On 12/16/2016 03:23 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
Hello,
I started a design page for FreeIPA on FIPS-enabled systems:
https://www.freeipa.org/page/V4/FreeIPA-on-FIPS
Me and Tomáš are still investigating what of all things will need to
change in order to have FreeIPA on FIPS-
I'm looking for an option - eventually to extend standard ssh - in such a way
that I need (at least) two people/keys out of m possible to authenticate a
session instead of one out of m known once...
e.g:
to authenticate to server X : I need two people A and (B or C) together.
anyone seen this o
I agree with *almost* everything Sumit said. See my inline comments below.
On 16.12.2016 11:53, Sumit Bose wrote:
On Tue, Dec 06, 2016 at 04:39:10PM +0100, Florence Blanc-Renaud wrote:
Hi,
I have started a feature description for the Certificate Identity Mapping at
the following location:
http
On ma, 19 joulu 2016, Oucema Bellagha wrote:
I'm looking for an option - eventually to extend standard ssh - in such
a way that I need (at least) two people/keys out of m possible to
authenticate a session instead of one out of m known once...
e.g:
to authenticate to server X : I need two people
On ma, 19 joulu 2016, Oucema Bellagha wrote:
Hi folks,
Thanks for the feedback, I already tried the AuthenticationMethods
"publickey,publickey" but is there any tool allowing this kind of
connection from two clients to the server in the same time using
ssh-Key cause it's not possible using putt
On Mon, Dec 19, 2016 at 10:02:58AM +0100, Jan Cholasta wrote:
> I agree with *almost* everything Sumit said. See my inline comments below.
>
> On 16.12.2016 11:53, Sumit Bose wrote:
> > On Tue, Dec 06, 2016 at 04:39:10PM +0100, Florence Blanc-Renaud wrote:
> > > Hi,
> > >
> > > I have started a f
URL: https://github.com/freeipa/freeipa/pull/348
Author: jcholast
Title: #348: ca: fix ca-find with --pkey-only
Action: opened
PR body:
"""
Since commit 32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d, ca-find will fail
with internal error if --pkey-only is specified, because the code to
look up the
URL: https://github.com/freeipa/freeipa/pull/334
Author: mbasti-rh
Title: #334: Py3: Fix ToASCII method
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/334/head:pr334
git checkout pr334
From e5825f44dafc4fb
URL: https://github.com/freeipa/freeipa/pull/334
Title: #334: Py3: Fix ToASCII method
mbasti-rh commented:
"""
I reworked commit:
- keep python-dns 1.15 in build requires at it changed return type of to_text
function
- removed .encode() check
"""
See the full comment at
https://github.com/fr
URL: https://github.com/freeipa/freeipa/pull/349
Author: jcholast
Title: #349: spec file: do not define with_lint inside a comment
Action: opened
PR body:
"""
RPM expands macros even inside comments in spec files, so the with_lint
macro is unintentionally always defined.
Escape the percent si
Hi Thierry,
could you please take a look at this bind-dyndb-ldap patch? I was trying
to fix https://fedorahosted.org/bind-dyndb-ldap/ticket/149
I wasn't able to reproduce the issue, but I think the problem is fixed
now. Petr Spacek was helping me with this, but I think it would be good
if you cou
URL: https://github.com/freeipa/freeipa/pull/334
Author: mbasti-rh
Title: #334: Py3: Fix ToASCII method
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/334/head:pr334
git checkout pr334
From 49065f3ea24eb22
URL: https://github.com/freeipa/freeipa/pull/333
Author: pspacek
Title: #333: Remove named-pkcs11 workarounds from DNSSEC tests.
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/333/head:pr333
git checkout pr333
-
URL: https://github.com/freeipa/freeipa/pull/333
Title: #333: Remove named-pkcs11 workarounds from DNSSEC tests.
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/pag
URL: https://github.com/freeipa/freeipa/pull/333
Title: #333: Remove named-pkcs11 workarounds from DNSSEC tests.
mbasti-rh commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/8bc677512296a7e94c29edd0c1a96aa7273f352a
"""
See the full comment at
https://github.com/fr
URL: https://github.com/freeipa/freeipa/pull/350
Author: jcholast
Title: #350: spec file: revert to the previous Release tag
Action: opened
PR body:
"""
Revert from the current Release tag value `upstream` to the previously used
`0%{?dist}`, because:
* `0` sorts before `1`, which is usually u
URL: https://github.com/freeipa/freeipa/pull/349
Title: #349: spec file: do not define with_lint inside a comment
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/
URL: https://github.com/freeipa/freeipa/pull/351
Author: tomaskrizek
Title: #351: [fedora-26] named.conf template: update API for bind 9.11
Action: opened
PR body:
"""
Please **do not merge** this patch upstream, we need to have BIND 9.11
available before we do, otherwise it will break DNS in
URL: https://github.com/freeipa/freeipa/pull/349
Title: #349: spec file: do not define with_lint inside a comment
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/pa
URL: https://github.com/freeipa/freeipa/pull/349
Author: jcholast
Title: #349: spec file: do not define with_lint inside a comment
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/349/head:pr349
git checkout pr349
URL: https://github.com/freeipa/freeipa/pull/349
Title: #349: spec file: do not define with_lint inside a comment
martbab commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/1b85e59ceeb115dfb24e9c6bacb665b935f9543c
"""
See the full comment at
https://github.com/fre
On 19.12.2016 13:04, Tomas Krizek wrote:
> Hi Thierry,
>
> could you please take a look at this bind-dyndb-ldap patch? I was trying
> to fix https://fedorahosted.org/bind-dyndb-ldap/ticket/149
>
> I wasn't able to reproduce the issue, but I think the problem is fixed
> now. Petr Spacek was helpin
Hi Tomas,
The patch looks good to me.
