Hi,
Since krbMaxPwdLife attribute is represented as number of seconds,
setting maxlife to high values such as 999 999 days (~2739 years)
would result to overflow when parsing this attribute in kdb plugin,
and hence default maxlife of 90 days would be applied.
Limit the maximum value of maxlife
On Sun, 04 Aug 2013, Nalin Dahyabhai wrote:
* The help text still refers to SSSD specifically, when the code doesn't
enforce or guarantee that SSSD's involved when performing nsswitch
lookups or PAM authentication.
The whole setup really makes sense only when SSSD is in use. Aside from
that,
On Fri, 02 Aug 2013, Ana Krivokapic wrote:
On 08/01/2013 04:13 PM, Alexander Bokovoy wrote:
Hi!
On Thu, 01 Aug 2013, Ana Krivokapic wrote:
Hello,
Thanks Alexander for the quick review!
This patch adds ipa-advise plugins to help configure legacy clients for access
to trusted domain
On Thu, 2013-08-01 at 15:57 +0200, Petr Viktorin wrote:
Here is a patch that implements the API I proposed, but with old
semantics. Plugins using this won't need to be rewritten when we switch
the behavior as well.
+1, reviewed.
I've also converted one of the plugins to use this. If your
On 08/05/2013 02:57 PM, Alexander Bokovoy wrote:
On Fri, 02 Aug 2013, Ana Krivokapic wrote:
On 08/01/2013 04:13 PM, Alexander Bokovoy wrote:
Hi!
On Thu, 01 Aug 2013, Ana Krivokapic wrote:
Hello,
Thanks Alexander for the quick review!
This patch adds ipa-advise plugins to help configure
On 08/02/2013 03:32 PM, Tomas Babej wrote:
Hi,
This patch makes sure that all edits to CS.cfg configuration file
are performed while pki-tomcatd service is stopped.
Introduces a new contextmanager stopped_service for handling
a general problem of performing a task that needs certain
On 08/02/2013 05:16 PM, Tomas Babej wrote:
Hi,
Updates old information produced by the ipa help host command.
Also adds a section to ipa-client-install manpage about client
re-enrollment.
https://fedorahosted.org/freeipa/ticket/3820
Tomas
1) - should be backslashed in the man pages
On 08/05/2013 02:45 PM, Tomas Babej wrote:
Hi,
Since krbMaxPwdLife attribute is represented as number of seconds,
setting maxlife to high values such as 999 999 days (~2739 years)
would result to overflow when parsing this attribute in kdb plugin,
and hence default maxlife of 90 days would
On 08/05/2013 05:48 PM, Martin Kosek wrote:
On 08/02/2013 05:16 PM, Tomas Babej wrote:
Hi,
Updates old information produced by the ipa help host command.
Also adds a section to ipa-client-install manpage about client
re-enrollment.
https://fedorahosted.org/freeipa/ticket/3820
Tomas
1) -
On 08/01/2013 04:52 PM, Rob Crittenden wrote:
Petr Viktorin wrote:
On 08/01/2013 02:58 PM, Martin Kosek wrote:
On 08/01/2013 02:54 PM, Petr Viktorin wrote:
On 07/31/2013 11:51 AM, Ana Krivokapic wrote:
On 07/30/2013 06:24 PM, Petr Viktorin wrote:
On 07/30/2013 10:27 AM, Ana Krivokapic wrote:
On Mon, 05 Aug 2013, Ana Krivokapic wrote:
+except errors.NotFound:
+return dict(result=False)
+
+attr = groups_entry.get('schema-compat-lookup-sssd')
same here.
It needs my patch 0112 too -- it changes ipa-adtrust-install to write
proper configuration options to
On Mon, Aug 05, 2013 at 03:45:06PM +0300, Alexander Bokovoy wrote:
OK, fair enough. I did use of libsss_nss_idmap optional. For tests I
think we need to involve nsswrapper here to make sure of a predictable
testing.
I've added:
--with-nsswitch use nsswitch API to look up users
On Mon, Aug 05, 2013 at 09:55:26PM +0300, Alexander Bokovoy wrote:
On Mon, 05 Aug 2013, Ana Krivokapic wrote:
+except errors.NotFound:
+return dict(result=False)
+
+attr = groups_entry.get('schema-compat-lookup-sssd')
same here.
It needs my patch 0112 too -- it
13 matches
Mail list logo