[Freeipa-devel] [freeipa PR#563][opened] backup: backup anonymous keytab

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/563 Author: MartinBasti Title: #563: backup: backup anonymous keytab Action: opened PR body: """ Freeipa stops working without anon keytab https://pagure.io/freeipa/issue/5959 """ To pull the PR as Git branch: git remote add ghfreeipa

[Freeipa-devel] [freeipa PR#564][comment] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread abbra
URL: https://github.com/freeipa/freeipa/pull/564 Title: #564: Reconfigure Kerberos library config as the last step of KDC install abbra commented: """ LGTM. """ See the full comment at https://github.com/freeipa/freeipa/pull/564#issuecomment-285418391 -- Manage your subscription for the

[Freeipa-devel] [freeipa PR#564][synchronized] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/564 Author: martbab Title: #564: Reconfigure Kerberos library config as the last step of KDC install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#545][comment] install_check: require IPv6 stack to be enabled

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/545 Title: #545: install_check: require IPv6 stack to be enabled tomaskrizek commented: """ master: * ecb450308d0a49afffb31dda1e405ad40552e70e server install: require IPv6 stack to be enabled """ See the full comment at

[Freeipa-devel] [freeipa PR#558][+ack] ipapython: fix DEFAULT_PLUGINS in version.py

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/558 Title: #558: ipapython: fix DEFAULT_PLUGINS in version.py Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#562][comment] [ipa-4-4] server install: require IPv6 stack to be enabled

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/562 Title: #562: [ipa-4-4] server install: require IPv6 stack to be enabled tomaskrizek commented: """ ipa-4-4: * a572e61cb5153df8a040757eaba0c47531f0fe85 server install: require IPv6 stack to be enabled """ See the full comment at

[Freeipa-devel] [freeipa PR#562][closed] [ipa-4-4] server install: require IPv6 stack to be enabled

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/562 Author: tomaskrizek Title: #562: [ipa-4-4] server install: require IPv6 stack to be enabled Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/562/head:pr562 git

[Freeipa-devel] [freeipa PR#562][+pushed] [ipa-4-4] server install: require IPv6 stack to be enabled

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/562 Title: #562: [ipa-4-4] server install: require IPv6 stack to be enabled Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#511][comment] Bump required version of gssproxy to 0.6.2

2017-03-09 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/511 Title: #511: Bump required version of gssproxy to 0.6.2 stlaz commented: """ +1 """ See the full comment at https://github.com/freeipa/freeipa/pull/511#issuecomment-285422303 -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] [freeipa PR#564][comment] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/564 Title: #564: Reconfigure Kerberos library config as the last step of KDC install simo5 commented: """ I do not think this is the correct fix/bug What we want to do is to change kdc.conf to require certs only after we have installed them. The KDC

[Freeipa-devel] [freeipa PR#563][+pushed] backup: backup anonymous keytab

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/563 Title: #563: backup: backup anonymous keytab Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#562][opened] [ipa-4-4] server install: require IPv6 stack to be enabled

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/562 Author: tomaskrizek Title: #562: [ipa-4-4] server install: require IPv6 stack to be enabled Action: opened PR body: """ Add checks to install and replica install to verify IPv6 stack is enabled. IPv6 is required by some IPA parts (AD,

[Freeipa-devel] [freeipa PR#558][+pushed] ipapython: fix DEFAULT_PLUGINS in version.py

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/558 Title: #558: ipapython: fix DEFAULT_PLUGINS in version.py Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#558][closed] ipapython: fix DEFAULT_PLUGINS in version.py

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/558 Author: HonzaCholasta Title: #558: ipapython: fix DEFAULT_PLUGINS in version.py Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/558/head:pr558 git checkout pr558

[Freeipa-devel] [freeipa PR#558][comment] ipapython: fix DEFAULT_PLUGINS in version.py

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/558 Title: #558: ipapython: fix DEFAULT_PLUGINS in version.py MartinBasti commented: """ master: * abf25d3cb6570e6ae7cd094ea6a5f4a1bd75d8a7 ipapython: fix DEFAULT_PLUGINS in version.py """ See the full comment at

