On 11/21/2013 09:54 PM, Dmitri Pal wrote:
On 11/21/2013 01:34 PM, Nathaniel McCallum wrote:
The password can be retrieved with radiusproxy-show --all, because it is
not blocked by LDAP ACIs. Is that intended?
Yes. But I'm torn as to whether or not this is a good idea. Regular
users can't see
Hi!
Attached patch should solve an issue when fetching subdomains fails
shortly after trust has been established due to MS-PAC caching effects
on KDC. We have already made an alternative path to use when AD admin
credentials are available but failed to actually use them here.
Details in the
Sorry for the late review!
On 11/21/2013 07:34 PM, Nathaniel McCallum wrote:
On Fri, 2013-11-15 at 12:34 +0100, Petr Viktorin wrote:
The password can be retrieved with radiusproxy-show --all, because it is
not blocked by LDAP ACIs. Is that intended?
Yes. But I'm torn as to whether or not
On 11/25/2013 03:27 PM, Jan Cholasta wrote:
On 8.11.2013 17:56, Petr Viktorin wrote:
Patch 198:
Also update ipaldap's find_entries docstring, it no longer uses IPA
defaults.
Done.
While you're touching this part of code, I had some other improvements
in mind -- you can consider them:
In
Hi,
the attached patches fix https://fedorahosted.org/freeipa/ticket/4010.
Honza
--
Jan Cholasta
From 27fe562102962416f3db17b1b30be978a8c201b3 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 27 Nov 2013 13:13:16 +
Subject: [PATCH 1/2] Use hardening flags for
On 11/27/2013 02:26 PM, Jan Cholasta wrote:
Hi,
the attached patches fix https://fedorahosted.org/freeipa/ticket/4010.
Honza
Do we want to define
+%if (0%{?fedora} 15 || 0%{?rhel} = 7)
+%define _hardened_build 1
+%endif
globally? Wouldn't it trigger the hardening also for all our C
On Thu, 2013-11-21 at 15:54 -0500, Dmitri Pal wrote:
On 11/21/2013 01:34 PM, Nathaniel McCallum wrote:
The password can be retrieved with radiusproxy-show --all, because it is
not blocked by LDAP ACIs. Is that intended?
Yes. But I'm torn as to whether or not this is a good idea. Regular
On Wed, Nov 27, 2013 at 02:26:20PM +0100, Jan Cholasta wrote:
Hi,
the attached patches fix https://fedorahosted.org/freeipa/ticket/4010.
Honza
--
Jan Cholasta
From 27fe562102962416f3db17b1b30be978a8c201b3 Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Wed, 27
On Wed, 2013-11-27 at 08:50 +0100, Tomas Babej wrote:
Sorry to nitpick but ...
diff --git a/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c
b/daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c
index
Hello,
Do not load invalid zones.
Without this patch, it was possible to load an invalid zone without
proper SOA or NS records because the fake SOA and NS records allowed
checks in dns_zone_load() to pass.
With this patch, no fake SOA or NS records are created and
dns_zone_load() is not called
On 11/26/2013 03:58 PM, Ana Krivokapic wrote:
Hello,
This patch addresses ticket https://fedorahosted.org/freeipa/ticket/4053.
ACK, pushed to master.
--
Petr Vobornik
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
On Wed, 2013-11-27 at 14:34 +, Simo Sorce wrote:
On Thu, 2013-11-21 at 15:54 -0500, Dmitri Pal wrote:
On 11/21/2013 01:34 PM, Nathaniel McCallum wrote:
The password can be retrieved with radiusproxy-show --all, because it is
not blocked by LDAP ACIs. Is that intended?
Yes. But
On Wed, 2013-11-27 at 15:12 -0500, Nathaniel McCallum wrote:
On Wed, 2013-11-27 at 14:34 +, Simo Sorce wrote:
On Thu, 2013-11-21 at 15:54 -0500, Dmitri Pal wrote:
On 11/21/2013 01:34 PM, Nathaniel McCallum wrote:
The password can be retrieved with radiusproxy-show --all, because it
On Wed, 2013-11-27 at 12:28 +0100, Petr Viktorin wrote:
ipatokenradiusserver is not validated. See validate_searchtimelimit in
the config plugin for an example validator. You can use validate_ipaddr
and validate_hostname from ipalib.util.
Fixed.
Now the validation is too strict, a
14 matches
Mail list logo