[Freeipa-devel] [freeipa PR#541][opened] We don't offer no quickies

URL: https://github.com/freeipa/freeipa/pull/541 Author: stlaz Title: #541: We don't offer no quickies Action: opened PR body: """ It's not our main priority as developers to offer any forms of quickies nor guides on how to perform them. http://www.urbandictionary.com/define.php?term=quickie

[Freeipa-devel] [freeipa PR#476][comment] vault: cache the transport certificate on client

URL: https://github.com/freeipa/freeipa/pull/476 Title: #476: vault: cache the transport certificate on client HonzaCholasta commented: """ Calling `vaultconfig_show` now refreshes the cache, you can call it to download and cache the certificate in the main process. """ See the full comment

[Freeipa-devel] [freeipa PR#539][comment] Define errors_by_code in ipalib.errors

URL: https://github.com/freeipa/freeipa/pull/539 Title: #539: Define errors_by_code in ipalib.errors frasertweedale commented: """ @HonzaCholasta when Dogtag execute the existing cert-request validation logic (which will be extracted to a new function), if an exception gets raised Dogtag

[Freeipa-devel] [freeipa PR#532][closed] Fix cookie with Max-Age processing

URL: https://github.com/freeipa/freeipa/pull/532 Author: stlaz Title: #532: Fix cookie with Max-Age processing Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/532/head:pr532 git checkout pr532 -- Manage your

[Freeipa-devel] [freeipa PR#532][comment] Fix cookie with Max-Age processing

URL: https://github.com/freeipa/freeipa/pull/532 Title: #532: Fix cookie with Max-Age processing HonzaCholasta commented: """ master: * 24eeb4d6a3be678d652247a4a862ffde037514da Fix cookie with Max-Age processing """ See the full comment at

[Freeipa-devel] [freeipa PR#532][+pushed] Fix cookie with Max-Age processing

URL: https://github.com/freeipa/freeipa/pull/532 Title: #532: Fix cookie with Max-Age processing Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#541][closed] We don't offer no quickies

URL: https://github.com/freeipa/freeipa/pull/541 Author: stlaz Title: #541: We don't offer no quickies Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/541/head:pr541 git checkout pr541 -- Manage your

[Freeipa-devel] [freeipa PR#541][+ack] We don't offer no quickies

URL: https://github.com/freeipa/freeipa/pull/541 Title: #541: We don't offer no quickies Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#476][synchronized] vault: cache the transport certificate on client

URL: https://github.com/freeipa/freeipa/pull/476 Author: HonzaCholasta Title: #476: vault: cache the transport certificate on client Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/476/head:pr476 git

Re: [Freeipa-devel] [DISCUSSION] checking *lint at configure time

On 03/06/2017 01:44 PM, Lukas Slebodnik wrote: > On (06/03/17 13:35), Tomas Krizek wrote: >> On 03/03/2017 09:22 PM, Rob Crittenden wrote: >>> Lukas Slebodnik wrote: On (03/03/17 17:07), Lukas Slebodnik wrote: > ehlo, > > This is a small continuation fo discussin from pull request

[Freeipa-devel] [freeipa PR#539][comment] Define errors_by_code in ipalib.errors

URL: https://github.com/freeipa/freeipa/pull/539 Title: #539: Define errors_by_code in ipalib.errors frasertweedale commented: """ @HonzaCholasta when Dogtag execute the existing cert-request validation logic (which will be extracted to a new function), if an exception gets raised Dogtag

Re: [Freeipa-devel] [DISCUSSION] checking *lint at configure time

On 03/03/2017 09:22 PM, Rob Crittenden wrote: > Lukas Slebodnik wrote: >> On (03/03/17 17:07), Lukas Slebodnik wrote: >>> ehlo, >>> >>> This is a small continuation fo discussin from pull request >>> "Make pylint and jsl optional" #502[1] >>> >>> Pylint and jslint are already optional because some

Re: [Freeipa-devel] [DISCUSSION] checking *lint at configure time

On (06/03/17 13:35), Tomas Krizek wrote: >On 03/03/2017 09:22 PM, Rob Crittenden wrote: >> Lukas Slebodnik wrote: >>> On (03/03/17 17:07), Lukas Slebodnik wrote: ehlo, This is a small continuation fo discussin from pull request "Make pylint and jsl optional" #502[1]

[Freeipa-devel] [freeipa PR#541][+pushed] We don't offer no quickies

URL: https://github.com/freeipa/freeipa/pull/541 Title: #541: We don't offer no quickies Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#541][comment] We don't offer no quickies

URL: https://github.com/freeipa/freeipa/pull/541 Title: #541: We don't offer no quickies dkupka commented: """ master: * 30d7c210a4d153fcb5007651a80d8d53512abba3 We don't offer no quickies """ See the full comment at https://github.com/freeipa/freeipa/pull/541#issuecomment-284380318 --