[Freeipa-devel] [freeipa PR#561][comment] ldap2: fix crash in development mode

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/561 Title: #561: ldap2: fix crash in development mode tomaskrizek commented: """ Seems to work all right, but the locking issue still affects other parts of the code. For example, `ipa cert-show` in development mode fails with: ``` AttributeError:

[Freeipa-devel] [freeipa PR#563][comment] backup: backup anonymous keytab

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/563 Title: #563: backup: backup anonymous keytab martbab commented: """ master: * 8fb61a55fe32438752567bde8af73d6b8230a386 backup: backup anonymous keytab """ See the full comment at

[Freeipa-devel] [freeipa PR#564][comment] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/564 Title: #564: Reconfigure Kerberos library config as the last step of KDC install martbab commented: """ But the certs are requested by certmonger on replica which tries to kinit against *the very same KDC that is being configured and is not

[Freeipa-devel] [freeipa PR#564][opened] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/564 Author: martbab Title: #564: Reconfigure Kerberos library config as the last step of KDC install Action: opened PR body: """ During KDC installation, we overwrite the existing `/etc/krb5.conf` file from client version to use only local KDC for

[Freeipa-devel] [freeipa PR#545][closed] install_check: require IPv6 stack to be enabled

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/545 Author: tomaskrizek Title: #545: install_check: require IPv6 stack to be enabled Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/545/head:pr545 git checkout pr545

[Freeipa-devel] [freeipa PR#511][comment] Bump required version of gssproxy to 0.6.2

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/511 Title: #511: Bump required version of gssproxy to 0.6.2 MartinBasti commented: """ I see gssproxy 0.7 in koji, can we update this an test rather early by putting it into freeipa-master repo? """ See the full comment at

[Freeipa-devel] [freeipa PR#563][closed] backup: backup anonymous keytab

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/563 Author: MartinBasti Title: #563: backup: backup anonymous keytab Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/563/head:pr563 git checkout pr563 -- Manage your

[Freeipa-devel] [freeipa PR#562][+ack] [ipa-4-4] server install: require IPv6 stack to be enabled

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/562 Title: #562: [ipa-4-4] server install: require IPv6 stack to be enabled Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#563][+ack] backup: backup anonymous keytab

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/563 Title: #563: backup: backup anonymous keytab Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#545][comment] install_check: require IPv6 stack to be enabled

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/545 Title: #545: install_check: require IPv6 stack to be enabled tomaskrizek commented: """ I had to rebase for `ipa-4-4`: #562 """ See the full comment at https://github.com/freeipa/freeipa/pull/545#issuecomment-285391132 -- Manage your

[Freeipa-devel] [freeipa PR#546][+ack] Store session cookie in a ccache option

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/546 Title: #546: Store session cookie in a ccache option Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#561][synchronized] ldap2: fix crash in development mode

2017-03-09 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/561 Author: HonzaCholasta Title: #561: ldap2: fix crash in development mode Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/561/head:pr561 git checkout pr561

[Freeipa-devel] [freeipa PR#561][comment] ldap2: fix crash in development mode

2017-03-09 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/561 Title: #561: ldap2: fix crash in development mode HonzaCholasta commented: """ Let's see what Travis detects. """ See the full comment at https://github.com/freeipa/freeipa/pull/561#issuecomment-285582277 -- Manage your subscription for the

[Freeipa-devel] [freeipa PR#511][comment] Bump required version of gssproxy to 0.6.2

2017-03-09 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/511 Title: #511: Bump required version of gssproxy to 0.6.2 HonzaCholasta commented: """ FYI built both in the freeipa-master COPR. """ See the full comment at https://github.com/freeipa/freeipa/pull/511#issuecomment-285582369 -- Manage your

[Freeipa-devel] [freeipa PR#566][opened] webui: do not warn about CAs if there is only one master

2017-03-09 Thread pvoborni
URL: https://github.com/freeipa/freeipa/pull/566 Author: pvoborni Title: #566: webui: do not warn about CAs if there is only one master Action: opened PR body: """ Web UI showed pop-up dialog which recommends to install additional CA in topology section when only 1 CA existed even if there

