Re: [Freeipa-devel] [PATCH] 882 always require SSL in Kerberos block

2011-09-26 Thread Martin Kosek
On Sun, 2011-09-25 at 23:05 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2011-09-23 at 14:12 -0400, Rob Crittenden wrote: Always require SSL in the Kerberos authorization block. This also corrects a slight bug where if add is True then we always re-update the file. rob

Re: [Freeipa-devel] [PATCH] #1839 Fix password expiration issue for service principals

2011-09-26 Thread Jan Cholasta
On 24.9.2011 01:30, Simo Sorce wrote: The patch to fix password expiration for user broke password expiration for most other principals as it was forcing to set an arbitrary date on all principals unconditionally. Moved the code as is in the right spot (only if the principal is an ipa user and

[Freeipa-devel] [PATCH] 49 Work around pkisilent bugs

2011-09-26 Thread Jan Cholasta
Work around pkisilent bugs. Check directory manager password for invalid characters. (https://bugzilla.redhat.com/show_bug.cgi?id=658641) Shell-escape pkisilent command-line arguments. (https://bugzilla.redhat.com/show_bug.cgi?id=741180) Once the bugs are fixed, the workarounds should be

Re: [Freeipa-devel] [PATCH] 45 Check that install hostname matches the server hostname

2011-09-26 Thread Martin Kosek
On Mon, 2011-09-12 at 09:50 +0200, Jan Cholasta wrote: On 7.9.2011 15:13, Rob Crittenden wrote: Jan Cholasta wrote: On 6.9.2011 19:49, Rob Crittenden wrote: Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/1717 Honza nack, what if there are multiple interfaces and you

Re: [Freeipa-devel] [PATCH] 882 always require SSL in Kerberos block

2011-09-26 Thread Martin Kosek
On Mon, 2011-09-26 at 08:31 +0200, Martin Kosek wrote: On Sun, 2011-09-25 at 23:05 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2011-09-23 at 14:12 -0400, Rob Crittenden wrote: Always require SSL in the Kerberos authorization block. This also corrects a slight bug where

Re: [Freeipa-devel] [PATCH] 017 Fixed: Column header for attributes table should be full, width

2011-09-26 Thread Petr Vobornik
On 09/26/2011 08:15 AM, Endi Sukma Dewata wrote: On 9/23/2011 11:05 AM, Petr Vobornik wrote: https://fedorahosted.org/freeipa/ticket/1841 The column header for the attributes table (IPA.attributes_widget) does not cover the entire width of the table. This problem appears in the adder dialog

Re: [Freeipa-devel] [PATCH] 44 Fix parameter validation

2011-09-26 Thread Jan Cholasta
On 23.9.2011 09:00, Martin Kosek wrote: On Thu, 2011-09-22 at 14:02 +0200, Jan Cholasta wrote: On 22.9.2011 13:27, Martin Kosek wrote: On Wed, 2011-09-21 at 15:31 -0400, Rob Crittenden wrote: Jan Cholasta wrote: On 25.8.2011 18:21, Jan Cholasta wrote: What this patch does: * Make sure

Re: [Freeipa-devel] [PATCH] 45 Check that install hostname matches the server hostname

2011-09-26 Thread Jan Cholasta
On 26.9.2011 10:59, Martin Kosek wrote: On Mon, 2011-09-12 at 09:50 +0200, Jan Cholasta wrote: On 7.9.2011 15:13, Rob Crittenden wrote: Jan Cholasta wrote: On 6.9.2011 19:49, Rob Crittenden wrote: Jan Cholasta wrote: https://fedorahosted.org/freeipa/ticket/1717 Honza nack, what if there

Re: [Freeipa-devel] [PATCH] 45 Check that install hostname matches the server hostname

