[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys

2017-05-03 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ We need to find why it breaks though, but yeah I think we can go forward with this patch of others agree. Can you open a separate bug for the failure you

[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys

2017-05-03 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ I meant my setup was unclean. I will try to reproduce here. Does master w/o this patch work properly against 4.4.4 ? """ See the full comment

[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys

2017-05-03 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ I've seen this once but thought it was a fluke due to my "unclean" master, as the following times it did not happen. Can you reproduce the error a

[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys

2017-05-02 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ Turned out my master had some more relaxed permissions I added when developing the feature. I now have added a new function to just check for the host keys

[Freeipa-devel] [freeipa PR#679][synchronized] Make sure remote hosts have our keys

2017-05-02 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Author: simo5 Title: #679: Make sure remote hosts have our keys Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/679/head:pr679 git checkout pr679 From

[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys

2017-05-02 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ Nevermind I finally reproduced """ See the full comment at https://github.com/freeipa/freeipa/pull/679#issuecomment-298750030 -- Manage you

[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys

2017-05-02 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ @stlaz just FYI, I am sking this info because I cannot reproduce locally with a single replica. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys

2017-05-02 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ Can you please attach more of the logs before the failure ? """ See the full comment at https://github.com/freeipa/freeipa/pull/679#issuecom

[Freeipa-devel] [freeipa PR#746][comment] KDC proxy URI records

2017-04-28 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/746 Title: #746: KDC proxy URI records simo5 commented: """ We can probably defer. """ See the full comment at https://github.com/freeipa/freeipa/pull/746#issuecomment-298087667 -- Manage your subscription for the Fre

[Freeipa-devel] [freeipa PR#746][comment] KDC proxy URI records

2017-04-28 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/746 Title: #746: KDC proxy URI records simo5 commented: """ @MartinBasti In this case we need a way to tell the system what are the priorities and which protocols are enabled, priorities are important too, admins need to be able

[Freeipa-devel] [freeipa PR#746][comment] KDC proxy URI records

2017-04-28 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/746 Title: #746: KDC proxy URI records simo5 commented: """ I am not entirely sure we want to care for the cse where an admin disables KDC Proxy in an automatic fashion; otherwise we would also need to check if TCP or UDP are disa

[Freeipa-devel] [freeipa PR#742][+ack] Revert "Store GSSAPI session key in /var/run/ipa"

2017-04-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/742 Title: #742: Revert "Store GSSAPI session key in /var/run/ipa" Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#743][+ack] [ipa-4-5] Revert "Store GSSAPI session key in /var/run/ipa"

2017-04-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/743 Title: #743: [ipa-4-5] Revert "Store GSSAPI session key in /var/run/ipa" Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#742][-ack] Revert "Store GSSAPI session key in /var/run/ipa"

2017-04-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/742 Title: #742: Revert "Store GSSAPI session key in /var/run/ipa" Label: -ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#742][+ack] Revert "Store GSSAPI session key in /var/run/ipa"

2017-04-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/742 Title: #742: Revert "Store GSSAPI session key in /var/run/ipa" Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd

2017-04-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd simo5 commented: """ The current patch moved the key in a place where apache cannot write, resulting in an ephemeral key that is thrown away each time apache is restarted/rel

[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd

2017-04-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd simo5 commented: """ As I noted in the ticket: "At most you may want to store it in /var/lib/ipa/somewhere, but we do not want to break sessions (there are people

[Freeipa-devel] [freeipa PR#723][reopened] Store GSSAPI session key in /var/run/httpd

2017-04-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/723 Author: MartinBasti Title: #723: Store GSSAPI session key in /var/run/httpd Action: reopened To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/723/head:pr723 git checkout pr723 --

[Freeipa-devel] [freeipa PR#723][comment] Store GSSAPI session key in /var/run/httpd

2017-04-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/723 Title: #723: Store GSSAPI session key in /var/run/httpd simo5 commented: """ This patch is wrong please revert """ See the full comment at https://github.com/freeipa/freeipa/pull/723#issuecomment-29769961

[Freeipa-devel] [freeipa PR#738][comment] restore: restart gssproxy after restore