Just a minor remark.
ldap_inst->exiting=TRUE and signaling the watcher thread is the same
action. Ideally the signal handler would set 'existing=TRUE', but there
is no nice way for the signal handler to retrieve/set the 'existing'
flag. Do you think we cou
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/6
Author: tomaskrizek
Title: #6: handle termination of syncrepl watcher thread
Action: opened
PR body:
"""
In some cases, the thread could have been already terminated and
sending a signal to the thread using pthread_kill() would result in a
On 12/19/2016 03:12 AM, Standa Laznicka wrote:
On 12/16/2016 03:23 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
Hello,
I started a design page for FreeIPA on FIPS-enabled systems:
https://www.freeipa.org/page/V4/FreeIPA-on-FIPS
Me and Tomáš are still investigating what of all things will
URL: https://github.com/freeipa/freeipa/pull/352
Author: pspacek
Title: #352: Clarify meaning of --domain and --realm in installers
Action: opened
PR body:
"""
Man pages need bigger overhaul. Take this as hot-fix for FAQ.
https://fedorahosted.org/freeipa/ticket/6574
"""
To pull the PR as Git
URL: https://github.com/freeipa/freeipa/pull/353
Author: simo5
Title: #353: [RFE] Pwdpolicy
Action: opened
PR body:
"""
Untested but I am seeking feedback on the actual approach.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/279
Title: #279: installer: Stop adding distro-specific NTP servers into ntp.conf
pspacek commented:
"""
ACK
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/279#issuecomment-267986862
--
Manage your subscription for the Freeipa-
On 12/19/2016 03:07 PM, John Dennis wrote:
On 12/19/2016 03:12 AM, Standa Laznicka wrote:
On 12/16/2016 03:23 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
Hello,
I started a design page for FreeIPA on FIPS-enabled systems:
https://www.freeipa.org/page/V4/FreeIPA-on-FIPS
Me and Tomáš are
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
simo5 commented:
"""
I think this code is ready to be included.
I am still playing with a minor change in mod_auth_gssapi, but that can also go
in later.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/279
Title: #279: installer: Stop adding distro-specific NTP servers into ntp.conf
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.free
URL: https://github.com/freeipa/freeipa/pull/351
Author: tomaskrizek
Title: #351: [fedora-26] named.conf template: update API for bind 9.11
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/351/head:pr351
git
URL: https://github.com/freeipa/freeipa/pull/351
Title: #351: [fedora-26] named.conf template: update API for bind 9.11
tomaskrizek commented:
"""
The version of BIND in `freeipa.spec.in` is also subject to change. There is
currently a bug that affects `named-pkcs11`, but not `named`.
I also h
URL: https://github.com/freeipa/bind-dyndb-ldap/pull/6
Author: tomaskrizek
Title: #6: handle termination of syncrepl watcher thread
Action: synchronized
To pull the PR as Git branch:
git remote add ghbind-dyndb-ldap https://github.com/freeipa/bind-dyndb-ldap
git fetch ghbind-dyndb-ldap pull/6/
On 12/19/2016 02:04 PM, thierry bordaz wrote:
> Hi Tomas,
>
> The patch looks good to me.
> Just a minor remark.
> ldap_inst->exiting=TRUE and signaling the watcher thread is the same
> action. Ideally the signal handler would set 'existing=TRUE', but
> there is no nice way for the signal handler t
On 12/15/2016 11:11 PM, Ben Lipton wrote:
On 12/12/2016 03:52 AM, Jan Cholasta wrote:
On 5.12.2016 16:48, Ben Lipton wrote:
Hi Jan, thanks for the comments.
On 12/05/2016 04:25 AM, Jan Cholasta wrote:
Hi Ben,
On 3.11.2016 00:12, Ben Lipton wrote:
Hi everybody,
Soon I'm going to have to
URL: https://github.com/freeipa/freeipa/pull/348
Title: #348: ca: fix ca-find with --pkey-only
frasertweedale commented:
"""
IMO the current change is fine, but I would also implement a defensive guard
within `set_certificate_attrs` in case this somehow happens in some other
command.
```pytho
URL: https://github.com/freeipa/freeipa/pull/354
Author: frasertweedale
Title: #354: Fix DL1 replica installation in CA-less topology
Action: opened
PR body:
"""
Commit dbb98765d73519289ee22f3de1a5ccde140f6f5d changed certmonger
requests for DS and HTTP certificates during installation to rais
38 matches
Mail list logo
