Re: [Freeipa-devel] fixing Kerberos principal aliases handling in IPA

On 02/09/15 14:27, Simo Sorce wrote: On Wed, 2015-09-02 at 08:11 +0200, David Kupka wrote: On 01/09/15 16:53, Simo Sorce wrote: On Tue, 2015-09-01 at 16:39 +0200, Martin Babinsky wrote: Hi list, I own the following ticket https://fedorahosted.org/freeipa/ticket/3864 and I would like to

Re: [Freeipa-devel] [PATCH 0057] DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5

On 09/01/2015 06:16 PM, Petr Spacek wrote: Hello, DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5. This fixes an forgotten TODO in ipa-ods-exporter. ACK -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH 0053-0056] DNSSEC: Fix deadlocks & export to LDAP

On 09/03/2015 10:40 AM, Oleg Fayans wrote: NACK from me. 2 out of 5 tests still fail with assertion errors: https://paste.fedoraproject.org/262926/44126948/ Although, I am not sure these failures are caused by the same very problem. On 08/31/2015 06:50 PM, Petr Spacek wrote: Hello,

Re: [Freeipa-devel] [PATCH 0307] Server Install: print message that client is being installed

On Thu, 2015-09-03 at 15:32 +0200, Martin Basti wrote: > > On 09/03/2015 02:42 PM, Simo Sorce wrote: > > On Thu, 2015-09-03 at 10:19 +0200, Martin Basti wrote: > >> On 09/02/2015 06:00 PM, Simo Sorce wrote: > >>> On Wed, 2015-09-02 at 17:57 +0200, Martin Basti wrote: > Client installation is

Re: [Freeipa-devel] [PATCH] 0197 client referral support for trusted domain principal

On Thu, 03 Sep 2015, Alexander Bokovoy wrote: Hi, attached patch adds support for issuing client referrals when FreeIPA KDC is asked to give a TGT for a principal from a trusted forest. We return a matching forest name as a realm and KDC then returns an error pointing a client to a direction

Re: [Freeipa-devel] [PATCH 0305-0306] DNSSEC: better cleanup after uninstall to avoid temporal malfunction

On 2.9.2015 14:58, Martin Basti wrote: > Related to ticket https://fedorahosted.org/freeipa/ticket/5273 > > Patches attached. ACK -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

Re: [Freeipa-devel] [PATCH 0304] Installer: do not modify /etc/hosts before user agreement

On 09/03/2015 03:31 PM, David Kupka wrote: On 02/09/15 14:12, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4561 This also fixes: https://fedorahosted.org/freeipa/ticket/5266 Patch attached. Looks good an works for me, ACK. Pushed to ipa-4-2:

Re: [Freeipa-devel] [PATCHES 362-366] Realmdomains handling improvements

On Thu, 03 Sep 2015, Tomas Babej wrote: Hi, this couple of patches fix https://fedorahosted.org/freeipa/ticket/5278 and improve our handling of realmdomains in general. The code looks good to me. I haven't tested it yet, though. -- / Alexander Bokovoy -- Manage your subscription for the

[Freeipa-devel] [PATCH] 0197 client referral support for trusted domain principal

Hi, attached patch adds support for issuing client referrals when FreeIPA KDC is asked to give a TGT for a principal from a trusted forest. We return a matching forest name as a realm and KDC then returns an error pointing a client to a direction of that realm. You can see how it looks with

Re: [Freeipa-devel] [PATCH 0057] DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5

On 09/03/2015 05:41 PM, Martin Basti wrote: On 09/01/2015 06:16 PM, Petr Spacek wrote: Hello, DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5. This fixes an forgotten TODO in ipa-ods-exporter. ACK Pushed to: master: ecf796e9c021a3b06e670f0602e8a10dcfd6f1f1 ipa-4-2:

Re: [Freeipa-devel] [PATCH 0053-0056] DNSSEC: Fix deadlocks & export to LDAP

On 09/03/2015 05:44 PM, Martin Basti wrote: On 09/03/2015 10:40 AM, Oleg Fayans wrote: NACK from me. 2 out of 5 tests still fail with assertion errors: https://paste.fedoraproject.org/262926/44126948/ Although, I am not sure these failures are caused by the same very problem. On

Re: [Freeipa-devel] [PATCHES 481-486] Metaclass and str modernization

On 09/01/2015 04:47 PM, Jan Cholasta wrote: > Hi, > > the attached patches add some more modernization to our code. > > Honza 481: ACK 482: ACK 483: ACK You can push these without waiting on the later ones. 484: To avoid merge conflicts later, perhaps it would be better to have if

Re: [Freeipa-devel] [PATCH 0305-0306] DNSSEC: better cleanup after uninstall to avoid temporal malfunction

On 09/03/2015 05:36 PM, Petr Spacek wrote: On 2.9.2015 14:58, Martin Basti wrote: Related to ticket https://fedorahosted.org/freeipa/ticket/5273 Patches attached. ACK Pushed to master: e7a876d88a0ed07de69d9654ebdbf8ebb7bda364 Pushed to ipa-4-2: 8767fff853a68389ed6786abf0b0eea3f4ef6764