[Freeipa-devel] [freeipa PR#566][comment] webui: do not warn about CAs if there is only one master

2017-03-09 Thread pvoborni
URL: https://github.com/freeipa/freeipa/pull/566 Title: #566: webui: do not warn about CAs if there is only one master pvoborni commented: """ Written in a way that it can be then easily extended with KRA check. """ See the full comment at

[Freeipa-devel] [freeipa PR#565][opened] permissions: add permissions for reading and modifying external group members

2017-03-09 Thread pvoborni
URL: https://github.com/freeipa/freeipa/pull/565 Author: pvoborni Title: #565: permissions: add permissions for reading and modifying external group members Action: opened PR body: """ Issue: "User Administrator" role cannot add users to an External Group.

[Freeipa-devel] [freeipa PR#564][comment] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread abbra
URL: https://github.com/freeipa/freeipa/pull/564 Title: #564: Reconfigure Kerberos library config as the last step of KDC install abbra commented: """ @simo5 KDC starts just fine with missing certs. It disables PKINIT if certs aren't reachable. However, if KDC is not running at all, certmonger

[Freeipa-devel] [freeipa PR#553][comment] Add check for removing last KRA server

2017-03-09 Thread pvoborni
URL: https://github.com/freeipa/freeipa/pull/553 Title: #553: Add check for removing last KRA server pvoborni commented: """ Fix for 6598 in #566 """ See the full comment at https://github.com/freeipa/freeipa/pull/553#issuecomment-285450624 -- Manage your subscription for the Freeipa-devel

[Freeipa-devel] [freeipa PR#565][synchronized] permissions: add permissions for reading and modifying external group members

2017-03-09 Thread pvoborni
URL: https://github.com/freeipa/freeipa/pull/565 Author: pvoborni Title: #565: permissions: add permissions for reading and modifying external group members Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#567][opened] Configure KDC to use certs after they are deployed

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/567 Author: simo5 Title: #567: Configure KDC to use certs after they are deployed Action: opened PR body: """ Certmonger needs to access the KDC when it tries to obtain certs, so make sure the KDC can run, then reconfigure it to use pkinit anchors

[Freeipa-devel] [freeipa PR#564][comment] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/564 Title: #564: Reconfigure Kerberos library config as the last step of KDC install simo5 commented: """ @martbab @abbra see the pull request in #567 """ See the full comment at https://github.com/freeipa/freeipa/pull/564#issuecomment-285493983 --

[Freeipa-devel] [freeipa PR#511][comment] Bump required version of gssproxy to 0.6.2

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/511 Title: #511: Bump required version of gssproxy to 0.6.2 simo5 commented: """ Can you prepare patch for spec file that requires gssproxy >= 0.7.0 and mod_auth_gssapi >= 1.5.0 ? """ See the full comment at

[Freeipa-devel] [freeipa PR#567][comment] Configure KDC to use certs after they are deployed

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/567 Title: #567: Configure KDC to use certs after they are deployed simo5 commented: """ Still testing but this should be the way to go to fix the bug reported in #564 """ See the full comment at

[Freeipa-devel] [freeipa PR#561][comment] ldap2: fix crash in development mode

2017-03-09 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/561 Title: #561: ldap2: fix crash in development mode HonzaCholasta commented: """ Travis didn't detect anything else, so I think we are good to go. Shall we keep the `.test_runner_config.yaml` change? (@martbab?) """ See the full comment at

[Freeipa-devel] [freeipa PR#564][+rejected] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/564 Title: #564: Reconfigure Kerberos library config as the last step of KDC install Label: +rejected -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#564][closed] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/564 Author: martbab Title: #564: Reconfigure Kerberos library config as the last step of KDC install Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/564/head:pr564

[Freeipa-devel] [freeipa PR#564][comment] Reconfigure Kerberos library config as the last step of KDC install

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/564 Title: #564: Reconfigure Kerberos library config as the last step of KDC install martbab commented: """ Ah right this won't work because on master there would be no library configuration for KDC deployment (realm, etc) that's why server install