2011-09-26 Thread Martin Kosek
On Mon, 2011-09-26 at 11:54 +0200, Jan Cholasta wrote: On 26.9.2011 10:59, Martin Kosek wrote: On Mon, 2011-09-12 at 09:50 +0200, Jan Cholasta wrote: On 7.9.2011 15:13, Rob Crittenden wrote: Jan Cholasta wrote: On 6.9.2011 19:49, Rob Crittenden wrote: Jan Cholasta wrote:

Re: [Freeipa-devel] [PATCH] 882 always require SSL in Kerberos block

2011-09-26 Thread Simo Sorce
On Mon, 2011-09-26 at 11:22 +0200, Martin Kosek wrote: On Mon, 2011-09-26 at 08:31 +0200, Martin Kosek wrote: On Sun, 2011-09-25 at 23:05 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2011-09-23 at 14:12 -0400, Rob Crittenden wrote: Always require SSL in the Kerberos

Re: [Freeipa-devel] [PATCH] 44 Fix parameter validation

2011-09-26 Thread Martin Kosek
On Mon, 2011-09-26 at 11:26 +0200, Jan Cholasta wrote: On 23.9.2011 09:00, Martin Kosek wrote: On Thu, 2011-09-22 at 14:02 +0200, Jan Cholasta wrote: On 22.9.2011 13:27, Martin Kosek wrote: On Wed, 2011-09-21 at 15:31 -0400, Rob Crittenden wrote: Jan Cholasta wrote: On 25.8.2011 18:21,

Re: [Freeipa-devel] [PATCH] 882 always require SSL in Kerberos block

2011-09-26 Thread Rob Crittenden
Simo Sorce wrote: On Mon, 2011-09-26 at 11:22 +0200, Martin Kosek wrote: On Mon, 2011-09-26 at 08:31 +0200, Martin Kosek wrote: On Sun, 2011-09-25 at 23:05 -0400, Rob Crittenden wrote: Martin Kosek wrote: On Fri, 2011-09-23 at 14:12 -0400, Rob Crittenden wrote: Always require SSL in the

Re: [Freeipa-devel] [PATCH] 277 Updated DNS zone details page.

2011-09-26 Thread Petr Vobornik
On 09/17/2011 12:19 AM, Endi Sukma Dewata wrote: The DNS zone details page has been modified to use radio buttons for active zone and dynamic update fields, and text area for BIND update policy field. Ticket #1781, #1785 In ticket #1781 is a note: To be consistent with HBAC/sudo rules,

Re: [Freeipa-devel] [PATCH] 882 always require SSL in Kerberos block

2011-09-26 Thread Martin Kosek
On Mon, 2011-09-26 at 08:54 -0400, Rob Crittenden wrote: Simo Sorce wrote: On Mon, 2011-09-26 at 11:22 +0200, Martin Kosek wrote: IPA server, client and replica installation and WebUI worked for me. This patch seems to defeat the purpose as we are still allowing krb auth on locations

Re: [Freeipa-devel] [PATCH] 017 Fixed: Column header for attributes table should be full, width

2011-09-26 Thread Endi Sukma Dewata
On 9/26/2011 4:25 AM, Petr Vobornik wrote: I've reworked the patch. It's simplified and it uses already build-in functionality. This is much better. ACK and pushed to master and ipa-2-1. -- Endi S. Dewata ___ Freeipa-devel mailing list

Re: [Freeipa-devel] [PATCH] 277 Updated DNS zone details page.

2011-09-26 Thread Endi Sukma Dewata
On 9/26/2011 8:36 AM, Petr Vobornik wrote: On 09/17/2011 12:19 AM, Endi Sukma Dewata wrote: The DNS zone details page has been modified to use radio buttons for active zone and dynamic update fields, and text area for BIND update policy field. Ticket #1781, #1785 In ticket #1781 is a note:

Re: [Freeipa-devel] [PATCH] 278 Replaced description text fields with text areas.