2017-04-26 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/738 Title: #738: restore: restart gssproxy after restore simo5 commented: """ will a "systemctl reload gssproxy" do the right thing @frozencemetery ? """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#738][comment] restore: restart gssproxy after restore

2017-04-26 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/738 Title: #738: restore: restart gssproxy after restore simo5 commented: """ The name of the project is GSS-Proxy, the package name is gssproxy. """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#679][synchronized] Make sure remote hosts have our keys

2017-04-25 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Author: simo5 Title: #679: Make sure remote hosts have our keys Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/679/head:pr679 git checkout pr679 From

[Freeipa-devel] [freeipa PR#727][+ack] Regenerate ASN.1 code with asn1c 0.9.28

2017-04-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/727 Title: #727: Regenerate ASN.1 code with asn1c 0.9.28 Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#709][opened] Fix s4u2self with adtrust

2017-04-11 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/709 Author: simo5 Title: #709: Fix s4u2self with adtrust Action: opened PR body: """ When ADtrust is installed we add a PAC to all tickets, during protocol transition we need to generate a new PAC for the requested user ti

[Freeipa-devel] [freeipa PR#679][synchronized] Make sure remote hosts have our keys

2017-04-04 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Author: simo5 Title: #679: Make sure remote hosts have our keys Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/679/head:pr679 git checkout pr679 From

[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys

2017-04-04 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ Nevermind they are not duplicates. I'll fix the commit message. """ See the full comment at https://github.com/freeipa/freeipa/pull/679#iss

[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys

2017-04-04 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ Seem like both errors are the same problem. Should we mark 6688 a duplicate of 6838 ? """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#679][synchronized] Make sure remote hosts have our keys

2017-04-03 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Author: simo5 Title: #679: Make sure remote hosts have our keys Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/679/head:pr679 git checkout pr679 From

[Freeipa-devel] [freeipa PR#679][opened] Make sure remote hosts have our keys

2017-03-31 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Author: simo5 Title: #679: Make sure remote hosts have our keys Action: opened PR body: """ In complex replication setups a replica may try to obtain CA keys from a host that is not the master we initially create the keys agains

[Freeipa-devel] [freeipa PR#679][comment] Make sure remote hosts have our keys

2017-03-31 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Title: #679: Make sure remote hosts have our keys simo5 commented: """ I haven't tested this yet ... but what could possibily go wrong? :-) """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#679][synchronized] Make sure remote hosts have our keys

2017-03-31 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Author: simo5 Title: #679: Make sure remote hosts have our keys Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/679/head:pr679 git checkout pr679 From

[Freeipa-devel] [freeipa PR#679][synchronized] Make sure remote hosts have our keys

2017-03-31 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/679 Author: simo5 Title: #679: Make sure remote hosts have our keys Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/679/head:pr679 git checkout pr679 From

[Freeipa-devel] [freeipa PR#664][opened] Backport of client session storage patches

2017-03-28 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/664 Author: simo5 Title: #664: Backport of client session storage patches Action: opened PR body: """ """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghf

[Freeipa-devel] [freeipa PR#649][comment] Session cookie storage and handling fixes

2017-03-28 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/649 Title: #649: Session cookie storage and handling fixes simo5 commented: """ Should I make a new PR for 4.5 ? """ See the full comment at https://github.com/freeipa/freeipa/pull/649#issuecomment-28976119

[Freeipa-devel] [freeipa PR#649][synchronized] Session cookie storage and handling fixes

2017-03-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/649 Author: simo5 Title: #649: Session cookie storage and handling fixes Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/649/head:pr649 git checkout pr649 From

[Freeipa-devel] [freeipa PR#649][comment] Session cookie storage and handling fixes

2017-03-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/649 Title: #649: Session cookie storage and handling fixes simo5 commented: """ I should have addressed all comments. I did not comment on krb5_principal_compare() because I think that is obvious and the function definition also

[Freeipa-devel] [freeipa PR#649][synchronized] Session cookie storage and handling fixes

2017-03-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/649 Author: simo5 Title: #649: Session cookie storage and handling fixes Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/649/head:pr649 git checkout pr649 From

