URL: https://github.com/freeipa/freeipa/pull/450
Author: stlaz
Title: #450: Add FIPS-token password of HTTPD NSS database
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/450/head:pr450
git checkout pr450
URL: https://github.com/freeipa/freeipa/pull/407
Title: #407: New lite-server implementation
tiran commented:
"""
PR #314 has landed. I have rebased the branch and made the lite-server even
more convenient to use. You can now run it with ```make lite-server``` or
```make lite-server
URL: https://github.com/freeipa/freeipa/pull/468
Author: simo5
Title: #468: Remove non-sensical kdestroy on https stop
Action: opened
PR body:
"""
This kdestroy runs as root and wipes root's own ccachs ...
this is totally inappropriate.
https://fedorahosted.org/freeipa/ticket/6673
URL: https://github.com/freeipa/freeipa/pull/466
Title: #466: pkinit: make sure to have proper dictionary for Kerberos instance
on upgrade
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/469
Author: tiran
Title: #469: Ignore unlink error in ipa-otpd.socket
Action: opened
PR body:
"""
Don't fail in case the file does not exist.
Signed-off-by: Christian Heimes
"""
To pull the PR as Git branch:
git remote add
URL: https://github.com/freeipa/freeipa/pull/331
Title: #331: WebUI: don't change casing of Auth Indicators values
pvoborni commented:
"""
LGTM (reading code).
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/331#issuecomment-279984562
--
Manage your subscription for the
URL: https://github.com/freeipa/freeipa/pull/331
Author: pvomacka
Title: #331: WebUI: don't change casing of Auth Indicators values
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/331/head:pr331
git
URL: https://github.com/freeipa/freeipa/pull/407
Title: #407: New lite-server implementation
tiran commented:
"""
Example of a single request profile with new lite-server:
```
127.0.0.1 - - [15/Feb/2017 12:55:20] "POST /ipa/session/json HTTP/1.1" 200 -
ipa: INFO: [jsonserver_session]
URL: https://github.com/freeipa/freeipa/pull/423
Author: MartinBasti
Title: #423: dns-update-system-records: add support for nsupdate output format
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/423/head:pr423
URL: https://github.com/freeipa/freeipa/pull/423
Title: #423: dns-update-system-records: add support for nsupdate output format
MartinBasti commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/7eb2ef61905a5c6ddf04237f0aa84e7585e1186d
URL: https://github.com/freeipa/freeipa/pull/407
Author: tiran
Title: #407: New lite-server implementation
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/407/head:pr407
git checkout pr407
From
URL: https://github.com/freeipa/freeipa/pull/450
Author: stlaz
Title: #450: Add FIPS-token password of HTTPD NSS database
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/450/head:pr450
git checkout pr450
URL: https://github.com/freeipa/freeipa/pull/423
Title: #423: dns-update-system-records: add support for nsupdate output format
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/470
Author: pvomacka
Title: #470: WebUI: Size limit warning on details pages fixed
Action: opened
PR body:
"""
Entity select fields accepted globally set size limit and in situations when
there were more entries than global size limit allows then
URL: https://github.com/freeipa/freeipa/pull/407
Title: #407: New lite-server implementation
tiran commented:
"""
PR #314 has landed. I have rebased the branch and made the lite-server even
more convenient to use. You can now run it with ```make lite-server``` or
```make lite-server
URL: https://github.com/freeipa/freeipa/pull/367
Author: stlaz
Title: #367: Remove nsslib from IPA
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/367/head:pr367
git checkout pr367
From
URL: https://github.com/freeipa/freeipa/pull/466
Author: abbra
Title: #466: pkinit: make sure to have proper dictionary for Kerberos instance
on upgrade
Action: opened
PR body:
"""
When running PKINIT upgrade we need to make sure full substitution
dictionary is in place or otherwise
URL: https://github.com/freeipa/freeipa/pull/446
Author: stlaz
Title: #446: No NSS database passwords in ipa-client-install
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/446/head:pr446
git checkout pr446
URL: https://github.com/freeipa/freeipa/pull/407
Author: tiran
Title: #407: New lite-server implementation
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/407/head:pr407
git checkout pr407
From
URL: https://github.com/freeipa/freeipa/pull/446
Title: #446: No NSS database passwords in ipa-client-install
stlaz commented:
"""
This patchset seems more like a cleanup after the privilege separation one,
although adding a password to certutil calls is still the main topic here.