2011-09-26 Thread Petr Vobornik
On 09/17/2011 01:42 AM, Endi Sukma Dewata wrote: Ticket #1783 It needs rebase and removing 'undo: false' because it's based on your patch 270 and has conflicts with 271-4a and 271-4b. Should we add 'description' field to HBAC and SUDO rule add dialogs, to be consistent with other HBAC and

Re: [Freeipa-devel] [PATCH] 44 Fix parameter validation

2011-09-26 Thread Jan Cholasta
On 26.9.2011 14:18, Martin Kosek wrote: On Mon, 2011-09-26 at 11:26 +0200, Jan Cholasta wrote: On 23.9.2011 09:00, Martin Kosek wrote: On Thu, 2011-09-22 at 14:02 +0200, Jan Cholasta wrote: On 22.9.2011 13:27, Martin Kosek wrote: On Wed, 2011-09-21 at 15:31 -0400, Rob Crittenden wrote: Jan

[Freeipa-devel] [PATCH] 283 Fixed add/delete arrows position.

2011-09-26 Thread Endi Sukma Dewata
The IPA.adder_dialog has been modified such that it shows the arrow first then the arrow. Ticket #1858 Pushed to master and ipa-2-1 under one-liner/trivial rule. -- Endi S. Dewata ___ Freeipa-devel mailing list Freeipa-devel@redhat.com

Re: [Freeipa-devel] [PATCH] 278 Replaced description text fields with text areas.

2011-09-26 Thread Endi Sukma Dewata
On 9/26/2011 10:01 AM, Petr Vobornik wrote: On 09/17/2011 01:42 AM, Endi Sukma Dewata wrote: Ticket #1783 It needs rebase and removing 'undo: false' because it's based on your patch 270 and has conflicts with 271-4a and 271-4b. Rebased. I also removed the 'undo: false' from this patch.

[Freeipa-devel] [PATCH] 284 Fixed duplicate entries in enrollment dialog.

2011-09-26 Thread Endi Sukma Dewata
The IPA.association_adder_dialog has been modified not to show search results that are already selected to prevent duplicates. Ticket #1859 -- Endi S. Dewata From 5eb76a60683d86d0e9baa682cb5be855b1b162fd Mon Sep 17 00:00:00 2001 From: Endi S. Dewata edew...@redhat.com Date: Mon, 26 Sep 2011

[Freeipa-devel] [PATCH 48/48] Ticket #1879 - IPAdmin undefined anonymous parameter lists

2011-09-26 Thread John Dennis
The IPAdmin class in ipaserver/ipaldap.py has methods with anonymous undefined parameter lists. For example: def getList(self,*args): In Python syntax this means you can call getList with any positional parameter list you want. This is bad because: 1) It's not true, *args gets passed to

Re: [Freeipa-devel] [PATCH] 877 prompt for current password

2011-09-26 Thread Dmitri Pal
On 09/23/2011 05:38 PM, Simo Sorce wrote: On Fri, 2011-09-23 at 16:00 +0200, Martin Kosek wrote: On Mon, 2011-09-19 at 09:03 -0400, Rob Crittenden wrote: Jan Cholasta wrote: On 16.9.2011 21:16, Rob Crittenden wrote: Prompt for the current password when changing your own password using ipa

Re: [Freeipa-devel] [PATCH] 882 always require SSL in Kerberos block

2011-09-26 Thread Rob Crittenden
Martin Kosek wrote: On Mon, 2011-09-26 at 08:54 -0400, Rob Crittenden wrote: Simo Sorce wrote: On Mon, 2011-09-26 at 11:22 +0200, Martin Kosek wrote: IPA server, client and replica installation and WebUI worked for me. This patch seems to defeat the purpose as we are still allowing krb auth

[Freeipa-devel] [PATCH] 884 migration context and logging

2011-09-26 Thread Rob Crittenden
We can't assume that there will be only one naming context. Look at each one until we find an IPA one. Add logging so you can know that a migration attempt fails and why. rob From 4a3b5c99341c79279936a13c4407468d5accdd04 Mon Sep 17 00:00:00 2001 From: Rob Crittenden rcrit...@redhat.com Date: