[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-01-31 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ The correct packages are now in updates-testing in Fedora 25, pick from there. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#410][comment] ipa-kdb: support KDB DAL version 6.1

2017-02-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/410 Title: #410: ipa-kdb: support KDB DAL version 6.1 simo5 commented: """ @frozencemetery Should we provide krb5-kdb-version-devel from krb5-devel ? """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ I added 1.5.0 as a dep in freeipa.spec.in and rebased the PR """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#353][comment] [RFE] Pwdpolicy

2017-01-25 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/353 Title: #353: [RFE] Pwdpolicy simo5 commented: """ I found two subtle bugs that cause the install failure, with the rebased patches install completes correctly for me. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#353][synchronized] [RFE] Pwdpolicy

2017-01-25 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/353 Author: simo5 Title: #353: [RFE] Pwdpolicy Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/353/head:pr353 git checkout pr353 From

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-01-25 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ Ok reproduced, it is not clar how to me yet, but at some point ca.crt get zeroed out and that's why the ldap command fails, investigating &q

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-01-25 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ With this last rebase I can install again both ca and ca-less without issues. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#485][opened] Fix session logout

2017-02-20 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/485 Author: simo5 Title: #485: Fix session logout Action: opened PR body: """ There were 2 issues with session logouts, one is that the logout_cookie was checked and acted on in the wrong place, the other is that the wron

[Freeipa-devel] [freeipa PR#468][comment] Remove non-sensical kdestroy on https stop

2017-02-17 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/468 Title: #468: Remove non-sensical kdestroy on https stop simo5 commented: """ Uhm I just tried setting KRB5CCNAME=/tmp/krb5_httpd in my install and ... I found out we do not actually generate an httpd ccache, so why are we try

[Freeipa-devel] [freeipa PR#506][comment] Use IPA CA cert in Custodia secrets client

2017-02-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/506 Title: #506: Use IPA CA cert in Custodia secrets client simo5 commented: """ Works for me. """ See the full comment at https://github.com/freeipa/freeipa/pull/506#issuecomment-282282986 -- Manage your subscription

[Freeipa-devel] [freeipa PR#468][synchronized] Remove non-sensical kdestroy on https stop

2017-02-17 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/468 Author: simo5 Title: #468: Remove non-sensical kdestroy on https stop Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/468/head:pr468 git checkout pr468 From

[Freeipa-devel] [freeipa PR#468][comment] Remove non-sensical kdestroy on https stop

2017-02-17 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/468 Title: #468: Remove non-sensical kdestroy on https stop simo5 commented: """ I guess we can simply set KRB5CCNAME=/tmp/krb5_httpd in the unit file and we should be ok then. @martbab or @mbasti, can you try that ? If it solves y

[Freeipa-devel] [freeipa PR#469][comment] Ignore unlink error in ipa-otpd.socket

2017-02-17 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/469 Title: #469: Ignore unlink error in ipa-otpd.socket simo5 commented: """ @tiran I do not know, @npmccallum may know. """ See the full comment at https://github.com/freeipa/freeipa/pull/469#issuecomment-28065689

[Freeipa-devel] [freeipa PR#468][synchronized] Remove non-sensical kdestroy on https stop

2017-02-17 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/468 Author: simo5 Title: #468: Remove non-sensical kdestroy on https stop Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/468/head:pr468 git checkout pr468 From

[Freeipa-devel] [freeipa PR#468][synchronized] Remove non-sensical kdestroy on https stop

2017-02-17 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/468 Author: simo5 Title: #468: Remove non-sensical kdestroy on https stop Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/468/head:pr468 git checkout pr468 From

[Freeipa-devel] [freeipa PR#364][+ack] Client-only builds with --disable-server

2017-02-22 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/364 Title: #364: Client-only builds with --disable-server Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#364][comment] Client-only builds with --disable-server

2017-02-22 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/364 Title: #364: Client-only builds with --disable-server simo5 commented: """ So this is the reasoning and why I am approving this PR and not #494. When you build all components, including server bits, tests are installed, therefor