"""
See the
URL: https://github.com/freeipa/freeipa/pull/450
Title: #450: Add FIPS-token password of HTTPD NSS database
stlaz commented:
"""
You shouldn't turn FIPS on post-install (is what I think you mean), correct.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/467
Author: dkupka
Title: #467: ipaclient: schema cache: Write all schema files in
concurrent-safe way
Action: opened
PR body:
"""
https://fedorahosted.org/freeipa/ticket/6668
"""
To pull the PR as Git branch:
git remote add ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/397
Title: #397: Improve wheel building and provide ipaserver wheel for local
testing
stlaz commented:
"""
@pvoborni The remaining usages are server/CA certificates verification in
`certdb.py` and and apparently some encryption/decryption actions
URL: https://github.com/freeipa/freeipa/pull/446
Author: stlaz
Title: #446: No NSS database passwords in ipa-client-install
Action: edited
Changed field: title
Original value:
"""
No NSS database passwords in ipa-client-install
"""
--
Manage your subscription for the Freeipa-devel mailing
URL: https://github.com/freeipa/freeipa/pull/396
Author: stlaz
Title: #396: Explicitly remove support of SSLv2
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/396/head:pr396
git checkout pr396
From
URL: https://github.com/freeipa/freeipa/pull/400
Author: pvomacka
Title: #400: WebUI: Certificate Mapping
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/400/head:pr400
git checkout pr400
From
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
tiran commented:
"""
FYI, KRA and vault are broken because KRA cert is not migrated:
https://fedorahosted.org/freeipa/ticket/6675
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/410
Title: #410: ipa-kdb: support KDB DAL version 6.1
MartinBasti commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/593ea7da9a732647052cb56c08ad367e40be3912
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/410
Author: abbra
Title: #410: ipa-kdb: support KDB DAL version 6.1
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/410/head:pr410
git checkout pr410
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/410
Title: #410: ipa-kdb: support KDB DAL version 6.1
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
tiran commented:
"""
Cookie parsing bug with FreeIPA 4.4 client:
https://fedorahosted.org/freeipa/ticket/6676
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/407
Title: #407: New lite-server implementation
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/407
Author: tiran
Title: #407: New lite-server implementation
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/407/head:pr407
git checkout pr407
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/407
Title: #407: New lite-server implementation
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/407
Title: #407: New lite-server implementation
MartinBasti commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/ff6e701b0077d9c8e2aacdcaecf70f885018db92
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/450
Title: #450: Add FIPS-token password of HTTPD NSS database
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/459
Title: #459: Faster JSON encoder/decoder
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/459
Author: tiran
Title: #459: Faster JSON encoder/decoder
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/459/head:pr459
git checkout pr459
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
rcritten commented:
"""
If you don't backup the keytab then how do you expect to bring the server back
up? Fetch new keys for all services?
Full restore is very clearly documented as a
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
pvoborni commented:
"""
And AFAIK b) is not supported. @martbab , does something indicate otherwise?
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
MartinBasti commented:
"""
@pvoborni this is the way how it this tested by QA, so that's why I added this
kind of test to upstream. I disagree that `b)` is not supported. It is just
URL: https://github.com/freeipa/freeipa/pull/467
Author: dkupka
Title: #467: ipaclient: schema cache: Write all schema files in
concurrent-safe way
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa
URL: https://github.com/freeipa/freeipa/pull/459
Title: #459: Faster JSON encoder/decoder
Label: +ack
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
rcritten commented:
"""
Rudeness is not necessary.
You said:
"As to why a) we backup Kerberos keys, and b) support restoring into running
IPA server that is beyond me."
The reason for a)
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
martbab commented:
"""
@rcritten I apologize for sounding rude. I misread your comment and interpreted
it differently than intended.
That said, if the restore to a running IPA server is
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
martbab commented:
"""
We do not backup ccache, we back up apache keytab.
During restore into installer server we back up old Kerberos keys, but without
any mechanism to purge the new
URL: https://github.com/freeipa/freeipa/pull/437
Author: tomaskrizek
Title: #437: FIPS: replica install check
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/437/head:pr437
git checkout pr437
From
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
martbab commented:
"""
@rcritten can you please re-read my comment very slowly? I wrote that we *do*
backup keytabs.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
martbab commented:
"""
And indeed I can reproduce the original failure reported in
https://fedorahosted.org/freeipa/ticket/5296 with this PR.
