[Freeipa-devel] [PATCH] 0257-containing-entity-pkeys

Better solution than the algorithm in 256 for nested entities. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 0257-containing-entity-pkeys

On 06/29/2011 09:37 AM, Adam Young wrote: Better solution than the algorithm in 256 for nested entities. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel From

Re: [Freeipa-devel] [PATCH] 0257-containing-entity-pkeys

On 06/29/2011 10:34 AM, Adam Young wrote: On 06/29/2011 09:37 AM, Adam Young wrote: Better solution than the algorithm in 256 for nested entities. ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 0257-containing-entity-pkeys

On 6/29/2011 11:30 AM, Adam Young wrote: On 06/29/2011 10:34 AM, Adam Young wrote: On 06/29/2011 09:37 AM, Adam Young wrote: Better solution than the algorithm in 256 for nested entities. Changes for Hyphen and pkey names Some issues: 1. This statement will store undefined values into

[Freeipa-devel] [PATCH] 811 Set the client auth callback after creating the SSL connection.

If we set the callback before calling connect() then if the connection tries a network family type and fails, it will try other family types. If this happens then the callback set on the first socket will be lost when a new socket is created. There is no way to query for the callback in an

[Freeipa-devel] [PATCH] 812 Use RunAs in labels, not Run As

For consistency we should use RunAs in sudo labels and not Run As. The API changes don't affect the wire API, label is in there to make one think twice about making changes :-) https://fedorahosted.org/freeipa/ticket/1328 From 59b9918c69fabd71b6e4e97b09799b65e47591cb Mon Sep 17 00:00:00 2001

[Freeipa-devel] Proposal: drop DENY rules from HBAC

We discussed today on the FreeIPA status meeting the possibility of dropping support for DENY rules from the HBAC specification. I'm submitting it for discussion. Specifically, I'm looking to hear whether there any any FreeIPA admins out there that have a strong opinion on whether the DENY rules

Re: [Freeipa-devel] [PATCH] 811 Set the client auth callback after creating the SSL connection.

On 06/29/2011 03:08 PM, Rob Crittenden wrote: If we set the callback before calling connect() then if the connection tries a network family type and fails, it will try other family types. If this happens then the callback set on the first socket will be lost when a new socket is created. There

[Freeipa-devel] [PATCH] 0258-undefined-pkeys

From ee37bd5442b01deddff162539b6f828c77bade59 Mon Sep 17 00:00:00 2001 From: Adam Young ayo...@redhat.com Date: Wed, 29 Jun 2011 13:42:13 -0400 Subject: [PATCH] undefined pkeys https://fedorahosted.org/freeipa/ticket/1399 Thereis not metatdata defined pkey for config, so we need to short

Re: [Freeipa-devel] Proposal: drop DENY rules from HBAC

On 06/29/2011 04:00 PM, Stephen Gallagher wrote: We discussed today on the FreeIPA status meeting the possibility of dropping support for DENY rules from the HBAC specification. I'm submitting it for discussion. Specifically, I'm looking to hear whether there any any FreeIPA admins out there

Re: [Freeipa-devel] [PATCH] 0257-containing-entity-pkeys

On 06/29/2011 12:52 PM, Endi Sukma Dewata wrote: On 6/29/2011 11:30 AM, Adam Young wrote: On 06/29/2011 10:34 AM, Adam Young wrote: On 06/29/2011 09:37 AM, Adam Young wrote: Better solution than the algorithm in 256 for nested entities. Changes for Hyphen and pkey names Some issues: 1.

Re: [Freeipa-devel] [PATCH] 811 Set the client auth callback after creating the SSL connection.

John Dennis wrote: On 06/29/2011 03:08 PM, Rob Crittenden wrote: If we set the callback before calling connect() then if the connection tries a network family type and fails, it will try other family types. If this happens then the callback set on the first socket will be lost when a new socket

Re: [Freeipa-devel] [PATCH] 0257-containing-entity-pkeys

On 06/29/2011 04:47 PM, Adam Young wrote: On 06/29/2011 12:52 PM, Endi Sukma Dewata wrote: On 6/29/2011 11:30 AM, Adam Young wrote: On 06/29/2011 10:34 AM, Adam Young wrote: On 06/29/2011 09:37 AM, Adam Young wrote: Better solution than the algorithm in 256 for nested entities. Changes for

Re: [Freeipa-devel] Proposal: drop DENY rules from HBAC

On Wed, 2011-06-29 at 16:25 -0400, Jakub Hrozek wrote: On 06/29/2011 04:00 PM, Stephen Gallagher wrote: We discussed today on the FreeIPA status meeting the possibility of dropping support for DENY rules from the HBAC specification. I'm submitting it for discussion. Specifically, I'm

Re: [Freeipa-devel] [PATCH] 0258-undefined-pkeys

On 6/29/2011 3:24 PM, Adam Young wrote: ACK and pushed to master. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] Proposal: drop DENY rules from HBAC

I think that an explicit allow list is usually way better because with deny rules it's easy to fail to enumerate all entities that should be denied, resulting in allowing access we didn't want to. However, does anyone still remember why we opted for deny rules during design phase in the

Re: [Freeipa-devel] [PATCH]0259-config-fields

On 06/29/2011 10:28 PM, Adam Young wrote: See attached screenshot ___ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel https://fedorahosted.org/freeipa/ticket/1406 as well