[Freeipa-devel] [freeipa PR#649][comment] Session cookie storage and handling fixes

2017-03-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/649 Title: #649: Session cookie storage and handling fixes simo5 commented: """ Thank you @tiran @abbra all very good comments, I'll address soon all of them """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#649][comment] Session cookie storage and handling fixes

2017-03-23 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/649 Title: #649: Session cookie storage and handling fixes simo5 commented: """ I aded a 4th patch to address the FILE ccache growth issue. It is a bit unorthodox but it works. Please review carefully and let me know if you are ok wit

[Freeipa-devel] [freeipa PR#649][synchronized] Session cookie storage and handling fixes

2017-03-23 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/649 Author: simo5 Title: #649: Session cookie storage and handling fixes Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/649/head:pr649 git checkout pr649 From

[Freeipa-devel] [freeipa PR#649][comment] Session cookie storage and handling fixes

2017-03-23 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/649 Title: #649: Session cookie storage and handling fixes simo5 commented: """ The FILE ccache is still growing because we keep getting updated cookies (where the only thing that changes is the expiration date. """

[Freeipa-devel] [freeipa PR#638][comment] ipalib/rpc.py: Fix session handling for KEYRING: ccaches

2017-03-23 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/638 Title: #638: ipalib/rpc.py: Fix session handling for KEYRING: ccaches simo5 commented: """ This PR has been obsoleted by #649 """ See the full comment at https://github.com/freeipa/freeipa/pull/638#issuecom

[Freeipa-devel] [freeipa PR#638][closed] ipalib/rpc.py: Fix session handling for KEYRING: ccaches

2017-03-23 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/638 Author: abbra Title: #638: ipalib/rpc.py: Fix session handling for KEYRING: ccaches Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/638/head:pr638 git checkout

[Freeipa-devel] [freeipa PR#649][comment] Session cookie storage and handling fixes

2017-03-23 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/649 Title: #649: Session cookie storage and handling fixes simo5 commented: """ Note I am still running tests, but I think the patchset is good for review already. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#649][opened] Session cookie storage and handling fixes

2017-03-23 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/649 Author: simo5 Title: #649: Session cookie storage and handling fixes Action: opened PR body: """ This patchset improves the behavior of the client in various ways. - Avoids unbounded growth of FILE ccaches - Fix regression with

[Freeipa-devel] [freeipa PR#638][comment] ipalib/rpc.py: Fix session handling for KEYRING: ccaches

2017-03-22 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/638 Title: #638: ipalib/rpc.py: Fix session handling for KEYRING: ccaches simo5 commented: """ One way to deal with this in the FILE case is to copy the ccache to a tmp file and then rename to the original one. There is a risk of raci

[Freeipa-devel] [freeipa PR#543][synchronized] Add options to allow ticket caching

2017-03-16 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/543 Author: simo5 Title: #543: Add options to allow ticket caching Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/543/head:pr543 git checkout pr543 From

[Freeipa-devel] [freeipa PR#543][comment] Add options to allow ticket caching

2017-03-16 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/543 Title: #543: Add options to allow ticket caching simo5 commented: """ @MartinBasti can we push this ? It makes a big difference in framework performance and load on the KDC """ See the full comment at https://g

[Freeipa-devel] [freeipa PR#543][synchronized] Add options to allow ticket caching

2017-03-16 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/543 Author: simo5 Title: #543: Add options to allow ticket caching Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/543/head:pr543 git checkout pr543 From

[Freeipa-devel] [freeipa PR#594][+ack] Fix Python 3 pylint errors

2017-03-15 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/594 Title: #594: Fix Python 3 pylint errors Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#543][synchronized] Add options to allow ticket caching

2017-03-15 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/543 Author: simo5 Title: #543: Add options to allow ticket caching Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/543/head:pr543 git checkout pr543 From

[Freeipa-devel] [freeipa PR#587][comment] Python 3: Fix session storage

2017-03-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/587 Title: #587: Python 3: Fix session storage simo5 commented: """ Technically principal names could use any encoding ... but we make the assumption they are utf-8 in freeIPA, so this should be ok. """ See the full

