosted.org/freeipa/ticket/5538 Ludwig has
> > suggested to exclude Dogtag's o=ipaca tree from the changelog. Sometimes
> > vault-archive fails
On Tue, Nov 24, 2015 at 02:42:32PM -0500, Simo Sorce wrote:
> Since some time we use the getkeytab operation to fetch keytabs on newer
> clients. According to bug #232 setkeytab can be used to circumvent
> password quality controls so it needs to be slowly retired.
ipasam uses this exop to create
was checking the
other issue.
bye,
Sumit
From 8b4025136271f158ae50172cdbc6dca4fbe2ee65 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sb...@redhat.com>
Date: Wed, 18 Nov 2015 12:29:43 +0100
Subject: [PATCH 151/153] ipasam: fix wrong usage of talloc_new()
Fixes https://fedorahosted.org/freeipa/ticke
On Thu, Oct 08, 2015 at 01:36:23PM +0300, Alexander Bokovoy wrote:
> On Mon, 05 Oct 2015, Sumit Bose wrote:
> >On Thu, Sep 03, 2015 at 06:22:05PM +0300, Alexander Bokovoy wrote:
> >>On Thu, 03 Sep 2015, Alexander Bokovoy wrote:
> >>>Hi,
> >>>
> >
On Thu, Sep 03, 2015 at 06:22:05PM +0300, Alexander Bokovoy wrote:
> On Thu, 03 Sep 2015, Alexander Bokovoy wrote:
> >Hi,
> >
> >attached patch adds support for issuing client referrals when FreeIPA
> >KDC is asked to give a TGT for a principal from a trusted forest.
> >
> >We return a matching
On Wed, Sep 02, 2015 at 02:10:52PM +0200, Martin Kosek wrote:
> On 09/01/2015 04:53 PM, Simo Sorce wrote:
> > On Tue, 2015-09-01 at 16:39 +0200, Martin Babinsky wrote:
> >> Hi list,
> >>
> >> I own the following ticket https://fedorahosted.org/freeipa/ticket/3864
> >> and I would like to clarify
On Wed, Jul 22, 2015 at 09:41:51AM -0400, Simo Sorce wrote:
- Original Message -
From: Sumit Bose sb...@redhat.com
To: freeipa-devel freeipa-devel@redhat.com
Sent: Tuesday, July 21, 2015 7:41:14 AM
Subject: [Freeipa-devel] [PATCH 149] IPA KDB: allow case in-sensitive realm
On Tue, Jul 28, 2015 at 02:26:34PM +0300, Alexander Bokovoy wrote:
On Tue, 28 Jul 2015, Simo Sorce wrote:
On Tue, 2015-07-28 at 12:15 +0200, Sumit Bose wrote:
On Wed, Jul 22, 2015 at 09:41:51AM -0400, Simo Sorce wrote:
- Original Message -
From: Sumit Bose sb...@redhat.com
From: Sumit Bose sb...@redhat.com
Date: Tue, 21 Jul 2015 12:12:56 +0200
Subject: [PATCH] IPA KDB: allow case in-sensitive realm in AS request
If the canonicalization flag is set the realm of the client principal in
an AS request (kinit) may only match case in-sensitive.
Resolves https
On Tue, Jul 21, 2015 at 01:41:14PM +0200, Sumit Bose wrote:
Hi,
this patch is my suggestion to solve
https://fedorahosted.org/freeipa/ticket/4844 .
The original issue in the ticket has two part. One is a loop in libkrb5
which is already fixed. The other is to handle canonicalization
On Tue, May 26, 2015 at 01:36:35PM +0200, Martin Kosek wrote:
On 05/26/2015 01:33 PM, Sumit Bose wrote:
Hi,
these patches add some unit tests and some additional improvements
related to the issues described in
https://bugzilla.redhat.com/show_bug.cgi?id=1222475 . The original issue
On Tue, May 26, 2015 at 02:47:02PM +0300, Alexander Bokovoy wrote:
On Tue, 26 May 2015, Sumit Bose wrote:
On Tue, May 26, 2015 at 01:24:30PM +0200, Petr Vobornik wrote:
On 05/26/2015 01:21 PM, Sumit Bose wrote:
Hi,
this tests should have gone together
On Fri, May 29, 2015 at 10:38:41AM +0200, Martin Kosek wrote:
Hello all,
I would like to discuss the scope needed for ticket 4905 [1]. This is mostly
question for Sumit as he is working on the SSSD SC support. The main minimal
target is to allow SSSD get a ticket for a user once he
On Fri, May 29, 2015 at 12:10:24PM +0200, Martin Kosek wrote:
On 05/29/2015 11:26 AM, Sumit Bose wrote:
On Fri, May 29, 2015 at 10:38:41AM +0200, Martin Kosek wrote:
Hello all,
I would like to discuss the scope needed for ticket 4905 [1]. This is mostly
question for Sumit as he is working
On Fri, May 29, 2015 at 12:54:13PM +0200, Martin Kosek wrote:
On 05/29/2015 12:33 PM, Sumit Bose wrote:
On Fri, May 29, 2015 at 12:10:24PM +0200, Martin Kosek wrote:
On 05/29/2015 11:26 AM, Sumit Bose wrote:
On Fri, May 29, 2015 at 10:38:41AM +0200, Martin Kosek wrote:
Hello all,
I would
On Wed, May 27, 2015 at 06:12:50PM +0200, Martin Basti wrote:
On 27/05/15 15:53, Fraser Tweedale wrote:
This patch adds supports for multiple user / host certificates. No
schema change is needed ('usercertificate' attribute is already
multi-value). The revoke-previous-cert behaviour of
() in the 3rd patch. The last patch add unit tests for
those two calls as well.
