On 03/11/2016 03:42 PM, Filip Skola wrote:
- Original Message -
On 01/28/2016 10:45 AM, Filip Skola wrote:
The same as with patch 0002:
* Module ipatests.test_xmlrpc.tracker.hostgroup_plugin
W:142,26: Calling a dict.iter*() method (dict-iter-method)
Please use dict.items
On 03/07/2016 02:53 PM, Filip Škola wrote:
Sorry, forgot to cc you, Milan.
F.
On Tue, 22 Dec 2015 05:57:50 -0500 (EST)
Filip Skola wrote:
And also sending refactored hostgroup plugin test.
F
Sorry for long delay. ACK.
--
Milan Kubik
--
Manage your subscription for the
On 03/22/2016 12:28 PM, Martin Babinsky wrote:
On 03/16/2016 02:17 PM, Martin Babinsky wrote:
On 03/16/2016 01:35 PM, Nathaniel McCallum wrote:
On Wed, 2016-03-16 at 07:25 +0100, Jan Cholasta wrote:
On 15.3.2016 22:22, Nathaniel McCallum wrote:
On Tue, 2016-03-15 at 17:54 +0100, Martin
On 18.3.2016 23:27, Timo Aaltonen wrote:
On 17.03.2016 18:36, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5681
would be nicer if ipa-httpd.conf was a template with the current
hardcoded values replaced with platform paths..
+1, I would also prefer if the file was renamed to
On 03/24/2016 10:24 AM, Jan Pazdziora wrote:
> On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
...
> You present two solutions to the problem -- deny rules, and regular
> expressions.
For the record, HBAC deny rules is something we will want to avoid. Deny HBAC
rules were
On Thu, Mar 24, 2016 at 11:39:17AM +1000, Fraser Tweedale wrote:
>
> Further to Rob's points, what about including the method being used
> (HTTP GET/POST/PUT/PATCH)? In a RESTful world this seems like an
> important aspect to include.
>
> How deep does this rabbit-hole go? :)
The work, while
On Thu, Mar 24, 2016 at 12:38:37PM +0100, Martin Kosek wrote:
> On 03/24/2016 10:24 AM, Jan Pazdziora wrote:
> > On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
> ...
> > You present two solutions to the problem -- deny rules, and regular
> > expressions.
>
> For the record,
On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
> I created a design page for the feature:
>
> http://www.freeipa.org/page/URI-based-HBAC-design
I try to put separate areas of concerns into separate emails to make
it easy to keep track.
The document says
There is a
On Wed, Mar 23, 2016 at 11:54:55AM -0400, Rob Crittenden wrote:
>
> I think case sensitivity might be pretty important too, though might be best
> left as an exercise for the user.
For protocol and hostname it likely needs to be case insensitive.
for the rest of the URL there probably should be
On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
> I created a design page for the feature:
>
> http://www.freeipa.org/page/URI-based-HBAC-design
In the document, you say
In all of them [ approaches ], I use only the part of URI
after hostname as hostname and
On 24.03.2016 13:55, Jan Cholasta wrote:
On 18.3.2016 23:27, Timo Aaltonen wrote:
On 17.03.2016 18:36, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5681
would be nicer if ipa-httpd.conf was a template with the current
hardcoded values replaced with platform paths..
+1, I
Jan Cholasta wrote:
On 18.3.2016 15:12, Martin Babinsky wrote:
On 03/17/2016 05:36 PM, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5681
Patch attached.
Hi Martin,
Nitpick attack:
Please fix the commit message: "File httpd.service was created by RPM,
what causes that httpd
On 03/24/2016 01:24 PM, Jan Pazdziora wrote:
> On Thu, Mar 24, 2016 at 12:38:37PM +0100, Martin Kosek wrote:
>> On 03/24/2016 10:24 AM, Jan Pazdziora wrote:
>>> On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
>> ...
>>> You present two solutions to the problem -- deny rules, and
On 03/24/2016 05:43 AM, Jan Pazdziora wrote:
On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
I created a design page for the feature:
http://www.freeipa.org/page/URI-based-HBAC-design
I try to put separate areas of concerns into separate emails to make
it easy to keep
On 24.3.2016 14:13, Martin Babinsky wrote:
On 03/24/2016 01:47 PM, Martin Babinsky wrote:
On 03/22/2016 12:28 PM, Martin Babinsky wrote:
On 03/16/2016 02:17 PM, Martin Babinsky wrote:
On 03/16/2016 01:35 PM, Nathaniel McCallum wrote:
On Wed, 2016-03-16 at 07:25 +0100, Jan Cholasta wrote:
On
On Thu, Mar 24, 2016 at 02:08:22PM +0100, Martin Kosek wrote:
>
> I agree it is complicated. While Deny HBAC rules is something we do not want,
> allowing exclusive rules for an HBAC URI rule may be acceptable. This would be
> the same approach we chose with Exclusive Time rules in Time-Based
On 24.3.2016 14:08, Martin Kosek wrote:
> On 03/24/2016 01:24 PM, Jan Pazdziora wrote:
>> On Thu, Mar 24, 2016 at 12:38:37PM +0100, Martin Kosek wrote:
>>> On 03/24/2016 10:24 AM, Jan Pazdziora wrote:
On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
>>> ...
You present
to enable debugging of such errors.
