On 20/07/15 19:04, Mark Reynolds wrote:
On 07/20/2015 12:50 PM, Martin Basti wrote:
On 20/07/15 17:48, Petr Vobornik wrote:
On 07/20/2015 05:24 PM, Rob Crittenden wrote:
Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5086
Patch attached.
Is this going to be a shock on
Hi Martin,
imho, nsslapd-db-locks is an advanced parameter and should be set by customer
at RHDS level, not at replica creation.
The problem we have had at customer site is that the default was not enough to
do the replication total update. So, replica creation was failing and we
couldn't
On 22/07/15 17:13, German Parente wrote:
Hi Martin,
imho, nsslapd-db-locks is an advanced parameter and should be set by customer
at RHDS level, not at replica creation.
The problem we have had at customer site is that the default was not enough to
do the replication total update. So,
On 22/07/15 15:19, Oleg Fayans wrote:
Hi Martin,
Fixed.
On 07/22/2015 09:26 AM, Martin Basti wrote:
On 22/07/15 09:23, Oleg Fayans wrote:
Hi Martin,
Patch updated. Thank you for the review!
On 07/21/2015 05:45 PM, Martin Basti wrote:
On 20/07/15 14:07, Oleg Fayans wrote:
Hi Martin,
On 07/22/2015 04:54 PM, Martin Basti wrote:
On 22/07/15 16:52, Ludwig Krispenz wrote:
On 07/22/2015 03:56 PM, Martin Basti wrote:
Hello all,
I attached WIP patch to solve
https://fedorahosted.org/freeipa/ticket/4949
I received several suggestions:
1) (implemented in patch) is to add the
Related: CVE-2015-5159From b9595d34e36d967d57c0f72f26fca40b913c6d5e Mon Sep 17 00:00:00 2001
From: Nathaniel McCallum npmccal...@redhat.com
Date: Wed, 22 Jul 2015 14:18:16 -0400
Subject: [PATCH] Limit request sizes to /KdcProxy
Related: CVE-2015-5159
---
install/conf/ipa-kdc-proxy.conf.template
On 2015-07-22 20:23, Nathaniel McCallum wrote:
Related: CVE-2015-5159
https://bugzilla.redhat.com/show_bug.cgi?id=1245200
The patch prevents a flood attack but I consider more a workaround than
a solution. I'll update kdcproxy tomorrow.
Christian
signature.asc
Description: OpenPGP digital
On Wed, 2015-07-22 at 20:34 +0200, Christian Heimes wrote:
On 2015-07-22 20:23, Nathaniel McCallum wrote:
Related: CVE-2015-5159
https://bugzilla.redhat.com/show_bug.cgi?id=1245200
The patch prevents a flood attack but I consider more a workaround
than
a solution. I'll update kdcproxy
On 2015-07-22 20:38, Nathaniel McCallum wrote:
On Wed, 2015-07-22 at 20:34 +0200, Christian Heimes wrote:
On 2015-07-22 20:23, Nathaniel McCallum wrote:
Related: CVE-2015-5159
https://bugzilla.redhat.com/show_bug.cgi?id=1245200
The patch prevents a flood attack but I consider more a
On Wed, 2015-07-22 at 14:38 -0400, Nathaniel McCallum wrote:
On Wed, 2015-07-22 at 20:34 +0200, Christian Heimes wrote:
On 2015-07-22 20:23, Nathaniel McCallum wrote:
Related: CVE-2015-5159
https://bugzilla.redhat.com/show_bug.cgi?id=1245200
The patch prevents a flood attack but I
On Wed, 2015-07-22 at 20:47 +0200, Christian Heimes wrote:
On 2015-07-22 20:38, Nathaniel McCallum wrote:
On Wed, 2015-07-22 at 20:34 +0200, Christian Heimes wrote:
On 2015-07-22 20:23, Nathaniel McCallum wrote:
Related: CVE-2015-5159
On 07/21/2015 06:03 PM, Tomas Babej wrote:
Hi,
Old certificates of the services are no longer removed and revoked
after new ones have been issued.
Check that both old and new certificates are present.
Tomas
ACK
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-devel
On 22/07/15 09:23, Oleg Fayans wrote:
Hi Martin,
Patch updated. Thank you for the review!
