Hello,
Since we're trying to make FreeIPA work in FIPS we got to the point
where we need to do something with MD5 fingerprints in the cert plugin.
Eventually we came to a realization that it'd be best to get rid of them
as a whole. These are counted by the framework and are not stored
On 02/22/2017 12:28 AM, Fraser Tweedale wrote:
On Tue, Feb 21, 2017 at 05:23:07PM +0100, Standa Laznicka wrote:
On 02/21/2017 04:24 PM, Tomas Krizek wrote:
On 02/21/2017 03:23 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
Hello,
Since we're trying to make FreeIPA work in FIPS we got
, Feb 21, 2017 at 05:23:07PM +0100, Standa Laznicka wrote:
On 02/21/2017 04:24 PM, Tomas Krizek wrote:
On 02/21/2017 03:23 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
Hello,
Since we're trying to make FreeIPA work in FIPS we got to the
point
where we need to do something with MD5
On 02/21/2017 04:24 PM, Tomas Krizek wrote:
On 02/21/2017 03:23 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
Hello,
Since we're trying to make FreeIPA work in FIPS we got to the point
where we need to do something with MD5 fingerprints in the cert plugin.
Eventually we came
Hello,
Please don't use any ad-hoc cruft when generating passwords throughout
IPA if not really really necessary. We have a nice refreshed password
generator `ipapython.ipautil.ipa_generate_password()` default config of
which does the work for you. It also by default generates passwords
On 08/19/2016 04:06 PM, Martin Basti wrote:
On 19.08.2016 12:37, Pavel Vomacka wrote:
On 08/16/2016 08:21 AM, Stanislav Laznicka wrote:
On 08/12/2016 06:48 PM, Petr Spacek wrote:
On 11.8.2016 12:34, Stanislav Laznicka wrote:
Hello,
I updated the design of the Time-Based HBAC Policies
On 03/01/2017 12:01 PM, Standa Laznicka wrote:
Hello,
Please note that https://github.com/freeipa/freeipa/pull/367 was
pushed today. What this means for you is that your IPA installations
won't work if you had privilege separation patches applied and try to
upgrade your instances to current
Hello,
Please note that https://github.com/freeipa/freeipa/pull/367 was pushed
today. What this means for you is that your IPA installations won't work
if you had privilege separation patches applied and try to upgrade your
instances to current master.
This is because privilege separation
Hello,
Please note that when you make a request for a certificate to
certmonger, it uses different representation of the "Subject" that you
provide to it, based on the storage you aim for (LDAP representation
when storing to NSS DB, X509 representation when storing to a file).
This issue
On 05/06/2016 12:28 PM, Stanislav Laznicka wrote:
Hello,
The time rules for FreeIPA effort is now to be found on Github. I
forked FreeIPA and SSSD repos and added the current state of work there.
https://github.com/stlaz/freeipa/tree/timerules
On 08/31/2016 12:57 PM, Petr Spacek wrote:
On 31.8.2016 12:42, Standa Laznicka wrote:
On 08/30/2016 03:34 PM, Simo Sorce wrote:
On Tue, 2016-08-30 at 08:47 +0200, Standa Laznicka wrote:
On 08/26/2016 05:37 PM, Simo Sorce wrote:
On Fri, 2016-08-26 at 11:26 -0400, Simo Sorce wrote:
On Fri
On 09/01/2016 01:26 PM, Standa Laznicka wrote:
On 08/31/2016 12:57 PM, Petr Spacek wrote:
On 31.8.2016 12:42, Standa Laznicka wrote:
On 08/30/2016 03:34 PM, Simo Sorce wrote:
On Tue, 2016-08-30 at 08:47 +0200, Standa Laznicka wrote:
On 08/26/2016 05:37 PM, Simo Sorce wrote:
On Fri, 2016-08
On 09/01/2016 02:14 PM, Petr Spacek wrote:
On 1.9.2016 14:09, Standa Laznicka wrote:
On 09/01/2016 01:26 PM, Standa Laznicka wrote:
On 08/31/2016 12:57 PM, Petr Spacek wrote:
On 31.8.2016 12:42, Standa Laznicka wrote:
On 08/30/2016 03:34 PM, Simo Sorce wrote:
On Tue, 2016-08-30 at 08:47
On 09/01/2016 03:06 PM, Simo Sorce wrote:
On Thu, 2016-09-01 at 14:09 +0200, Standa Laznicka wrote:
The class ipaHBACRuleV2 is dynamically switched to from ipaHBACRule
upon
addition of a time rule to a certain HBAC rule.
Honestly I am against this.