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-13 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ @HonzaCholasta push it before we break it again! :-) """ See the full comment at https://github.com/freeipa/freeipa/pull/314#iss

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ We actually record the principal, change the patch to destroy session_cookie in create_connection if the principal is different. "&quo

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ The changes in ipalib/rpc.py are connected to the changes in ipatest/util.py, it makes no sense to keep them separate as in eahc patch I

[Freeipa-devel] [freeipa PR#410][+ack] ipa-kdb: support KDB DAL version 6.1

2017-02-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/410 Title: #410: ipa-kdb: support KDB DAL version 6.1 Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ Ok split the last stuff in 3 commits. I remove the use of private ccache for a few reasons: 1. touches environment variables. 2. will uncondi

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ For some commits I was sure what ticket to use, for some I was not, so I elected not to put a specific ticket in there. If you have a good idea

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-10 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ So I am not sure what is going on here, after fiddling with the failing tests to print out what was going on, they suddenly started working

[Freeipa-devel] [freeipa PR#468][opened] Remove non-sensical kdestroy on https stop

2017-02-15 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/468 Author: simo5 Title: #468: Remove non-sensical kdestroy on https stop Action: opened PR body: """ This kdestroy runs as root and wipes root's own ccachs ... this is totally inappropriate. https://fedorahosted.org/freeipa/tick

[Freeipa-devel] [freeipa PR#466][+ack] pkinit: make sure to have proper dictionary for Kerberos instance on upgrade

2017-02-15 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/466 Title: #466: pkinit: make sure to have proper dictionary for Kerberos instance on upgrade Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA:

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ Done """ See the full comment at https://github.com/freeipa/freeipa/pull/314#issuecomment-279859272 -- Manage your subscription

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ I think I know what is going on here, can you add an actual test to the testsuite that checks this ? I will fix my PR to not cause this deadlock,

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ Mi last push fixes the deadlock and another problem in ipalib/krb_utils.py I haven't figured out exactly what happens in change_password, I see

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-02-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ Mi last push fixes the deadlock and another problem in ipalib/krb_utils.py I haven't figured out exactly what happens in change_password, I see

[Freeipa-devel] [freeipa PR#468][comment] Remove non-sensical kdestroy on https stop

2017-02-16 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/468 Title: #468: Remove non-sensical kdestroy on https stop simo5 commented: """ @MartinBasti the unit files are the wrong place to destroy ccaches, especially given they run as a different user (root) and may not have access to dest

[Freeipa-devel] [freeipa PR#468][comment] Remove non-sensical kdestroy on https stop

2017-02-16 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/468 Title: #468: Remove non-sensical kdestroy on https stop simo5 commented: """ If this is about backup/restore, add a kdestroy ccache in the restore scripts, making sue it su - apache first """ See the full comment

[Freeipa-devel] [freeipa PR#468][comment] Remove non-sensical kdestroy on https stop

2017-02-16 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/468 Title: #468: Remove non-sensical kdestroy on https stop simo5 commented: """ If you request a new keytab you should clean up the cacche ? If we have a way to run the post exec command as the right user and with the right /tmp (

[Freeipa-devel] [freeipa PR#468][synchronized] Remove non-sensical kdestroy on https stop

2017-02-16 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/468 Author: simo5 Title: #468: Remove non-sensical kdestroy on https stop Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/468/head:pr468 git checkout pr468 From

[Freeipa-devel] [freeipa PR#473][opened] Fix session/cookie related issues introduced with the privilege separation patches

2017-02-16 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/473 Author: simo5 Title: #473: Fix session/cookie related issues introduced with the privilege separation patches Action: opened PR body: """ Fixes two bugs opened recently about double cookies being returned and ccache remov

[Freeipa-devel] [freeipa PR#473][synchronized] Fix session/cookie related issues introduced with the privilege separation patches