[Freeipa-devel] Samba 4.6.0-2.fc26 is available for trust tests

2017-03-09 Thread Alexander Bokovoy
Hi, I've submitted Samba 4.6.0-2 to FC26 and rawhide. This build contains fixes that allow FreeIPA implement trust functionality under gssproxy privilege separation. You need gssproxy 0.7.0 or later. Please test and add karma to https://bodhi.fedoraproject.org/updates/FEDORA-2017-c5e572f32b

[Freeipa-devel] [freeipa PR#567][comment] Configure KDC to use certs after they are deployed

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/567 Title: #567: Configure KDC to use certs after they are deployed martbab commented: """ I think we can avoid the copy-pasta by actually moving PKINIT requesting code into `__common_post_setup` like this: ```diff ---

[Freeipa-devel] [freeipa PR#567][comment] Configure KDC to use certs after they are deployed

2017-03-09 Thread martbab
URL: https://github.com/freeipa/freeipa/pull/567 Title: #567: Configure KDC to use certs after they are deployed martbab commented: """ I think we can avoid the copy-pasta by actually moving PKINIT requesting code into `__common_post_setup` like this: ```diff ---

[Freeipa-devel] [freeipa PR#561][synchronized] ldap2: fix crash in development mode

2017-03-09 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/561 Author: HonzaCholasta Title: #561: ldap2: fix crash in development mode Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/561/head:pr561 git checkout pr561

[Freeipa-devel] [freeipa PR#535][synchronized] add whoami command

2017-03-09 Thread abbra
URL: https://github.com/freeipa/freeipa/pull/535 Author: abbra Title: #535: add whoami command Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/535/head:pr535 git checkout pr535 From

[Freeipa-devel] [freeipa PR#535][synchronized] add whoami command

2017-03-09 Thread abbra
URL: https://github.com/freeipa/freeipa/pull/535 Author: abbra Title: #535: add whoami command Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/535/head:pr535 git checkout pr535 From

[Freeipa-devel] [freeipa PR#535][comment] add whoami command

2017-03-09 Thread abbra
URL: https://github.com/freeipa/freeipa/pull/535 Title: #535: add whoami command abbra commented: """ Updated. """ See the full comment at https://github.com/freeipa/freeipa/pull/535#issuecomment-285310604 -- Manage your subscription for the Freeipa-devel mailing list:

[Freeipa-devel] [freeipa PR#556][synchronized] Don't allow standalone KRA uninstalls

2017-03-09 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/556 Author: stlaz Title: #556: Don't allow standalone KRA uninstalls Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/556/head:pr556 git checkout pr556 From

[Freeipa-devel] [freeipa PR#544][+pushed] Don't use weak ciphers for client HTTPS connections

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/544 Title: #544: Don't use weak ciphers for client HTTPS connections Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#556][comment] Don't allow standalone KRA uninstalls

2017-03-09 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/556 Title: #556: Don't allow standalone KRA uninstalls stlaz commented: """ Should be fixed now, had to add `sys.exit()` call not to show traceback  """ See the full comment at https://github.com/freeipa/freeipa/pull/556#issuecomment-285322583 --

[Freeipa-devel] [freeipa PR#556][synchronized] Don't allow standalone KRA uninstalls

2017-03-09 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/556 Author: stlaz Title: #556: Don't allow standalone KRA uninstalls Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/556/head:pr556 git checkout pr556 From

[Freeipa-devel] [freeipa PR#555][closed] ipa-managed-entries: use server-mode API

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/555 Author: martbab Title: #555: ipa-managed-entries: use server-mode API Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/555/head:pr555 git checkout pr555 -- Manage

[Freeipa-devel] [freeipa PR#555][comment] ipa-managed-entries: use server-mode API

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/555 Title: #555: ipa-managed-entries: use server-mode API tomaskrizek commented: """ master: * 715367506b11549aae69f913594ebc6d9c4d3e76 ipa-managed-entries: use server-mode API * 5cb98496aa2e1e190219cf2f4a6208a38fa368d5 ipa-managed-entries: only

[Freeipa-devel] [freeipa PR#555][+pushed] ipa-managed-entries: use server-mode API