If I manually remove apache ccache (kdestroy
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
tiran commented:
"""
I'm with @rcritten .
If we need to clean up / remove some files during a restore, then these
clean-ups should be handled by ```ipa-restore```. The service files are
URL: https://github.com/freeipa/freeipa/pull/450
Author: stlaz
Title: #450: Add FIPS-token password of HTTPD NSS database
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/450/head:pr450
git checkout pr450
--
URL: https://github.com/freeipa/freeipa/pull/450
Title: #450: Add FIPS-token password of HTTPD NSS database
Label: +pushed
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA:
URL: https://github.com/freeipa/freeipa/pull/450
Title: #450: Add FIPS-token password of HTTPD NSS database
MartinBasti commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/0b9b6b52d7f2e64a52ef8fd570839711311fa254
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/314
Title: #314: RFC: privilege separation for ipa framework code
stlaz commented:
"""
I would put broken KRA cert migration to lowest priority since
https://github.com/freeipa/freeipa/pull/367 moves the original KRA cert anyway.
"""
See the full
Hello,
Please don't use any ad-hoc cruft when generating passwords throughout
IPA if not really really necessary. We have a nice refreshed password
generator `ipapython.ipautil.ipa_generate_password()` default config of
which does the work for you. It also by default generates passwords
URL: https://github.com/freeipa/freeipa/pull/398
Author: flo-renaud
Title: #398: Support for Certificate Identity Mapping
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/398/head:pr398
git checkout pr398
URL: https://github.com/freeipa/freeipa/pull/398
Title: #398: Support for Certificate Identity Mapping
flo-renaud commented:
"""
PR updated with the check on domain in certmaprule-add/mod.
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/398#issuecomment-280152942
--
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
martbab commented:
"""
I would rather keep `kdestroy` there, but only really purge the apache ccache
explicitly:
```diff
--- a/ipaplatform/redhat/tasks.py
+++ b/ipaplatform/redhat/tasks.py
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
tiran commented:
"""
Why do we back up ccache in the first place?
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/468#issuecomment-280040752
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/459
Title: #459: Faster JSON encoder/decoder
MartinBasti commented:
"""
Fixed upstream
master:
https://fedorahosted.org/freeipa/changeset/8159c2883bf66980582d1227c364df4e592bdd7e
URL: https://github.com/freeipa/freeipa/pull/459
Author: tiran
Title: #459: Faster JSON encoder/decoder
Action: edited
Changed field: title
Original value:
"""
[WIP] Faster JSON encoder/decoder
"""
--
Manage your subscription for the Freeipa-devel mailing list:
URL: https://github.com/freeipa/freeipa/pull/429
Title: #429: [py3] ipactl restart: log httplib failues as debug
tiran commented:
"""
Yeah, I reported the issue as https://fedorahosted.org/freeipa/ticket/6674 .
Feel free to close it as duplicate.
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/429
Title: #429: [py3] ipactl restart: log httplib failues as debug
MartinBasti commented:
"""
This happens with python2.7 too, I reproduced it today
"""
See the full comment at
https://github.com/freeipa/freeipa/pull/429#issuecomment-280024605
--
URL: https://github.com/freeipa/freeipa/pull/437
Author: tomaskrizek
Title: #437: FIPS: replica install check
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/437/head:pr437
git checkout pr437
From
URL: https://github.com/freeipa/freeipa/pull/459
Author: tiran
Title: #459: Faster JSON encoder/decoder
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/459/head:pr459
git checkout pr459
From
URL: https://github.com/freeipa/freeipa/pull/398
Author: flo-renaud
Title: #398: Support for Certificate Identity Mapping
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/398/head:pr398
git checkout pr398
URL: https://github.com/freeipa/freeipa/pull/398
Title: #398: Support for Certificate Identity Mapping
flo-renaud commented:
"""
@HonzaCholasta
PR updated according to your comments. Thanks for the detailed review!
"""
See the full comment at
URL: https://github.com/freeipa/freeipa/pull/437
Author: tomaskrizek
Title: #437: FIPS: replica install check
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/437/head:pr437
git checkout pr437
From
68 matches
Mail list logo