[Freeipa-devel] [freeipa PR#587][+ack] Python 3: Fix session storage

2017-03-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/587 Title: #587: Python 3: Fix session storage Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#585][+ack] Remove allow_constrained_delegation from gssproxy.conf

2017-03-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/585 Title: #585: Remove allow_constrained_delegation from gssproxy.conf Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#585][comment] Remove allow_constrained_delegation from gssproxy.conf

2017-03-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/585 Title: #585: Remove allow_constrained_delegation from gssproxy.conf simo5 commented: """ Please change commit message to: The Apache process *must* not allowed to use constrained delegation to contact services because it is

[Freeipa-devel] [freeipa PR#559][-ack] WebUI: Certificate login

2017-03-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/559 Title: #559: WebUI: Certificate login Label: -ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#559][reopened] WebUI: Certificate login

2017-03-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: reopened To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 -- Manage your

[Freeipa-devel] [freeipa PR#559][comment] WebUI: Certificate login

2017-03-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/559 Title: #559: WebUI: Certificate login simo5 commented: """ You need to wait to get th gssproxy fix I've been developing today and set the minimum gssproxy version to the one with the fix once we get to publish it "&quo

[Freeipa-devel] [freeipa PR#559][comment] WebUI: Certificate login

2017-03-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/559 Title: #559: WebUI: Certificate login simo5 commented: """ NACK NACK NACK Pleas revert the change to the gssproxy template, it undoes half the work done in privilege separation """ See the full comment at http

[Freeipa-devel] [freeipa PR#567][comment] Configure KDC to use certs after they are deployed

2017-03-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/567 Title: #567: Configure KDC to use certs after they are deployed simo5 commented: """ Sure no prob """ See the full comment at https://github.com/freeipa/freeipa/pull/567#issuecomment-286391140 -- Manage your subs

[Freeipa-devel] [freeipa PR#567][comment] Configure KDC to use certs after they are deployed

2017-03-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/567 Title: #567: Configure KDC to use certs after they are deployed simo5 commented: """ Can you figure out exactly why certmonger is doing this ? """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#567][synchronized] Configure KDC to use certs after they are deployed

2017-03-10 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/567 Author: simo5 Title: #567: Configure KDC to use certs after they are deployed Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/567/head:pr567 git checkout

[Freeipa-devel] [freeipa PR#567][comment] Configure KDC to use certs after they are deployed

2017-03-10 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/567 Title: #567: Configure KDC to use certs after they are deployed simo5 commented: """ Should have addressed all concerns in this push """ See the full comment at https://github.com/freeipa/freeipa/pull/567#issuecom

[Freeipa-devel] [freeipa PR#511][comment] Bump required version of gssproxy to 0.6.2

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/511 Title: #511: Bump required version of gssproxy to 0.6.2 simo5 commented: """ Can you prepare patch for spec file that requires gssproxy >= 0.7.0 and mod_auth_gssapi >= 1.5.0 ? """ See the full comment at htt

[Freeipa-devel] [freeipa PR#564][comment] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/564 Title: #564: Reconfigure Kerberos library config as the last step of KDC install simo5 commented: """ @martbab @abbra see the pull request in #567 """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#567][comment] Configure KDC to use certs after they are deployed

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/567 Title: #567: Configure KDC to use certs after they are deployed simo5 commented: """ Still testing but this should be the way to go to fix the bug reported in #564 """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#567][opened] Configure KDC to use certs after they are deployed

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/567 Author: simo5 Title: #567: Configure KDC to use certs after they are deployed Action: opened PR body: """ Certmonger needs to access the KDC when it tries to obtain certs, so make sure the KDC can run, then reconfigure it to use

[Freeipa-devel] [freeipa PR#564][comment] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/564 Title: #564: Reconfigure Kerberos library config as the last step of KDC install simo5 commented: """ I do not think this is the correct fix/bug What we want to do is to change kdc.conf to require certs only after we have installe

[Freeipa-devel] [freeipa PR#546][comment] Store session cookie in a ccache option