E.g.: https://fedorahosted.org/freeipa/ticket/5741
--
Petr Vobornik
From 956f5171a3b51544103672feaffef752ee94dc42 Mon Sep 17 00:00:00 2001
From: Petr Vobornik
Date: Thu, 24 Mar 2016 15:24:23 +0100
Subject: [PATCH] replicainstall: log ACI
On 24.3.2016 11:39, Jan Pazdziora wrote:
> On Wed, Mar 23, 2016 at 11:54:55AM -0400, Rob Crittenden wrote:
>>
>> I think case sensitivity might be pretty important too, though might be best
>> left as an exercise for the user.
>
> For protocol and hostname it likely needs to be case insensitive.
On 18.3.2016 15:12, Martin Babinsky wrote:
On 03/17/2016 05:36 PM, Martin Basti wrote:
https://fedorahosted.org/freeipa/ticket/5681
Patch attached.
Hi Martin,
Nitpick attack:
Please fix the commit message: "File httpd.service was created by RPM,
what causes that httpd service may", should
Adam Young wrote:
On 03/24/2016 05:43 AM, Jan Pazdziora wrote:
On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
I created a design page for the feature:
http://www.freeipa.org/page/URI-based-HBAC-design
I try to put separate areas of concerns into separate emails to make
it
On 24.03.2016 11:59, Milan Kubík wrote:
On 03/11/2016 03:42 PM, Filip Skola wrote:
- Original Message -
On 01/28/2016 10:45 AM, Filip Skola wrote:
The same as with patch 0002:
* Module ipatests.test_xmlrpc.tracker.hostgroup_plugin
W:142,26: Calling a dict.iter*() method
On 24.03.2016 11:59, Milan Kubík wrote:
On 03/07/2016 02:53 PM, Filip Škola wrote:
Sorry, forgot to cc you, Milan.
F.
On Tue, 22 Dec 2015 05:57:50 -0500 (EST)
Filip Skola wrote:
And also sending refactored hostgroup plugin test.
F
Sorry for long delay. ACK.
Pushed
On 03/24/2016 01:47 PM, Martin Babinsky wrote:
On 03/22/2016 12:28 PM, Martin Babinsky wrote:
On 03/16/2016 02:17 PM, Martin Babinsky wrote:
On 03/16/2016 01:35 PM, Nathaniel McCallum wrote:
On Wed, 2016-03-16 at 07:25 +0100, Jan Cholasta wrote:
On 15.3.2016 22:22, Nathaniel McCallum wrote:
On Thu, Mar 24, 2016 at 02:30:06PM +0100, Petr Spacek wrote:
>
> I really do not like 'excludes'... Was an approach with longest prefix match
> considered as an option? I do not see it in the design page.
>
> E.g. imagine we have rules:
> / -> allow anyone
> /users -> allow all authenticated
On 03/22/2016 04:28 PM, Rob Crittenden wrote:
Martin Babinsky wrote:
On 03/21/2016 12:25 PM, Jan Cholasta wrote:
On 21.3.2016 10:17, Petr Spacek wrote:
On 18.3.2016 13:49, Rob Crittenden wrote:
Martin Babinsky wrote:
These patches implement behavior agreed upon during discussion of
On 03/21/2016 01:51 PM, Oleg Fayans wrote:
Hi Oleg,
I have a few comments:
1.)
please make the commit message more clear, briefly describe what kind of
test cases were added to the suite and maybe add a link to the test plan.
2.)
I see negative test scenarios for attempting to issue
On 03/23/2016 08:13 PM, Martin Basti wrote:
[...]
Can you please update design
http://www.freeipa.org/page/V4/Manage_replication_topology_4_4 (mainly
the --suffix option)? Also there are missing clean-ruv and list-ruv
commands in design, and fix usage at the bottom.
1)
I don't understand this
On Wed, Mar 23, 2016 at 06:39:45PM +0100, Petr Vobornik wrote:
> On 03/23/2016 04:41 PM, Lukáš Hellebrandt wrote:
> >I created a design page for the feature:
> >
> >http://www.freeipa.org/page/URI-based-HBAC-design
>
> 1. The design page doesn't mention if mod_authnz_pam will be extended or
>
On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
> I created a design page for the feature:
>
> http://www.freeipa.org/page/URI-based-HBAC-design
Could you please elaborate on unauthenticated accesses?
Many web applications have completely public parts, and then
authenticated
The FreeIPA team would like to announce FreeIPA v4.3.1 bug fixing release!
It can be downloaded from http://www.freeipa.org/page/Downloads. The
builds are available for Fedora 24 and rawhide. Builds for Fedora 23 are
available in the official COPR
On 03/23/2016 04:41 PM, Lukáš Hellebrandt wrote:
> I created a design page for the feature:
>
> http://www.freeipa.org/page/URI-based-HBAC-design
Technicality update:
- I changed the name and moved it to consistent location:
http://www.freeipa.org/page/V4/URI-based_HBAC
- I removed
On Wed, Mar 23, 2016 at 04:41:49PM +0100, Lukáš Hellebrandt wrote:
> I created a design page for the feature:
>
> http://www.freeipa.org/page/URI-based-HBAC-design
The way most web applications (that I see as the first use for this
feature) are structured, they have more openly accessible areas
On Thu, Mar 24, 2016 at 01:09:24PM +0100, Jan Pazdziora wrote:
> On Thu, Mar 24, 2016 at 11:39:17AM +1000, Fraser Tweedale wrote:
> >
> > Further to Rob's points, what about including the method being used
> > (HTTP GET/POST/PUT/PATCH)? In a RESTful world this seems like an
> > important aspect
34 matches
Mail list logo