bye,
Sumit
From ddd3ac0a38521ae9450f9dee46fbd8434ac85870 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Wed, 20 May 2015 18:31:19 +0200
Subject: [PATCH 145/148] ipa-kdb: convert test to cmocka
---
daemons/ipa
45af7302b80bff25892bb6629689dbf4dfa3b37d Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@ipa-devel.ipa.devel
Date: Fri, 16 Jan 2015 12:35:57 +0100
Subject: [PATCH] ipa-sam: use proper domain GUID
---
daemons/ipa-sam/ipa_sam.c | 28
1 file changed, 16 insertions(+), 12 deletions(-)
diff --git
Hi,
this tests should have gone together with
c1114ef82516002de08e004a930b5ba4a1791b25 but got lost somehow during the
bugzilla processing.
bye,
Sumit
From 724258fc3eff2872cf95a5401f25b8134233ee68 Mon Sep 17 00:00:00 2001
From: Sumit Bose sb...@redhat.com
Date: Thu, 26 Feb 2015 14:08:06 +0100
On Tue, May 26, 2015 at 01:24:30PM +0200, Petr Vobornik wrote:
On 05/26/2015 01:21 PM, Sumit Bose wrote:
Hi,
this tests should have gone together with
c1114ef82516002de08e004a930b5ba4a1791b25 but got lost somehow during the
bugzilla processing.
bye,
Sumit
So it has been acked
On Thu, Mar 26, 2015 at 07:40:16PM +0100, Lukas Slebodnik wrote:
On (18/03/15 12:33), Jakub Hrozek wrote:
On Wed, Mar 18, 2015 at 11:39:15AM +0100, Sumit Bose wrote:
On Wed, Mar 18, 2015 at 11:25:14AM +0100, Jakub Hrozek wrote:
I could swear I sent the patch last time when I was reviewing
On Wed, Mar 18, 2015 at 11:25:14AM +0100, Jakub Hrozek wrote:
I could swear I sent the patch last time when I was reviewing Sumit's
patches but apparently not.
It's better to use %zu instead of %d for size_t formatting with recent
compilers.
From a088e8c8a9bd29b4c22f1579f2c3705652bf2730
On Fri, Mar 13, 2015 at 03:14:55PM +0100, Jakub Hrozek wrote:
On Fri, Mar 13, 2015 at 11:56:46AM +0100, Sumit Bose wrote:
On Wed, Mar 04, 2015 at 06:42:05PM +0100, Sumit Bose wrote:
Hi,
this is the first patch for https://fedorahosted.org/freeipa/ticket/4922
which converts
On Fri, Mar 13, 2015 at 03:17:10PM +0100, Jakub Hrozek wrote:
On Fri, Mar 13, 2015 at 11:55:09AM +0100, Sumit Bose wrote:
On Wed, Mar 04, 2015 at 06:35:22PM +0100, Sumit Bose wrote:
Hi,
this patch series improves error reporting of the extdom plugin
especially on the client side
On Wed, Mar 18, 2015 at 12:53:04PM +0100, Martin Kosek wrote:
On 03/18/2015 11:22 AM, Jakub Hrozek wrote:
On Wed, Mar 18, 2015 at 11:01:35AM +0100, Sumit Bose wrote:
On Fri, Mar 13, 2015 at 03:14:55PM +0100, Jakub Hrozek wrote:
On Fri, Mar 13, 2015 at 11:56:46AM +0100, Sumit Bose wrote
On Wed, Mar 18, 2015 at 01:36:44PM +0100, Martin Kosek wrote:
On 03/18/2015 01:32 PM, Sumit Bose wrote:
On Wed, Mar 18, 2015 at 12:53:04PM +0100, Martin Kosek wrote:
On 03/18/2015 11:22 AM, Jakub Hrozek wrote:
On Wed, Mar 18, 2015 at 11:01:35AM +0100, Sumit Bose wrote:
On Fri, Mar 13
On Wed, Mar 04, 2015 at 06:42:05PM +0100, Sumit Bose wrote:
Hi,
this is the first patch for https://fedorahosted.org/freeipa/ticket/4922
which converts the check-based tests of the extdom plugin to cmocka.
bye,
Sumit
Rebased version attached.
bye,
Sumit
From
On Wed, Mar 04, 2015 at 06:35:22PM +0100, Sumit Bose wrote:
Hi,
this patch series improves error reporting of the extdom plugin
especially on the client side. Currently there is only SSSD ticket
https://fedorahosted.org/sssd/ticket/2463 . Shall I create a
corresponding FreeIPA ticket
On Tue, Mar 10, 2015 at 11:59:45AM +0100, Tomas Babej wrote:
On 03/05/2015 08:00 AM, Alexander Bokovoy wrote:
On Wed, 04 Mar 2015, Nathan Kinder wrote:
On 03/04/2015 10:34 PM, Alexander Bokovoy wrote:
On Wed, 04 Mar 2015, Sumit Bose wrote:
Hi,
while running 389ds with valgrind to see
1 - 100 of 377 matches
Mail list logo