Re: [Freeipa-devel] [DISCUSSION] checking *lint at configure time

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/06/2017 02:10 PM, Lukas Slebodnik wrote: > On (06/03/17 13:49), Tomas Krizek wrote: >> On 03/06/2017 01:44 PM, Lukas Slebodnik wrote: >>> On (06/03/17 13:35), Tomas Krizek wrote: On 03/03/2017 09:22 PM, Rob Crittenden wrote: > Lukas

Re: [Freeipa-devel] Please review: V4/AD user short names design draft

On Mon, 2017-03-06 at 07:47 +0100, Martin Babinsky wrote: > On 03/02/2017 02:54 PM, Simo Sorce wrote: > > On Thu, 2017-03-02 at 08:10 +0100, Martin Babinsky wrote: > >> In this case it would probably be a good idea to think about "forward > >> compatibility" and define a new AUX objectclass

Re: [Freeipa-devel] [DISCUSSION] checking *lint at configure time

On (06/03/17 13:49), Tomas Krizek wrote: >On 03/06/2017 01:44 PM, Lukas Slebodnik wrote: >> On (06/03/17 13:35), Tomas Krizek wrote: >>> On 03/03/2017 09:22 PM, Rob Crittenden wrote: Lukas Slebodnik wrote: > On (03/03/17 17:07), Lukas Slebodnik wrote: >> ehlo, >> >> This is a

Re: [Freeipa-devel] [DISCUSSION] checking *lint at configure time

Tomas Krizek wrote: > On 03/03/2017 09:22 PM, Rob Crittenden wrote: >> Lukas Slebodnik wrote: >>> On (03/03/17 17:07), Lukas Slebodnik wrote: ehlo, This is a small continuation fo discussin from pull request "Make pylint and jsl optional" #502[1] Pylint and jslint are

[Freeipa-devel] [freeipa PR#531][comment] httpinstance: disable system trust module in /etc/httpd/alias

URL: https://github.com/freeipa/freeipa/pull/531 Title: #531: httpinstance: disable system trust module in /etc/httpd/alias HonzaCholasta commented: """ Yes. That is, once https://pagure.io/freeipa/issue/4639 is fixed. """ See the full comment at

[Freeipa-devel] [freeipa PR#531][comment] httpinstance: disable system trust module in /etc/httpd/alias

URL: https://github.com/freeipa/freeipa/pull/531 Title: #531: httpinstance: disable system trust module in /etc/httpd/alias rcritten commented: """ Just FYI I'm opening an upstream discussion with the NSS team on this. It is very strange that there is a conflict like this, particularly between

[Freeipa-devel] [freeipa PR#534][comment] Move csrgen templates into ipaclient package

URL: https://github.com/freeipa/freeipa/pull/534 Title: #534: Move csrgen templates into ipaclient package LiptonB commented: """ I think this is a much better way to make it configurable than how I had it, and the implementation looks good to me. Thanks! """ See the full comment at

[Freeipa-devel] [freeipa PR#537][comment] test_csrgen: adjusted comparison test scripts for CSRGenerator

URL: https://github.com/freeipa/freeipa/pull/537 Title: #537: test_csrgen: adjusted comparison test scripts for CSRGenerator LiptonB commented: """ Thanks for catching this, sorry about the breakage. The change looks good to me. """ See the full comment at

Re: [Freeipa-devel] gssproxy-0.6.2-2 broken

Standa Laznicka writes: > Hello, > > Current gssproxy in Fedora 25 "updates" repository (gssproxy-0.6.2-2) is > broken. For a freshly-installed IPA server, the infamous error > > "ipa: ERROR: Major (851968): Unspecified GSS failure. Minor code may > provide more

[Freeipa-devel] [freeipa PR#433][synchronized] csrgen: Allow some certificate fields to be specified by the user

URL: https://github.com/freeipa/freeipa/pull/433 Author: LiptonB Title: #433: csrgen: Allow some certificate fields to be specified by the user Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#504][comment] Add SHA256 fingerprints

URL: https://github.com/freeipa/freeipa/pull/504 Title: #504: Add SHA256 fingerprints tomaskrizek commented: """ I think this is a translation issue that will resolve itself once we generate new translation files. Is that correct, @MartinBasti ? When using `make install` that regenerates

[Freeipa-devel] [freeipa PR#542][synchronized] Implementation independent interface for CSR generation

URL: https://github.com/freeipa/freeipa/pull/542 Author: LiptonB Title: #542: Implementation independent interface for CSR generation Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/542/head:pr542 git

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card flo-renaud commented: """ Hi @HonzaCholasta thank you for your comments. Patch rebased. """ See the full comment at

[Freeipa-devel] [freeipa PR#542][opened] Implementation independent interface for CSR generation

URL: https://github.com/freeipa/freeipa/pull/542 Author: LiptonB Title: #542: Implementation independent interface for CSR generation Action: opened PR body: """ @HonzaCholasta and everyone, here is where I am so far on the [CertificationRequestInfo-based interface for CSR

[Freeipa-devel] [freeipa PR#516][synchronized] IdM Server: list all Employees with matching Smart Card

URL: https://github.com/freeipa/freeipa/pull/516 Author: flo-renaud Title: #516: IdM Server: list all Employees with matching Smart Card Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/516/head:pr516 git