If you really want the two objects
On 09/01/2016 05:18 PM, Simo Sorce wrote:
On Thu, 2016-09-01 at 16:35 +0200, Standa Laznicka wrote:
On 09/01/2016 03:06 PM, Simo Sorce wrote:
On Thu, 2016-09-01 at 14:09 +0200, Standa Laznicka wrote:
The class ipaHBACRuleV2 is dynamically switched to from ipaHBACRule
upon
addition of a time
On 08/26/2016 05:37 PM, Simo Sorce wrote:
On Fri, 2016-08-26 at 11:26 -0400, Simo Sorce wrote:
On Fri, 2016-08-26 at 18:09 +0300, Alexander Bokovoy wrote:
On Fri, 26 Aug 2016, Simo Sorce wrote:
On Fri, 2016-08-26 at 12:39 +0200, Martin Basti wrote:
I miss "why" part of "To be able to handle
On 08/30/2016 03:34 PM, Simo Sorce wrote:
On Tue, 2016-08-30 at 08:47 +0200, Standa Laznicka wrote:
On 08/26/2016 05:37 PM, Simo Sorce wrote:
On Fri, 2016-08-26 at 11:26 -0400, Simo Sorce wrote:
On Fri, 2016-08-26 at 18:09 +0300, Alexander Bokovoy wrote:
On Fri, 26 Aug 2016, Simo Sorce wrote
On 08/30/2016 09:23 AM, Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Jan Cholasta wrote:
On 30.8.2016 08:47, Standa Laznicka wrote:
On 08/26/2016 05:37 PM, Simo Sorce wrote:
On Fri, 2016-08-26 at 11:26 -0400, Simo Sorce wrote:
On Fri, 2016-08-26 at 18:09 +0300, Alexander Bokovoy wrote
On 08/30/2016 09:34 AM, Standa Laznicka wrote:
On 08/30/2016 09:23 AM, Alexander Bokovoy wrote:
On Tue, 30 Aug 2016, Jan Cholasta wrote:
On 30.8.2016 08:47, Standa Laznicka wrote:
On 08/26/2016 05:37 PM, Simo Sorce wrote:
On Fri, 2016-08-26 at 11:26 -0400, Simo Sorce wrote:
On Fri, 2016-08
On 09/03/2016 06:25 PM, Jan Pazdziora wrote:
On Thu, Sep 01, 2016 at 11:18:45AM -0400, Simo Sorce wrote:
The thing is we (and admins) will be stuck with old client s for a loong
time, so we need to make it clear to them what works for what. We need
to allow admins to create rules that work for
On 09/09/2016 02:58 PM, Simo Sorce wrote:
On Fri, 2016-09-09 at 13:14 +0200, Standa Laznicka wrote:
On 09/03/2016 06:25 PM, Jan Pazdziora wrote:
On Thu, Sep 01, 2016 at 11:18:45AM -0400, Simo Sorce wrote:
The thing is we (and admins) will be stuck with old client s for a loong
time, so we
On 10/07/2016 08:31 AM, Jan Cholasta wrote:
On 17.8.2016 13:47, Stanislav Laznicka wrote:
On 08/11/2016 02:59 PM, Stanislav Laznicka wrote:
On 08/11/2016 07:49 AM, Jan Cholasta wrote:
On 2.8.2016 13:47, Stanislav Laznicka wrote:
On 07/19/2016 09:20 AM, Jan Cholasta wrote:
Hi,
On 14.7.2016
On 09/23/2016 08:50 AM, Jan Cholasta wrote:
On 25.8.2016 15:31, Martin Basti wrote:
On 10.08.2016 07:53, Stanislav Laznicka wrote:
On 08/10/2016 07:31 AM, Jan Cholasta wrote:
On 9.8.2016 18:52, Petr Vobornik wrote:
On 08/09/2016 04:18 PM, Martin Basti wrote:
On 09.08.2016 16:07,
On 09/23/2016 07:28 AM, Jan Cholasta wrote:
On 22.9.2016 16:39, Martin Basti wrote:
Hello all,
In 4.5, I would like to remove all unused variables from code and enable
pylint check. Due to big amount of unused variables in the code this
will be longterm effort.
Why this?:
* better code
On 09/23/2016 02:11 PM, Martin Basti wrote:
On 23.09.2016 14:12, Jan Cholasta wrote:
On 23.9.2016 13:23, Standa Laznicka wrote:
On 09/23/2016 07:28 AM, Jan Cholasta wrote:
On 22.9.2016 16:39, Martin Basti wrote:
Hello all,
In 4.5, I would like to remove all unused variables from code
On 08/26/2016 12:27 PM, Jan Cholasta wrote:
On 26.8.2016 12:21, Martin Basti wrote:
On 26.08.2016 12:13, Jan Cholasta wrote:
On 26.8.2016 11:55, Martin Basti wrote:
On 26.08.2016 11:43, Jan Cholasta wrote:
Hi,
On 11.8.2016 12:34, Stanislav Laznicka wrote:
Hello,
I updated the design of
On 08/26/2016 12:39 PM, Martin Basti wrote:
On 26.08.2016 12:37, Petr Vobornik wrote:
On 08/26/2016 12:23 PM, Martin Basti wrote:
On 26.08.2016 12:20, Alexander Bokovoy wrote:
On Fri, 26 Aug 2016, Jan Cholasta wrote:
On 26.8.2016 11:55, Martin Basti wrote:
On 26.08.2016 11:43, Jan
https://fedorahosted.org/freeipa/ticket/6230
From 33d25d76d71ede4b4d4ac3f57663132ac4c6decb Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka
Date: Tue, 23 Aug 2016 13:43:24 +0200
Subject: [PATCH] Make installer quit more nicely on external CA installation
On 11/24/2016 04:27 PM, Adam Bishop wrote:
I'm writing a bit of code using ipalib directly, I'm a little stuck on
authentication though.