2017-02-16 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/473 Author: simo5 Title: #473: Fix session/cookie related issues introduced with the privilege separation patches Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-01-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ Ok, with this latest push I can install servers and replicas both with CA and CA-less. I cannot reproduce the failure @HonzaCholasta sees, so fr

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-01-23 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ The latest rebase installs a replica correctly here, haven't got to fix ca-less yet, but everything else should be ready to go. "&quo

[Freeipa-devel] [freeipa PR#410][comment] ipa-kdb: support KDB DAL version 6.1

2017-01-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/410 Title: #410: ipa-kdb: support KDB DAL version 6.1 simo5 commented: """ Doesn't kdb.h also export a MINOR version to test against ? """ See the full comment at https://github.com/freeipa/freeipa/pull/410#issuecom

[Freeipa-devel] [freeipa PR#410][comment] ipa-kdb: support KDB DAL version 6.1

2017-01-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/410 Title: #410: ipa-kdb: support KDB DAL version 6.1 simo5 commented: """ I checked and can't find it ... facepalm """ See the full comment at https://github.com/freeipa/freeipa/pull/410#issuecomment-27482633

[Freeipa-devel] [freeipa PR#410][comment] ipa-kdb: support KDB DAL version 6.1

2017-01-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/410 Title: #410: ipa-kdb: support KDB DAL version 6.1 simo5 commented: """ Also I know you can use ifdefs to avoid copy large parts of the structure initialization but I would prefer 3 separate full inits based only on ifdefs on

[Freeipa-devel] [freeipa PR#410][comment] ipa-kdb: support KDB DAL version 6.1

2017-01-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/410 Title: #410: ipa-kdb: support KDB DAL version 6.1 simo5 commented: """ abbra, we should also change how spec deps work I asked @rharwood to add a provides that is the dal version number we should stop having a dep on the krb5 major

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2017-01-19 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ I cannot get a replica install to fail like your did, can you post some logs ? """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#532][comment] Fix cookie with Max-Age processing

2017-03-02 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/532 Title: #532: Fix cookie with Max-Age processing simo5 commented: """ Do we really care for calculating the expiration time ? Should we just set timestamp to 0 or even remove the whole thing ? """ See the full

[Freeipa-devel] [freeipa PR#532][comment] Fix cookie with Max-Age processing

2017-03-02 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/532 Title: #532: Fix cookie with Max-Age processing simo5 commented: """ Ok, sorry for some reason I thought this was on the server side, where we do not care what the cookie looks like, but on the client side we indeed care. &q

[Freeipa-devel] [freeipa PR#508][comment] Fix ipa.service unit re. gssproxy

2017-02-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/508 Title: #508: Fix ipa.service unit re. gssproxy simo5 commented: """ Seemed worth fixing at the same time, but I won't insist. """ See the full comment at https://github.com/freeipa/freeipa/pull/508#issuecom

[Freeipa-devel] [freeipa PR#508][comment] Fix ipa.service unit re. gssproxy

2017-02-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/508 Title: #508: Fix ipa.service unit re. gssproxy simo5 commented: """ Should we also change the Requires on network.target ? Do we really want to have a restart of IPa if someone restarts the network ? """

[Freeipa-devel] [freeipa PR#514][opened] Limit sessions to 30 minutes by default

2017-02-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/514 Author: simo5 Title: #514: Limit sessions to 30 minutes by default Action: opened PR body: """ When we changed the session handling code we unintentinally extended sessions expiraion time to the whole ticket lifetime of 24h. R

[Freeipa-devel] [freeipa PR#514][comment] Limit sessions to 30 minutes by default

2017-02-27 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/514 Title: #514: Limit sessions to 30 minutes by default simo5 commented: """ No, we do not store sessions in a session db, so that setting is not useful to us. """ See the full comment at https://github.com/freeipa

[Freeipa-devel] [freeipa PR#516][comment] IdM Server: list all Employees with matching Smart Card