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/555 Title: #555: ipa-managed-entries: use server-mode API Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login

2017-03-09 Thread pvomacka
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From

[Freeipa-devel] [freeipa PR#557][comment] certmap: load certificate from file in certmap-match CLI

2017-03-09 Thread flo-renaud
URL: https://github.com/freeipa/freeipa/pull/557 Title: #557: certmap: load certificate from file in certmap-match CLI flo-renaud commented: """ Hi @HonzaCholasta thank you for this patch. There is a minor issue when --certificate is specified multiple times: ``` ipa certmap-match

[Freeipa-devel] [freeipa PR#558][opened] ipapython: fix DEFAULT_PLUGINS in version.py

2017-03-09 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/558 Author: HonzaCholasta Title: #558: ipapython: fix DEFAULT_PLUGINS in version.py Action: opened PR body: """ Replace the placeholder with the actual value during build. This fixes the client incorrectly assuming that the default version of all

[Freeipa-devel] [freeipa PR#559][opened] WebUI: Certificate login

2017-03-09 Thread pvomacka
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: opened PR body: """ https://pagure.io/freeipa/issue/6225 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#556][comment] Don't allow standalone KRA uninstalls

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/556 Title: #556: Don't allow standalone KRA uninstalls tomaskrizek commented: """ You should also remove: ``` ipaplatform/base/paths.py:313:IPASERVER_KRA_UNINSTALL_LOG ipatests/test_integration/tasks.py:71:

[Freeipa-devel] [freeipa PR#544][comment] Don't use weak ciphers for client HTTPS connections

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/544 Title: #544: Don't use weak ciphers for client HTTPS connections tomaskrizek commented: """ master: * fda22c33441d3b2c541a272e411ac1503a20fb01 Don't use weak ciphers for client HTTPS connections """ See the full comment at

[Freeipa-devel] [freeipa PR#544][closed] Don't use weak ciphers for client HTTPS connections

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/544 Author: stlaz Title: #544: Don't use weak ciphers for client HTTPS connections Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/544/head:pr544 git checkout pr544

[Freeipa-devel] [freeipa PR#535][comment] add whoami command

2017-03-09 Thread abbra
URL: https://github.com/freeipa/freeipa/pull/535 Title: #535: add whoami command abbra commented: """ Done. I've also updated the design page to reflect the changes. """ See the full comment at https://github.com/freeipa/freeipa/pull/535#issuecomment-285340468 -- Manage your subscription for

[Freeipa-devel] [freeipa PR#546][comment] Store session cookie in a ccache option

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/546 Title: #546: Store session cookie in a ccache option MartinBasti commented: """ ``` * Module ipapython.session_storage ipapython/session_storage.py:187: [W1624(indexing-exception), remove_data] Indexing exceptions will not work on

[Freeipa-devel] [freeipa PR#535][comment] add whoami command

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/535 Title: #535: add whoami command MartinBasti commented: """ master: * 381c1c7a8fe63526d21cb65decb75fb5ffda676a add whoami command """ See the full comment at https://github.com/freeipa/freeipa/pull/535#issuecomment-285347082 -- Manage your

[Freeipa-devel] [freeipa PR#535][+pushed] add whoami command

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/535 Title: #535: add whoami command Label: +pushed -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#535][closed] add whoami command

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/535 Author: abbra Title: #535: add whoami command Action: closed To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/535/head:pr535 git checkout pr535 -- Manage your subscription for

[Freeipa-devel] [freeipa PR#535][+ack] add whoami command

2017-03-09 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/535 Title: #535: add whoami command Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#556][comment] Don't allow standalone KRA uninstalls

2017-03-09 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/556 Title: #556: Don't allow standalone KRA uninstalls stlaz commented: """ @MartinBasti unfortunately not. """ See the full comment at https://github.com/freeipa/freeipa/pull/556#issuecomment-285344820 -- Manage your subscription for the

[Freeipa-devel] [freeipa PR#535][comment] add whoami command

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/535 Title: #535: add whoami command MartinBasti commented: """ Tests: https://pagure.io/freeipa/issue/6745 """ See the full comment at https://github.com/freeipa/freeipa/pull/535#issuecomment-285347687 -- Manage your subscription for the