It works fine if grab a Kerberos ticket with kinit then run the code
interactively, but I'd like to run this as a daemon which makes maintaining a
ticket
On 10/10/2016 07:53 AM, Jan Cholasta wrote:
On 7.10.2016 12:23, Standa Laznicka wrote:
On 10/07/2016 08:31 AM, Jan Cholasta wrote:
On 17.8.2016 13:47, Stanislav Laznicka wrote:
On 08/11/2016 02:59 PM, Stanislav Laznicka wrote:
On 08/11/2016 07:49 AM, Jan Cholasta wrote:
On 2.8.2016 13:47
On 12/14/2016 02:53 AM, Ben Lipton wrote:
Hi all,
I'm pretty sure this is unrelated to the CI issues discussed in other
threads recently, but they reminded me that I've been having this odd
issue.
https://travis-ci.org/freeipa/freeipa/jobs/183756995 is the most
recent run on my pull
Hello,
I started a design page for FreeIPA on FIPS-enabled systems:
https://www.freeipa.org/page/V4/FreeIPA-on-FIPS
Me and Tomáš are still investigating what of all things will need to
change in order to have FreeIPA on FIPS-enabled RHEL. So far I managed
to install and run patched FreeIPA
Hello list,
In PR https://github.com/freeipa/freeipa/pull/385 we changed the hashing
algorithm for SSH public key fingerprints which are printed for
hosts/users in their respective show commands. These fingerprints are
not stored anywhere and are calculated during runtime on demand.
We did
On 12/19/2016 03:07 PM, John Dennis wrote:
On 12/19/2016 03:12 AM, Standa Laznicka wrote:
On 12/16/2016 03:23 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
Hello,
I started a design page for FreeIPA on FIPS-enabled systems:
https://www.freeipa.org/page/V4/FreeIPA-on-FIPS
Me and Tomáš
On 12/16/2016 03:23 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
Hello,
I started a design page for FreeIPA on FIPS-enabled systems:
https://www.freeipa.org/page/V4/FreeIPA-on-FIPS
Me and Tomáš are still investigating what of all things will need to
change in order to have FreeIPA on FIPS
On 03/14/2017 08:42 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
On 03/14/2017 04:21 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
On 03/14/2017 03:14 PM, Martin Basti wrote:
On 14.03.2017 14:56, Luc de Louw wrote:
My 3 cents...
"Please note that FIPS 140-2 support may not
On 04/21/2017 08:12 AM, Abhijeet Kasurde wrote:
+1
On 20/04/17 9:36 PM, Petr Vobornik wrote:
Hi all,
I'd like to improve quality of bug reports and RFEs.
A possibility I see is to create and issue template [1].
Sounds like a good idea! Please see my comments.
What do you think of the
On 03/14/2017 03:14 PM, Martin Basti wrote:
On 14.03.2017 14:56, Luc de Louw wrote:
My 3 cents...
"Please note that FIPS 140-2 support may not work on some platforms"
-> Does is work in Fedora? Should be worth mention it so people are
more encouraged to test it in Fedora before its getting to
On 03/14/2017 04:21 PM, Rob Crittenden wrote:
Standa Laznicka wrote:
On 03/14/2017 03:14 PM, Martin Basti wrote:
On 14.03.2017 14:56, Luc de Louw wrote:
My 3 cents...
"Please note that FIPS 140-2 support may not work on some platforms"
-> Does is work in Fedora? Should be
Hello,
Current gssproxy in Fedora 25 "updates" repository (gssproxy-0.6.2-2) is
broken. For a freshly-installed IPA server, the infamous error
"ipa: ERROR: Major (851968): Unspecified GSS failure. Minor code may
provide more information, Minor (2598845123): No credentials cache
found" will
On 05/12/2017 08:36 AM, Standa Laznicka wrote:
Hello,
This morning I found out that "https://pagure.io/freeipa/; resolves to
a different project, originally https://pagure.io/freeIPA/. I pointed
the problem to the developer of the system, we'll see what he can do
about it, but for now,
Hello,
This morning I found out that "https://pagure.io/freeipa/; resolves to a
different project, originally https://pagure.io/freeIPA/. I pointed the
problem to the developer of the system, we'll see what he can do about
it, but for now, we're missing about 200 issues.
Please, don't open
On 04/28/2017 02:41 PM, Martin Bašti wrote:
On 28.04.2017 14:17, Tomas Krizek wrote:
On 04/28/2017 10:15 AM, Petr Vobornik wrote:
Hi all,
I created "blocker" tag for FreeIPA Git Hub PRs.
It is should be used to mark PRs which solves test blocker or other
functional blockers - e.g. blocks
43 matches
Mail list logo