On 07/21/2015 05:45 PM, Martin Basti wrote:
On 20/07/15 14:07, Oleg Fayans wrote:
Hi Martin,
Updated.
On 07/20/2015 12:46 PM, Martin Basti wrote:
On 20/07/15 11:57, Oleg Fayans wrote:
+
On 07/22/2015 09:04 AM, Martin Basti wrote:
On 21/07/15 12:47, Tomas Babej wrote:
Hi,
Currently, the code wrongly validates the idview-unapply command. Move
check for the forbidden application of the Default Trust View into
the correct logical branch.
On 07/22/2015 09:07 AM, Martin Basti wrote:
On 21/07/15 18:02, Tomas Babej wrote:
Hi,
The realmdomains_mod command will fail if the testing environment
is configured improperly and the IPA domain's NS/SOA records are
not resolvable. This can easily happen if the machine's DNS server
is not
On 21/07/15 12:47, Tomas Babej wrote:
Hi,
Currently, the code wrongly validates the idview-unapply command. Move
check for the forbidden application of the Default Trust View into
the correct logical branch.
https://fedorahosted.org/freeipa/ticket/4969
Tomas
ACK
--
Martin Basti
--
Hi Martin,
Patch updated. Thank you for the review!
On 07/21/2015 05:45 PM, Martin Basti wrote:
On 20/07/15 14:07, Oleg Fayans wrote:
Hi Martin,
Updated.
On 07/20/2015 12:46 PM, Martin Basti wrote:
On 20/07/15 11:57, Oleg Fayans wrote:
+pwfile = api.env.dot_ipa + os.sep + .dmpw
+
On 07/07/15 18:40, Christian Heimes wrote:
Hello,
the patch removes the dependency on Python's ssl module and
python-backports-ssl_match_hostname.
https://fedorahosted.org/freeipa/ticket/5068
Open question
-
Is paths.IPA_NSSDB_DIR the correct NSSDB?
Should be.
Christian
On 13/07/15 17:55, Martin Basti wrote:
On 08/07/15 16:09, Gabe Alford wrote:
Thanks, Martin. Update patch attached.
I was getting an 'No newline at the end of file' in my environment
hence an extra '\n' at the end.
Please let me know if you see the same thing.
Thanks,
Gabe
On Wed, Jul 1,
On 07/22/2015 08:40 AM, Martin Babinsky wrote:
On 07/21/2015 06:01 PM, Tomas Babej wrote:
Hi,
this patch fixes an issue in tests where the certificate was not decoded
from base64 representation.
Tomas
ACK
Pushed to:
master: 12395a94f38f4db23e356a6f7d96629155c02532
ipa-4-2:
On 07/21/2015 06:03 PM, Tomas Babej wrote:
Hi,
the vault tests should be skipped in case the KRA is not available on
the machine.
Tomas
ACK
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
On 21/07/15 18:02, Tomas Babej wrote:
Hi,
The realmdomains_mod command will fail if the testing environment
is configured improperly and the IPA domain's NS/SOA records are
not resolvable. This can easily happen if the machine's DNS server
is not configured to the IPA server.
Leave a
On 07/22/2015 08:41 AM, Martin Babinsky wrote:
On 07/21/2015 06:03 PM, Tomas Babej wrote:
Hi,
the vault tests should be skipped in case the KRA is not available on
the machine.
Tomas
ACK
Pushed to:
master: 8eb26e9230e43eb2683778b8d667c6c7e632ec36
ipa-4-2:
On 07/22/2015 08:44 AM, Martin Babinsky wrote:
On 07/21/2015 06:03 PM, Tomas Babej wrote:
Hi,
Old certificates of the services are no longer removed and revoked
after new ones have been issued.
Check that both old and new certificates are present.
Tomas
ACK
Pushed to:
master:
On 07/22/2015 09:09 AM, Martin Basti wrote:
On 21/07/15 18:03, Tomas Babej wrote:
Hi,
Both context.xmlclient and context.xmlclient_id need to be created
in order to successfully call the Command.forward method.