[Freeipa-devel] [PATCH 0309-0310] DNSSEC CI: extend DNSSEC CI tests

Attached patches improve DNSSEC CI tests. From b6271dfde300835e21b815a809a32c46dd46f3dc Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Tue, 1 Sep 2015 12:07:13 +0200 Subject: [PATCH 1/2] DNSSEC: improve CI test Test disabling and re-enabling zone signing. ---

Re: [Freeipa-devel] [PATCH 0052] Add Chromium configuration note under Chrome section in ssbrowser

Bump for review On Wed, Jul 29, 2015 at 7:49 AM, Gabe Alford wrote: > Hello, > > As Chromium and Chrome are configured similarly but are configured in > different /etc directories, this patch adds a note to the Chrome section in > ssbrowser.html stating that. > > Thanks,

Re: [Freeipa-devel] [PATCH 0309-0310] DNSSEC CI: extend DNSSEC CI tests

Hi Martin, The two functions test_disable_reenable_signing_master and test_disable_reenable_signing_replica the error message for the laste assertion is different, although the assertions are identical: "RRSIG should be different" and "DNSKEY should be different". Other than that, it's fine

Re: [Freeipa-devel] [PATCH] Updated no of legacy permission in ipatests

Ping On 08/27/2015 10:37 AM, Abhijeet Kasurde wrote: Hi All, This patch fixes bug - https://fedorahosted.org/freeipa/ticket/5264 Thanks, Abhijeet Kasurde -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to

Re: [Freeipa-devel] [PATCH 0053-0056] DNSSEC: Fix deadlocks & export to LDAP

NACK from me. 2 out of 5 tests still fail with assertion errors: https://paste.fedoraproject.org/262926/44126948/ Although, I am not sure these failures are caused by the same very problem. On 08/31/2015 06:50 PM, Petr Spacek wrote: Hello, Attached patch set should fix the deadlock you

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

On 09/02/2015 10:37 PM, Simo Sorce wrote: On Wed, 2015-09-02 at 15:22 -0400, Simo Sorce wrote: On Mon, 2015-08-31 at 14:45 +0200, Tomas Babej wrote: On 08/26/2015 11:27 PM, Simo Sorce wrote: This patchset implements https://fedorahosted.org/freeipa/ticket/2888 and introduces a number of

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

I've encountered this today too. Filed a ticket about it: https://fedorahosted.org/freeipa/ticket/5283 On 09/03/2015 10:57 AM, Martin Basti wrote: On 09/02/2015 10:37 PM, Simo Sorce wrote: On Wed, 2015-09-02 at 15:22 -0400, Simo Sorce wrote: On Mon, 2015-08-31 at 14:45 +0200, Tomas Babej

Re: [Freeipa-devel] [PATCH 0307] Server Install: print message that client is being installed

On 09/02/2015 06:00 PM, Simo Sorce wrote: On Wed, 2015-09-02 at 17:57 +0200, Martin Basti wrote: Client installation is done as "Restarting web server". This step deserve own message. Patch attached I've seen various cases like this. And I can't understand why these steps aren't embedded in

[Freeipa-devel] [PATCH 0004] Rewrap errors in get_principal to CCacheError

After porting to gssapi, the ipa command prints ugly traceback when kerberos credentials are not available. Rewrapping to CCacheError when getting the principal name results in nicer error message. https://fedorahosted.org/freeipa/ticket/5272 From 227df758d0ac0cfc971a39e63c33bc4bfc0e992b Mon

[Freeipa-devel] [PATCH 0308] Server Upgrade: fix traceback caused by cidict

https://fedorahosted.org/freeipa/ticket/5283 Patch attached. From 6afdb8a8bfe5dba3dc117c8ed15e0d90e2d63ce2 Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Thu, 3 Sep 2015 12:55:05 +0200 Subject: [PATCH] Server Upgrade: fix traceback caused by cidict Traceback caused by

Re: [Freeipa-devel] cert profiles - test plan + patches

Hi, I took a look at it at Milan's request. patch 0008 - tracker looks ok, ACK patch 0009 - test cases look ok as well, but can't get it to run, 10 out of 14 tests fail, starting with internal error, which I haven't been able to track down, nor fix it. Lenka

Re: [Freeipa-devel] [PATCH 0308] Server Upgrade: fix traceback caused by cidict

On 09/03/2015 01:01 PM, Martin Basti wrote: > https://fedorahosted.org/freeipa/ticket/5283 > > Patch attached. ACK. This was caused by commit 3bf91ea, specifically the rushed reaction to Christian's comment: > Please use sorted(reference) instead of sorted(reference.keys()), > set(tree)

Re: [Freeipa-devel] [PATCH 0308] Server Upgrade: fix traceback caused by cidict

On 09/03/2015 01:42 PM, Petr Viktorin wrote: On 09/03/2015 01:01 PM, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/5283 Patch attached. ACK. This was caused by commit 3bf91ea, specifically the rushed reaction to Christian's comment: Please use sorted(reference) instead of

