Re: [Freeipa-devel] Reasons for not using certmonger DBus API

2014-07-31 Thread Jan Cholasta
Dne 30.7.2014 v 16:39 Nalin Dahyabhai napsal(a): On Wed, Jul 30, 2014 at 04:28:50PM +0200, Jan Cholasta wrote: These two functions are used to force local hostname in certmonger. IMO the right thing to do here would be to drop these two functions and fix ipa-submit so that it reads the required

[Freeipa-devel] [PATCH] 717 webui-ci: fix reset password check

2014-07-31 Thread Petr Vobornik
This patch should fix recent CI failures. After login, CI checks if password needs a reset by checking if reset password fields are displayed. This check failed since login facet was removed from DOM after successful auth. Weakening the selector fixes it. -- Petr Vobornik From

Re: [Freeipa-devel] [PATCH] 310 Exclude attributelevelrights from --raw result processing in baseldap

2014-07-31 Thread Jan Cholasta
Dne 29.7.2014 v 12:00 Petr Viktorin napsal(a): On 07/29/2014 08:27 AM, Jan Cholasta wrote: Dne 28.7.2014 v 19:59 Petr Viktorin napsal(a): On 07/24/2014 05:33 PM, Jan Cholasta wrote: Hi, the attached patch fixes https://fedorahosted.org/freeipa/ticket/4371. Honza NACK If the value *is* a

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

2014-07-31 Thread Jan Cholasta
Dne 24.7.2014 v 00:15 Gabe Alford napsal(a): Nope. Somehow in my head it felt cleaner. Updated patched attached. On Wed, Jul 23, 2014 at 1:18 AM, Jan Cholasta jchol...@redhat.com mailto:jchol...@redhat.com wrote: On 23.7.2014 01:01, Gabe Alford wrote: Forgot about --trust-secret.

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

2014-07-31 Thread Alexander Bokovoy
On Thu, 31 Jul 2014, Martin Kosek wrote: Sorry for going late in the game, just a quick question - why do we want to add this part: +if trust_type is None: +kw['trust_type'] = self.prompt_param(self.params['trust_type']) ? I do not see a reason for adding a special

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

2014-07-31 Thread Martin Kosek
On 07/31/2014 10:47 AM, Jan Cholasta wrote: Dne 24.7.2014 v 00:15 Gabe Alford napsal(a): Nope. Somehow in my head it felt cleaner. Updated patched attached. On Wed, Jul 23, 2014 at 1:18 AM, Jan Cholasta jchol...@redhat.com mailto:jchol...@redhat.com wrote: On 23.7.2014 01:01, Gabe

Re: [Freeipa-devel] [PATCH] 717 webui-ci: fix reset password check

2014-07-31 Thread Petr Viktorin
On 07/31/2014 10:04 AM, Petr Vobornik wrote: This patch should fix recent CI failures. After login, CI checks if password needs a reset by checking if reset password fields are displayed. This check failed since login facet was removed from DOM after successful auth. Weakening the selector

Re: [Freeipa-devel] Reasons for not using certmonger DBus API

2014-07-31 Thread Nalin Dahyabhai
On Thu, Jul 31, 2014 at 09:19:28AM +0200, Jan Cholasta wrote: If you mean host, yes, the man page says it's the server's hostname, but I don't think that's entirely true - it is currently set during server install, but it defaults to local hostname even on clients. IMO we could set it in

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

2014-07-31 Thread Gabe Alford
Right. The reason I added it in there is that I could see that in the future trust_type could be more than just 'ad' (maybe 'ipa', 'krb', etc?) which at that point I'm not sure a default makes sense. So, I thought to go ahead and add the check for future use cases so that it doesn't have to be

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

2014-07-31 Thread Martin Kosek
Ah, right. But I still think that's a too-early optimization. We can add this callback when this necessity arises. Until then, I would rather prefer to keep the code clean. Martin On 07/31/2014 03:17 PM, Gabe Alford wrote: Right. The reason I added it in there is that I could see that in the

Re: [Freeipa-devel] [PATCH] ipa trust-add command should be interactive

2014-07-31 Thread Gabe Alford
Okay. Sounds good. Update patch attached. On Thu, Jul 31, 2014 at 7:18 AM, Martin Kosek mko...@redhat.com wrote: Ah, right. But I still think that's a too-early optimization. We can add this callback when this necessity arises. Until then, I would rather prefer to keep the code clean.

Re: [Freeipa-devel] Password Vault Implementation

2014-07-31 Thread Simo Sorce
On Tue, 2014-07-15 at 09:13 -0500, Endi Sukma Dewata wrote: Hi, I've been working on the implementation details of password vault: http://www.freeipa.org/page/V4/Password_Vault_Implementation There are some issues (i.e. vault password and vault key) that aren't specifically defined in

Re: [Freeipa-devel] Password Vault Implementation

2014-07-31 Thread Endi Sukma Dewata
On 7/31/2014 10:58 AM, Simo Sorce wrote: http://www.freeipa.org/page/V4/Password_Vault_Implementation I am reading this document and there are some things I need to ask clarification for: * In Vault password and secret key you describe a mechanism where you store a hash of the password used

Re: [Freeipa-devel] Password Vault Implementation

2014-07-31 Thread Simo Sorce
On Thu, 2014-07-31 at 13:05 -0500, Endi Sukma Dewata wrote: On 7/31/2014 10:58 AM, Simo Sorce wrote: http://www.freeipa.org/page/V4/Password_Vault_Implementation I am reading this document and there are some things I need to ask clarification for: * In Vault password and secret key

Re: [Freeipa-devel] Password Vault Implementation

2014-07-31 Thread Endi Sukma Dewata
On 7/31/2014 1:30 PM, Simo Sorce wrote: http://www.freeipa.org/page/V4/Password_Vault_Implementation I was thinking whether we should use a single attribute for each vault, and format the data within the vault as a json blob, to organize the data within the blob. This would allow us to

Re: [Freeipa-devel] Password Vault Implementation

2014-07-31 Thread Simo Sorce
On Thu, 2014-07-31 at 16:13 -0500, Endi Sukma Dewata wrote: On 7/31/2014 1:30 PM, Simo Sorce wrote: http://www.freeipa.org/page/V4/Password_Vault_Implementation I was thinking whether we should use a single attribute for each vault, and format the data within the vault as a json blob, to