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Title: #546: Store session cookie in a ccache option simo5 commented: """ Oops sorry, forgot to run make pylint on my last iteration, should be all fixed now """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#546][synchronized] Store session cookie in a ccache option

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Author: simo5 Title: #546: Store session cookie in a ccache option Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/546/head:pr546 git checkout pr546 From

[Freeipa-devel] [freeipa PR#546][comment] Store session cookie in a ccache option

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Title: #546: Store session cookie in a ccache option simo5 commented: """ Ok I decide to do away with the whole class stuff, given we never really keep a round the class object for more than one operation at a time in actual us

[Freeipa-devel] [freeipa PR#546][synchronized] Store session cookie in a ccache option

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Author: simo5 Title: #546: Store session cookie in a ccache option Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/546/head:pr546 git checkout pr546 From

[Freeipa-devel] [freeipa PR#546][synchronized] Store session cookie in a ccache option

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Author: simo5 Title: #546: Store session cookie in a ccache option Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/546/head:pr546 git checkout pr546 From

[Freeipa-devel] [freeipa PR#546][comment] Store session cookie in a ccache option

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Title: #546: Store session cookie in a ccache option simo5 commented: """ I also renamed the module and the class, makes more sense to me this way around. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#546][comment] Store session cookie in a ccache option

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Title: #546: Store session cookie in a ccache option simo5 commented: """ Ok removed a bunch of code and made sure pylint passes. """ See the full comment at https://github.com/freeipa/freeipa/pull/546#issuecom

[Freeipa-devel] [freeipa PR#546][synchronized] Store session cookie in a ccache option

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Author: simo5 Title: #546: Store session cookie in a ccache option Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/546/head:pr546 git checkout pr546 From

[Freeipa-devel] [freeipa PR#546][comment] Store session cookie in a ccache option

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Title: #546: Store session cookie in a ccache option simo5 commented: """ Not sure how to provide unit tests, these functions work only if you have a valid ccache in the name of the principal you are trying to store a

[Freeipa-devel] [freeipa PR#546][comment] Store session cookie in a ccache option

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Title: #546: Store session cookie in a ccache option simo5 commented: """ @rcritten the keyring stuff is still used for detection of keyring in other places, so I did not touch it as those uses are still vaild "&quo

[Freeipa-devel] [freeipa PR#543][comment] Add options to allow ticket caching

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/543 Title: #543: Add options to allow ticket caching simo5 commented: """ Yes, I think we should add a new PR later once we release gssproxy 0.7 """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#547][comment] Use GSS-SPNEGO if connecting locally

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/547 Title: #547: Use GSS-SPNEGO if connecting locally simo5 commented: """ We actually do not need to put a strong require, this patch will work regardless, but won't provide any performance advantage on older versions. You will

[Freeipa-devel] [freeipa PR#533][comment] WebUI: Change structure of Identity submenu

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/533 Title: #533: WebUI: Change structure of Identity submenu simo5 commented: """ I do not have enough insights on the .js side to say this is all correct, but having seen the mockups I want to give an ack from my side here. &q

[Freeipa-devel] [freeipa PR#511][comment] Bump required version of gssproxy to 0.6.2

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/511 Title: #511: Bump required version of gssproxy to 0.6.2 simo5 commented: """ We are actually planning 0.7 at this point, due to the changes in the last few patchsets :-) """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#547][synchronized] Use GSS-SPNEGO if connecting locally

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/547 Author: simo5 Title: #547: Use GSS-SPNEGO if connecting locally Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/547/head:pr547 git checkout pr547 From

[Freeipa-devel] [freeipa PR#543][synchronized] Add options to allow ticket caching

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/543 Author: simo5 Title: #543: Add options to allow ticket caching Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/543/head:pr543 git checkout pr543 From

[Freeipa-devel] [freeipa PR#547][opened] Use GSS-SPNEGO if connecting locally

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/547 Author: simo5 Title: #547: Use GSS-SPNEGO if connecting locally Action: opened PR body: """ GSS-SPNEGO allows us to negotiate a SASL bind with less roundtrips therefore use it when possible. We only enable it for local conn