Re: [Freeipa-devel] [PATCH] 916 vault: add vault container commands

On 2.9.2015 07:26, Endi Sukma Dewata wrote: On 9/1/2015 10:22 AM, Simo Sorce wrote: On Tue, 2015-09-01 at 17:15 +0200, Petr Vobornik wrote: On 09/01/2015 04:39 PM, Jan Cholasta wrote: On 1.9.2015 16:26, Jan Cholasta wrote: On 26.8.2015 13:22, Petr Vobornik wrote: On 08/25/2015 08:04 PM,

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

On 09/03/2015 02:57 PM, Simo Sorce wrote: On Thu, 2015-09-03 at 10:57 +0200, Martin Basti wrote: On 09/02/2015 10:37 PM, Simo Sorce wrote: On Wed, 2015-09-02 at 15:22 -0400, Simo Sorce wrote: On Mon, 2015-08-31 at 14:45 +0200, Tomas Babej wrote: On 08/26/2015 11:27 PM, Simo Sorce wrote:

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

On Thu, 2015-09-03 at 15:21 +0200, Martin Basti wrote: > > On 09/03/2015 02:57 PM, Simo Sorce wrote: > > On Thu, 2015-09-03 at 10:57 +0200, Martin Basti wrote: > >> On 09/02/2015 10:37 PM, Simo Sorce wrote: > >>> On Wed, 2015-09-02 at 15:22 -0400, Simo Sorce wrote: > On Mon, 2015-08-31 at

Re: [Freeipa-devel] [PATCH 0304] Installer: do not modify /etc/hosts before user agreement

On 02/09/15 14:12, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/4561 This also fixes: https://fedorahosted.org/freeipa/ticket/5266 Patch attached. Looks good an works for me, ACK. -- David Kupka -- Manage your subscription for the Freeipa-devel mailing list:

Re: [Freeipa-devel] [PATCH 0307] Server Install: print message that client is being installed

On 09/03/2015 02:42 PM, Simo Sorce wrote: On Thu, 2015-09-03 at 10:19 +0200, Martin Basti wrote: On 09/02/2015 06:00 PM, Simo Sorce wrote: On Wed, 2015-09-02 at 17:57 +0200, Martin Basti wrote: Client installation is done as "Restarting web server". This step deserve own message. Patch

Re: [Freeipa-devel] [PATCHSET] Replica promotion patches

On Thu, 2015-09-03 at 10:57 +0200, Martin Basti wrote: > > On 09/02/2015 10:37 PM, Simo Sorce wrote: > > On Wed, 2015-09-02 at 15:22 -0400, Simo Sorce wrote: > >> On Mon, 2015-08-31 at 14:45 +0200, Tomas Babej wrote: > >>> On 08/26/2015 11:27 PM, Simo Sorce wrote: > This patchset implements

[Freeipa-devel] [PATCHES 362-366] Realmdomains handling improvements

Hi, this couple of patches fix https://fedorahosted.org/freeipa/ticket/5278 and improve our handling of realmdomains in general. Tomas From 7298b240843b5a86569b3e99cd793f42fd007acf Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Thu, 3 Sep 2015 12:13:32 +0200 Subject:

Re: [Freeipa-devel] [PATCH 0004] Rewrap errors in get_principal to CCacheError

On 09/03/2015 12:54 PM, Michael Šimáček wrote: > After porting to gssapi, the ipa command prints ugly traceback when > kerberos credentials are not available. Rewrapping to CCacheError when > getting the principal name results in nicer error message. > >

Re: [Freeipa-devel] cert profiles - test plan + patches

On 09/03/2015 01:40 PM, Lenka Doudova wrote: > Hi, > > I took a look at it at Milan's request. > > patch 0008 - tracker looks ok, ACK > patch 0009 - test cases look ok as well, but can't get it to run, 10 out > of 14 tests fail, starting with internal error, which I haven't been > able to

Re: [Freeipa-devel] cert profiles - test plan + patches

On 09/03/2015 01:40 PM, Lenka Doudova wrote: Hi, I took a look at it at Milan's request. patch 0008 - tracker looks ok, ACK patch 0009 - test cases look ok as well, but can't get it to run, 10 out of 14 tests fail, starting with internal error, which I haven't been able to track down, nor

Re: [Freeipa-devel] [PATCH] Updated no of legacy permission in ipatests

On 09/03/2015 08:16 AM, Abhijeet Kasurde wrote: > Ping > > On 08/27/2015 10:37 AM, Abhijeet Kasurde wrote: >> Hi All, >> >> This patch fixes bug - https://fedorahosted.org/freeipa/ticket/5264 >> >> Thanks, >> Abhijeet Kasurde > ACK, the patch needs a minor rebase on master due to python3

Re: [Freeipa-devel] [PATCH 0307] Server Install: print message that client is being installed

On Thu, 2015-09-03 at 10:19 +0200, Martin Basti wrote: > On 09/02/2015 06:00 PM, Simo Sorce wrote: > > On Wed, 2015-09-02 at 17:57 +0200, Martin Basti wrote: > >> Client installation is done as "Restarting web server". This step > >> deserve own message. > >> > >> Patch attached > > I've seen