Tomas
ACK
--
Martin Basti
Pushed to:
master:
By default mod_auth_gssapi allows all locally available mechanisms. If
the gssntlmssp package is installed, it also offers ntlmssp. This has
the annoying side effect that some browser will pop up a
username/password request dialog if no Krb5 credentials are available.
The patch restricts the
Comments inline.
- Original Message -
From: Michael Simacek msima...@redhat.com
To: freeipa-devel@redhat.com
Sent: Tuesday, July 21, 2015 8:02:26 AM
Subject: [Freeipa-devel] [PATCH] Port from python-kerberos library to
python-gssapi
Hi,
This is a first part of my effort to
- Original Message -
From: Christian Heimes chei...@redhat.com
To: freeipa-devel freeipa-devel@redhat.com
Sent: Wednesday, July 22, 2015 9:32:59 AM
Subject: [Freeipa-devel] [PATCH 0015] mod_auth_gssapi: Remove ntlmssp support
and restrict, mechanism to krb5
By default
Hello all,
I attached WIP patch to solve https://fedorahosted.org/freeipa/ticket/4949
I received several suggestions:
1) (implemented in patch) is to add the option --db-locks to installer
(maybe as hidden option)
2) Configure the nsslapd-db-locks to higher value as default (what is
the
- Original Message -
From: Sumit Bose sb...@redhat.com
To: freeipa-devel freeipa-devel@redhat.com
Sent: Tuesday, July 21, 2015 7:41:14 AM
Subject: [Freeipa-devel] [PATCH 149] IPA KDB: allow case in-sensitive realm
in AS request
Hi,
this patch is my suggestion to solve
Dne 22.7.2015 v 15:56 Martin Basti napsal(a):
Hello all,
I attached WIP patch to solve https://fedorahosted.org/freeipa/ticket/4949
I received several suggestions:
1) (implemented in patch) is to add the option --db-locks to installer
(maybe as hidden option)
2) Configure the
On 07/21/2015 06:01 PM, Tomas Babej wrote:
Hi,
this patch fixes an issue in tests where the certificate was not decoded
from base64 representation.
Tomas
ACK
--
Martin^3 Babinsky
--
Manage your subscription for the Freeipa-devel mailing list:
On 21/07/15 18:02, Tomas Babej wrote:
Hi,
In the previous versions, version in the response was generated
as part of the process_keyword_arguments method. This is no longer true,
and so the explicit check for it should be removed.
Tomas
ACK
--
Martin Basti
--
Manage your subscription for
On 21/07/15 18:03, Tomas Babej wrote:
Hi,
Both context.xmlclient and context.xmlclient_id need to be created
in order to successfully call the Command.forward method.
Tomas
ACK
--
Martin Basti
--
Manage your subscription for the Freeipa-devel mailing list:
* IE section moved at the end
* Chrome section added
* FF and IE icons removed
https://fedorahosted.org/freeipa/ticket/823
--
Petr Vobornik
From c3f96c2ab6395aa64b29137b34bc0a4a639f3965 Mon Sep 17 00:00:00 2001
From: Petr Vobornik pvobo...@redhat.com
Date: Fri, 17 Jul 2015 15:57:30 +0200
On Wed, 22 Jul 2015, Christian Heimes wrote:
On 2015-07-22 20:38, Nathaniel McCallum wrote:
On Wed, 2015-07-22 at 20:34 +0200, Christian Heimes wrote:
On 2015-07-22 20:23, Nathaniel McCallum wrote:
Related: CVE-2015-5159
https://bugzilla.redhat.com/show_bug.cgi?id=1245200
The patch
On 07/22/2015 03:56 PM, Martin Basti wrote:
Hello all,
I attached WIP patch to solve
https://fedorahosted.org/freeipa/ticket/4949
I received several suggestions:
1) (implemented in patch) is to add the option --db-locks to installer
(maybe as hidden option)
2) Configure the
On 22/07/15 16:52, Ludwig Krispenz wrote:
On 07/22/2015 03:56 PM, Martin Basti wrote:
Hello all,
I attached WIP patch to solve
https://fedorahosted.org/freeipa/ticket/4949
I received several suggestions:
1) (implemented in patch) is to add the option --db-locks to
installer (maybe as
38 matches
Mail list logo