[Freeipa-devel] [freeipa PR#546][opened] Store session cookie in a ccache option

2017-03-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Author: simo5 Title: #546: Store session cookie in a ccache option Action: opened PR body: """ Instead of using the kernel keyring, store the session cookie within the ccache. This way kdestroy will really wipe away all creded

[Freeipa-devel] [freeipa PR#543][synchronized] Add options to allow ticket caching

2017-03-06 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/543 Author: simo5 Title: #543: Add options to allow ticket caching Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/543/head:pr543 git checkout pr543 From

[Freeipa-devel] [freeipa PR#543][synchronized] Add options to allow ticket caching

2017-03-06 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/543 Author: simo5 Title: #543: Add options to allow ticket caching Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/543/head:pr543 git checkout pr543 From

[Freeipa-devel] [freeipa PR#543][opened] Add options to allow ticket caching

2017-03-06 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/543 Author: simo5 Title: #543: Add options to allow ticket caching Action: opened PR body: """ This new option (planned to land in gssproxy 0.7) we cache the ldap ticket properly and avoid a ticket lookup to the KDC on each

[Freeipa-devel] [freeipa PR#532][+ack] Fix cookie with Max-Age processing

2017-03-03 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/532 Title: #532: Fix cookie with Max-Age processing Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#532][comment] Fix cookie with Max-Age processing

2017-03-03 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/532 Title: #532: Fix cookie with Max-Age processing simo5 commented: """ LGTM, please merge """ See the full comment at https://github.com/freeipa/freeipa/pull/532#issuecomment-284055799 -- Manage your subscription

[Freeipa-devel] [freeipa PR#532][comment] Fix cookie with Max-Age processing

2017-03-02 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/532 Title: #532: Fix cookie with Max-Age processing simo5 commented: """ Ok, sorry for some reason I thought this was on the server side, where we do not care what the cookie looks like, but on the client side we indeed care. &q

[Freeipa-devel] [freeipa PR#532][comment] Fix cookie with Max-Age processing

2017-03-02 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/532 Title: #532: Fix cookie with Max-Age processing simo5 commented: """ Do we really care for calculating the expiration time ? Should we just set timestamp to 0 or even remove the whole thing ? """ See the full

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

2017-03-01 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card simo5 commented: """ I am not sure we want to wait for replies from trusted domains, it may be very slow, and in some cases it will just not work right

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

2017-02-28 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card simo5 commented: """ Why do we need to talk to SSSD to do this? Don't we have all the needed data in LDAP already ? """ See the full comment

[Freeipa-devel] [freeipa PR#514][comment] Limit sessions to 30 minutes by default

2017-02-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/514 Title: #514: Limit sessions to 30 minutes by default simo5 commented: """ No, we do not store sessions in a session db, so that setting is not useful to us. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#508][comment] Fix ipa.service unit re. gssproxy

2017-02-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/508 Title: #508: Fix ipa.service unit re. gssproxy simo5 commented: """ Seemed worth fixing at the same time, but I won't insist. """ See the full comment at https://github.com/freeipa/freeipa/pull/508#issuecom

[Freeipa-devel] [freeipa PR#514][opened] Limit sessions to 30 minutes by default

2017-02-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/514 Author: simo5 Title: #514: Limit sessions to 30 minutes by default Action: opened PR body: """ When we changed the session handling code we unintentinally extended sessions expiraion time to the whole ticket lifetime of 24h. R

[Freeipa-devel] [freeipa PR#508][comment] Fix ipa.service unit re. gssproxy

2017-02-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/508 Title: #508: Fix ipa.service unit re. gssproxy simo5 commented: """ Should we also change the Requires on network.target ? Do we really want to have a restart of IPa if someone restarts the network ? """

[Freeipa-devel] [freeipa PR#506][comment] Use IPA CA cert in Custodia secrets client

2017-02-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/506 Title: #506: Use IPA CA cert in Custodia secrets client simo5 commented: """ Works for me. """ See the full comment at https://github.com/freeipa/freeipa/pull/506#issuecomment-282282986 -- Manage your subscription

  1   2   3   >