Better solution than the algorithm in 256 for nested entities.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 06/29/2011 09:37 AM, Adam Young wrote:
Better solution than the algorithm in 256 for nested entities.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
From
On 06/29/2011 10:34 AM, Adam Young wrote:
On 06/29/2011 09:37 AM, Adam Young wrote:
Better solution than the algorithm in 256 for nested entities.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On 6/29/2011 11:30 AM, Adam Young wrote:
On 06/29/2011 10:34 AM, Adam Young wrote:
On 06/29/2011 09:37 AM, Adam Young wrote:
Better solution than the algorithm in 256 for nested entities.
Changes for Hyphen and pkey names
Some issues:
1. This statement will store undefined values into
If we set the callback before calling connect() then if the connection
tries a network family type and fails, it will try other family types.
If this happens then the callback set on the first socket will be lost
when a new socket is created. There is no way to query for the callback
in an
For consistency we should use RunAs in sudo labels and not Run As.
The API changes don't affect the wire API, label is in there to make one
think twice about making changes :-)
https://fedorahosted.org/freeipa/ticket/1328
From 59b9918c69fabd71b6e4e97b09799b65e47591cb Mon Sep 17 00:00:00 2001
We discussed today on the FreeIPA status meeting the possibility of
dropping support for DENY rules from the HBAC specification. I'm
submitting it for discussion. Specifically, I'm looking to hear whether
there any any FreeIPA admins out there that have a strong opinion on
whether the DENY rules
On 06/29/2011 03:08 PM, Rob Crittenden wrote:
If we set the callback before calling connect() then if the connection
tries a network family type and fails, it will try other family types.
If this happens then the callback set on the first socket will be lost
when a new socket is created. There
From ee37bd5442b01deddff162539b6f828c77bade59 Mon Sep 17 00:00:00 2001
From: Adam Young ayo...@redhat.com
Date: Wed, 29 Jun 2011 13:42:13 -0400
Subject: [PATCH] undefined pkeys https://fedorahosted.org/freeipa/ticket/1399
Thereis not metatdata defined pkey for config, so we need to short
On 06/29/2011 04:00 PM, Stephen Gallagher wrote:
We discussed today on the FreeIPA status meeting the possibility of
dropping support for DENY rules from the HBAC specification. I'm
submitting it for discussion. Specifically, I'm looking to hear whether
there any any FreeIPA admins out there
On 06/29/2011 12:52 PM, Endi Sukma Dewata wrote:
On 6/29/2011 11:30 AM, Adam Young wrote:
On 06/29/2011 10:34 AM, Adam Young wrote:
On 06/29/2011 09:37 AM, Adam Young wrote:
Better solution than the algorithm in 256 for nested entities.
Changes for Hyphen and pkey names
Some issues:
1.
John Dennis wrote:
On 06/29/2011 03:08 PM, Rob Crittenden wrote:
If we set the callback before calling connect() then if the connection
tries a network family type and fails, it will try other family types.
If this happens then the callback set on the first socket will be lost
when a new socket
On 06/29/2011 04:47 PM, Adam Young wrote:
On 06/29/2011 12:52 PM, Endi Sukma Dewata wrote:
On 6/29/2011 11:30 AM, Adam Young wrote:
On 06/29/2011 10:34 AM, Adam Young wrote:
On 06/29/2011 09:37 AM, Adam Young wrote:
Better solution than the algorithm in 256 for nested entities.
Changes for
On Wed, 2011-06-29 at 16:25 -0400, Jakub Hrozek wrote:
On 06/29/2011 04:00 PM, Stephen Gallagher wrote:
We discussed today on the FreeIPA status meeting the possibility of
dropping support for DENY rules from the HBAC specification. I'm
submitting it for discussion. Specifically, I'm
On 6/29/2011 3:24 PM, Adam Young wrote:
ACK and pushed to master.
--
Endi S. Dewata
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
I think that an explicit allow list is usually way better because with
deny rules it's easy to fail to enumerate all entities that should be
denied, resulting in allowing access we didn't want to.
However, does anyone still remember why we opted for deny rules during
design phase in the
On 06/29/2011 10:28 PM, Adam Young wrote:
See attached screenshot
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
https://fedorahosted.org/freeipa/ticket/1406 as well
17 matches
Mail list logo