2017-02-28 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/516 Title: #516: IdM Server: list all Employees with matching Smart Card simo5 commented: """ Why do we need to talk to SSSD to do this? Don't we have all the needed data in LDAP already ? """ See the full comment

[Freeipa-devel] [freeipa PR#62] Configure Anonymous PKINIT on server install (opened)

2016-09-06 Thread simo5
simo5's pull request #62: "Configure Anonymous PKINIT on server install" was opened PR body: """ Allow anonymous pkinit to be used so that unenrolled hosts can perform FAST authentication (necessary for 2FA for example) using an anonymous krbtgt obtained via Pkinit. Sig

[Freeipa-devel] [freeipa PR#62] Configure Anonymous PKINIT on server install (synchronize)

2016-09-06 Thread simo5
simo5's pull request #62: "Configure Anonymous PKINIT on server install" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/62 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/hea

[Freeipa-devel] [freeipa PR#62] Configure Anonymous PKINIT on server install (comment)

2016-09-06 Thread simo5
simo5 commented on a pull request """ Note, I haven't looked into the upgrade of an existing server, so just posting it here for an initial review, and also for someone to pick it up if I can't finish the work on the upgrade path. @abbra @frasertweedale please take a look &q

[Freeipa-devel] [freeipa PR#62] Configure Anonymous PKINIT on server install (synchronize)

2016-09-06 Thread simo5
simo5's pull request #62: "Configure Anonymous PKINIT on server install" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/62 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/hea

[Freeipa-devel] [freeipa PR#62] Configure Anonymous PKINIT on server install (synchronize)

2016-09-06 Thread simo5
simo5's pull request #62: "Configure Anonymous PKINIT on server install" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/62 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/hea

[Freeipa-devel] [freeipa PR#62] Configure Anonymous PKINIT on server install (synchronize)

2016-09-06 Thread simo5
simo5's pull request #62: "Configure Anonymous PKINIT on server install" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/62 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/hea

[Freeipa-devel] [freeipa PR#62] Configure Anonymous PKINIT on server install (synchronize)

2016-09-08 Thread simo5
simo5's pull request #62: "Configure Anonymous PKINIT on server install" was synchronize See the full pull-request at https://github.com/freeipa/freeipa/pull/62 ... or pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/hea

[Freeipa-devel] [freeipa PR#29] Enable LDAPS in replica promotion (comment)

2016-08-29 Thread simo5
simo5 commented on a pull request """ That said we should probably enable_ssl righ tafter we get the cert and restart DS, and not in replicainstall.py """ See the full comment at https://github.com/freeipa/freeipa/pull/29#issuecomment-243156343 -- Manage you

[Freeipa-devel] [freeipa PR#29] Enable LDAPS in replica promotion (comment)

2016-08-29 Thread simo5
simo5 commented on a pull request """ @jcholast we can't enable ssl there as the cert is not available yet, look a few lines later: https://github.com/freeipa/freeipa/blob/master/ipaserver/install/dsinstance.py#L397 """ See the full comment at https://gith

[Freeipa-devel] [freeipa PR#29] Enable LDAPS in replica promotion (comment)

2016-08-29 Thread simo5
simo5 commented on a pull request """ LGTM """ See the full comment at https://github.com/freeipa/freeipa/pull/29#issuecomment-243174342 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-dev

[Freeipa-devel] [freeipa PR#205][synchronized] Support DAL version 5 and version 6

2016-11-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/205 Author: simo5 Title: #205: Support DAL version 5 and version 6 Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/205/head:pr205 git checkout pr205 From

[Freeipa-devel] [freeipa PR#205][comment] Support DAL version 5 and version 6

2016-11-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/205 Title: #205: Support DAL version 5 and version 6 simo5 commented: """ There was no upstream ticket when I created the commit :-) I'll add. """ See the full comment at https://github.com/freeipa/freeipa/pull/205#iss

[Freeipa-devel] [freeipa PR#205][+ack] Support DAL version 5 and version 6

2016-11-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/205 Title: #205: Support DAL version 5 and version 6 Label: +ack -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