[Freeipa-devel] [freeipa PR#543][opened] Add options to allow ticket caching

URL: https://github.com/freeipa/freeipa/pull/543 Author: simo5 Title: #543: Add options to allow ticket caching Action: opened PR body: """ This new option (planned to land in gssproxy 0.7) we cache the ldap ticket properly and avoid a ticket lookup to the KDC on each and every ldap

Re: [Freeipa-devel] [DISCUSSION] checking *lint at configure time

On (06/03/17 14:38), Christian Heimes wrote: >> B) it is not just an optional dependency. I tried to explain in 1st mail >> that it should be a recomended dependency. > >Recommended != required > {Py,js}lint are not required ATM. Just error message from configure is poorly phrased. >Linting is a

Re: [Freeipa-devel] [DISCUSSION] checking *lint at configure time

On (06/03/17 14:36), Tomas Krizek wrote: >> I am sorry but I still did not get your point. Could you a little bit >> ellaborate? >In this case - build won't fail when you don't have the dependencies for >linters. But it will be *easier* to develop on other distributions if they run "make lint".

[Freeipa-devel] [freeipa PR#543][synchronized] Add options to allow ticket caching

URL: https://github.com/freeipa/freeipa/pull/543 Author: simo5 Title: #543: Add options to allow ticket caching Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/543/head:pr543 git checkout pr543 From

[Freeipa-devel] [freeipa PR#543][synchronized] Add options to allow ticket caching

URL: https://github.com/freeipa/freeipa/pull/543 Author: simo5 Title: #543: Add options to allow ticket caching Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/543/head:pr543 git checkout pr543 From

[Freeipa-devel] Karma Requests for pki-core-10.3.5-13

*The following updated candidate builds of pki-core 10.3.5 were generated:* * *Fedora 24:* o *pki-core-10.3.5-13.fc24 * * *Fedora 25:* o *pki-core-10.3.5-13.fc25

[Freeipa-devel] [freeipa PR#542][comment] Implementation independent interface for CSR generation

URL: https://github.com/freeipa/freeipa/pull/542 Title: #542: Implementation independent interface for CSR generation HonzaCholasta commented: """ * Maybe I'm missing something, but the intent behind the CertificationRequestInfo-based interface was to replace all of the different helpers with

[Freeipa-devel] [freeipa PR#531][comment] httpinstance: disable system trust module in /etc/httpd/alias

URL: https://github.com/freeipa/freeipa/pull/531 Title: #531: httpinstance: disable system trust module in /etc/httpd/alias HonzaCholasta commented: """ The conflict between master and replica exists because on the master, client install is executed last, but on (domain level 1+) replica it is

[Freeipa-devel] [freeipa PR#444][comment] Allow nsaccountlock to be searched in user-find commands

URL: https://github.com/freeipa/freeipa/pull/444 Title: #444: Allow nsaccountlock to be searched in user-find commands abbra commented: """ You are correct in the fact that the search filter need to be modified to allow matching entries without nsAccountLock attribute set. """ See the full

[Freeipa-devel] [freeipa PR#420][comment] Allow login to WebUI using Kerberos aliases/enterprise principals

URL: https://github.com/freeipa/freeipa/pull/420 Title: #420: Allow login to WebUI using Kerberos aliases/enterprise principals martbab commented: """ @abbra can you also have a quick look at this PR if it is OK from the trusted user login perspective? """ See the full comment at

[Freeipa-devel] gssproxy-0.6.2-2 broken

Hello, Current gssproxy in Fedora 25 "updates" repository (gssproxy-0.6.2-2) is broken. For a freshly-installed IPA server, the infamous error "ipa: ERROR: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2598845123): No credentials cache found" will

[Freeipa-devel] [freeipa PR#504][-ack] Add SHA256 fingerprints

URL: https://github.com/freeipa/freeipa/pull/504 Title: #504: Add SHA256 fingerprints Label: -ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#504][comment] Add SHA256 fingerprints

URL: https://github.com/freeipa/freeipa/pull/504 Title: #504: Add SHA256 fingerprints stlaz commented: """ Please transform `sha256_fingerprint:` into `Fingerprint (SHA1):` ``` $ ipa cert-show --all Serial number: 1 Issuing CA: ipa Certificate: Subject: CN=Certificate

[Freeipa-devel] [freeipa PR#504][comment] Add SHA256 fingerprints

URL: https://github.com/freeipa/freeipa/pull/504 Title: #504: Add SHA256 fingerprints stlaz commented: """ Please transform `sha256_fingerprint:` into `Fingerprint (SHA-256):` ``` $ ipa cert-show --all Serial number: 1 Issuing CA: ipa Certificate: Subject: CN=Certificate

[Freeipa-devel] [freeipa PR#476][synchronized] vault: cache the transport certificate on client

URL: https://github.com/freeipa/freeipa/pull/476 Author: HonzaCholasta Title: #476: vault: cache the transport certificate on client Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/476/head:pr476 git