[Freeipa-devel] [freeipa PR#559][comment] WebUI: Certificate login

2017-03-09 Thread dkupka
URL: https://github.com/freeipa/freeipa/pull/559 Title: #559: WebUI: Certificate login dkupka commented: """ @pvomacka NACK, see lint errors in travis. """ See the full comment at https://github.com/freeipa/freeipa/pull/559#issuecomment-285329218 -- Manage your subscription for the

[Freeipa-devel] [freeipa PR#535][synchronized] add whoami command

2017-03-09 Thread abbra
URL: https://github.com/freeipa/freeipa/pull/535 Author: abbra Title: #535: add whoami command Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/535/head:pr535 git checkout pr535 From

[Freeipa-devel] [freeipa PR#546][synchronized] Store session cookie in a ccache option

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Author: simo5 Title: #546: Store session cookie in a ccache option Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/546/head:pr546 git checkout pr546 From

[Freeipa-devel] [freeipa PR#546][comment] Store session cookie in a ccache option

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Title: #546: Store session cookie in a ccache option simo5 commented: """ Ok I decide to do away with the whole class stuff, given we never really keep a round the class object for more than one operation at a time in actual use. As @rcritten

[Freeipa-devel] [freeipa PR#535][comment] add whoami command

2017-03-09 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/535 Title: #535: add whoami command stlaz commented: """ Thank you, ACK. Please don't close the ticket, we still need tests. """ See the full comment at https://github.com/freeipa/freeipa/pull/535#issuecomment-285344724 -- Manage your subscription

[Freeipa-devel] [freeipa PR#556][synchronized] Don't allow standalone KRA uninstalls

2017-03-09 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/556 Author: stlaz Title: #556: Don't allow standalone KRA uninstalls Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/556/head:pr556 git checkout pr556 From

[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login

2017-03-09 Thread pvomacka
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From

[Freeipa-devel] [freeipa PR#560][opened] rpcserver: x509_login: Handle unsuccessful certificate login gracefully

2017-03-09 Thread dkupka
URL: https://github.com/freeipa/freeipa/pull/560 Author: dkupka Title: #560: rpcserver: x509_login: Handle unsuccessful certificate login gracefully Action: opened PR body: """ When mod_lookup_identity is unable to match user by certificate (and username) it unsets http request's user.

[Freeipa-devel] [freeipa PR#535][comment] add whoami command

2017-03-09 Thread stlaz
URL: https://github.com/freeipa/freeipa/pull/535 Title: #535: add whoami command stlaz commented: """ @abbra Thank you for the changes, the patch seems fine now. I tested the user/service/host scenarios and it worked fine. I couldn't test idviews since trusts are broken now but I assume it

[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login

2017-03-09 Thread pvomacka
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From

[Freeipa-devel] [freeipa PR#556][comment] Don't allow standalone KRA uninstalls

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/556 Title: #556: Don't allow standalone KRA uninstalls MartinBasti commented: """ `ScriptError` didn't work? """ See the full comment at https://github.com/freeipa/freeipa/pull/556#issuecomment-285341002 -- Manage your subscription for the

[Freeipa-devel] [freeipa PR#476][comment] vault: cache the transport certificate on client

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/476 Title: #476: vault: cache the transport certificate on client MartinBasti commented: """ needs rebase """ See the full comment at https://github.com/freeipa/freeipa/pull/476#issuecomment-285345504 -- Manage your subscription for the

[Freeipa-devel] [freeipa PR#559][synchronized] WebUI: Certificate login

2017-03-09 Thread pvomacka
URL: https://github.com/freeipa/freeipa/pull/559 Author: pvomacka Title: #559: WebUI: Certificate login Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/559/head:pr559 git checkout pr559 From

[Freeipa-devel] [freeipa PR#559][comment] WebUI: Certificate login

2017-03-09 Thread pvomacka
URL: https://github.com/freeipa/freeipa/pull/559 Title: #559: WebUI: Certificate login pvomacka commented: """ @pvoborni thank you for review. Fixed all proposed changes. """ See the full comment at https://github.com/freeipa/freeipa/pull/559#issuecomment-285348733 -- Manage your