[Freeipa-devel] [freeipa PR#205][comment] Support DAL version 5 and version 6

2016-11-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/205 Title: #205: Support DAL version 5 and version 6 simo5 commented: """ On Mon, 2016-11-07 at 08:11 -0800, Tomas Krizek wrote: > NACK > > `ipa-server-install` will fail at: > ``` > Configuring kadmin >

[Freeipa-devel] [freeipa PR#205][comment] Support DAL version 5 and version 6

2016-11-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/205 Title: #205: Support DAL version 5 and version 6 simo5 commented: """ Sure, but I do not see how a change in the KDC DAL, can affect PKI connecting to LDAP. Does this problem go away if you remove the patch and re-build/insta

[Freeipa-devel] [freeipa PR#205][comment] Support DAL version 5 and version 6

2016-11-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/205 Title: #205: Support DAL version 5 and version 6 simo5 commented: """ I just verified I reproduce your error in my tree without the patch. """ See the full comment at https://github.com/freeipa/freeipa/pull/205#iss

[Freeipa-devel] [freeipa PR#187][comment] Register entry points of Custodia plugins

2016-11-11 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/187 Title: #187: Register entry points of Custodia plugins simo5 commented: """ Forgot the reasons, I was probably not thinking about PEP8 back then. """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#184][opened] Minor install script fixes

2016-10-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/184 Author: simo5 Title: #184: Minor install script fixes Action: opened PR body: """ - Use the correct unicode string for an error message, otherwise an exception will generate another exception about incorrect type, masking the

[Freeipa-devel] [freeipa PR#184][synchronized] Minor install script fixes

2016-10-24 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/184 Author: simo5 Title: #184: Minor install script fixes Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/184/head:pr184 git checkout pr184 From

[Freeipa-devel] [freeipa PR#62][comment] Configure Anonymous PKINIT on server install

2016-11-28 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Title: #62: Configure Anonymous PKINIT on server install simo5 commented: """ @splashx we are starting to pollute this PR here now. Please provide KDC logs on the user's mailing list and let's proceed there. """

[Freeipa-devel] [freeipa PR#62][comment] Configure Anonymous PKINIT on server install

2016-11-21 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Title: #62: Configure Anonymous PKINIT on server install simo5 commented: """ @splashx you would have to manually configure each KDC and give them certs, it is doable. """ See the full comment at https://gith

[Freeipa-devel] [freeipa PR#206][opened] Properly handle multiple cookies in rpcclient

2016-11-01 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/206 Author: simo5 Title: #206: Properly handle multiple cookies in rpcclient Action: opened PR body: """ The current code does not give a list of cookies, but a concatenated string separated by a comma. This is a format the Co

[Freeipa-devel] [freeipa PR#205][opened] Support DAL version 5 and version 6

2016-11-01 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/205 Author: simo5 Title: #205: Support DAL version 5 and version 6 Action: opened PR body: """ Should fix bz#1389866 (untested) """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/fr

[Freeipa-devel] [freeipa PR#205][synchronized] Support DAL version 5 and version 6

2016-11-02 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/205 Author: simo5 Title: #205: Support DAL version 5 and version 6 Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/205/head:pr205 git checkout pr205 From

[Freeipa-devel] [freeipa PR#205][comment] Support DAL version 5 and version 6

2016-11-02 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/205 Title: #205: Support DAL version 5 and version 6 simo5 commented: """ Updated """ See the full comment at https://github.com/freeipa/freeipa/pull/205#issuecomment-257820109 -- Manage your subscription for the Fre

[Freeipa-devel] [freeipa PR#117][comment] Make ipa-replica-install run in interactive mode

2016-10-17 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/117 Title: #117: Make ipa-replica-install run in interactive mode simo5 commented: """ @stlaz, sure, what I meant is that the checking code should be made common and run in ipa-repliuca-install, certainly I was not suggesting to just