[Freeipa-devel] [freeipa PR#561][synchronized] ldap2: fix crash in development mode

2017-03-09 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/561 Author: HonzaCholasta Title: #561: ldap2: fix crash in development mode Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/561/head:pr561 git checkout pr561

[Freeipa-devel] [freeipa PR#561][edited] ldap2: fix crash in development mode

2017-03-09 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/561 Author: HonzaCholasta Title: #561: ldap2: fix crash in development mode Action: edited Changed field: body Original value: """ Do not set or delete attributes directly on the ldap2 instance, as that raises an AttributeError in development mode

[Freeipa-devel] [freeipa PR#546][comment] Store session cookie in a ccache option

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Title: #546: Store session cookie in a ccache option simo5 commented: """ Oops sorry, forgot to run make pylint on my last iteration, should be all fixed now """ See the full comment at

[Freeipa-devel] [freeipa PR#557][comment] certmap: load certificate from file in certmap-match CLI

2017-03-09 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/557 Title: #557: certmap: load certificate from file in certmap-match CLI HonzaCholasta commented: """ @flo-renaud, looks like you have found an issue in the framework, but it is unrelated to this PR. It can be reproduced in other commands as well,

[Freeipa-devel] [freeipa PR#476][synchronized] vault: cache the transport certificate on client

2017-03-09 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/476 Author: HonzaCholasta Title: #476: vault: cache the transport certificate on client Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/476/head:pr476 git

[Freeipa-devel] [freeipa PR#556][-ack] Don't allow standalone KRA uninstalls

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/556 Title: #556: Don't allow standalone KRA uninstalls Label: -ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#556][comment] Don't allow standalone KRA uninstalls

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/556 Title: #556: Don't allow standalone KRA uninstalls MartinBasti commented: """ Waiting for more opinions about removing KRA --uninstall """ See the full comment at https://github.com/freeipa/freeipa/pull/556#issuecomment-285352065 -- Manage

[Freeipa-devel] [freeipa PR#545][+ack] install_check: require IPv6 stack to be enabled

2017-03-09 Thread MartinBasti
URL: https://github.com/freeipa/freeipa/pull/545 Title: #545: install_check: require IPv6 stack to be enabled Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#556][+ack] Don't allow standalone KRA uninstalls

2017-03-09 Thread tomaskrizek
URL: https://github.com/freeipa/freeipa/pull/556 Title: #556: Don't allow standalone KRA uninstalls Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#561][opened] ldap2: fix crash in development mode

2017-03-09 Thread HonzaCholasta
URL: https://github.com/freeipa/freeipa/pull/561 Author: HonzaCholasta Title: #561: ldap2: fix crash in development mode Action: opened PR body: """ Do not set or delete attributes directly on the ldap2 instance, as that raises an AttributeError in development mode because of ReadOnly

[Freeipa-devel] [freeipa PR#556][comment] Don't allow standalone KRA uninstalls

2017-03-09 Thread pvoborni
URL: https://github.com/freeipa/freeipa/pull/556 Title: #556: Don't allow standalone KRA uninstalls pvoborni commented: """ OK, so this pr remove `--uninstall` from `ipa-kra-install`. Did it work in the past? Or it always broke the installation? AFAIK this workflow was not really tested. If

[Freeipa-devel] [freeipa PR#556][comment] Don't allow standalone KRA uninstalls

2017-03-09 Thread pvoborni
URL: https://github.com/freeipa/freeipa/pull/556 Title: #556: Don't allow standalone KRA uninstalls pvoborni commented: """ OK, so this pr remove `--uninstall` from `ipa-kra-install`. Did it work in the past? Or it always broke the installation? AFAIK this workflow was not really tested. If

[Freeipa-devel] [freeipa PR#546][synchronized] Store session cookie in a ccache option

2017-03-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/546 Author: simo5 Title: #546: Store session cookie in a ccache option Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/546/head:pr546 git checkout pr546 From