[Freeipa-devel] [freeipa PR#117][comment] Make ipa-replica-install run in interactive mode

2016-10-14 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/117 Title: #117: Make ipa-replica-install run in interactive mode simo5 commented: """ @stlaz I do not understand the rationale. Ideally the ipa-replica-install command gathers all necessary info and ipa-client-install is always run

[Freeipa-devel] [freeipa PR#317][comment] Unify password generation across FreeIPA

2016-12-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/317 Title: #317: Unify password generation across FreeIPA simo5 commented: """ We may need a max length argument if we are dealing with some stuff that has issues with more then max length caracters ... In that case we can warn (o

[Freeipa-devel] [freeipa PR#317][comment] Unify password generation across FreeIPA

2016-12-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/317 Title: #317: Unify password generation across FreeIPA simo5 commented: """ @stiaz, SHA-1 DOES NOT add entropy at all, you need the right number of bits in INPUT for whatever trasformation you use. @mbasti-rh in what way FIPS

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2016-12-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ @pspacek I added workflows to the Design page, please verify """ See the full comment at https://github.com/freeipa/freeipa/p

[Freeipa-devel] [freeipa PR#317][comment] Unify password generation across FreeIPA

2016-12-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/317 Title: #317: Unify password generation across FreeIPA simo5 commented: """ @stlaz SHA-1 DOES NOT add entropy at all, you need the right number of bits in INPUT for whatever trasformation you use. @mbasti-rh in what way FIPS

[Freeipa-devel] [freeipa PR#206][synchronized] Properly handle multiple cookies in rpcclient

2016-12-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/206 Author: simo5 Title: #206: Properly handle multiple cookies in rpcclient Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/206/head:pr206 git checkout pr206

[Freeipa-devel] [freeipa PR#62][comment] Configure Anonymous PKINIT on server install

2016-12-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Title: #62: Configure Anonymous PKINIT on server install simo5 commented: """ @martbab sometimes you are blind to your own code ... """ See the full comment at https://github.com/freeipa/freeipa/pull/62#issuecom

[Freeipa-devel] [freeipa PR#62][comment] Configure Anonymous PKINIT on server install

2016-12-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Title: #62: Configure Anonymous PKINIT on server install simo5 commented: """ @abbra I have an idea of what it might be """ See the full comment at https://github.com/freeipa/freeipa/pull/62#issuecomment-26579548

[Freeipa-devel] [freeipa PR#62][synchronized] Configure Anonymous PKINIT on server install

2016-12-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Author: simo5 Title: #62: Configure Anonymous PKINIT on server install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/head:pr62 git checkout pr62 From

[Freeipa-devel] [freeipa PR#62][synchronized] Configure Anonymous PKINIT on server install

2016-12-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Author: simo5 Title: #62: Configure Anonymous PKINIT on server install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/head:pr62 git checkout pr62 From

[Freeipa-devel] [freeipa PR#314][edited] RFC: privilege separation for ipa framework code

2016-12-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Author: simo5 Title: #314: RFC: privilege separation for ipa framework code Action: edited Changed field: body Original value: """ As part of the External Authentication work this PR implements the privilege separation portio

[Freeipa-devel] [freeipa PR#62][synchronized] Configure Anonymous PKINIT on server install

2016-12-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Author: simo5 Title: #62: Configure Anonymous PKINIT on server install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/head:pr62 git checkout pr62 From

[Freeipa-devel] [freeipa PR#62][comment] Configure Anonymous PKINIT on server install

2016-12-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Title: #62: Configure Anonymous PKINIT on server install simo5 commented: """ @martbab your concerns should be addressed in this revision I also started adding upgrade code, but it is still not fully tested. In the process I local

[Freeipa-devel] [freeipa PR#62][synchronized] Configure Anonymous PKINIT on server install

2016-12-08 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Author: simo5 Title: #62: Configure Anonymous PKINIT on server install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/head:pr62 git checkout pr62 From

[Freeipa-devel] [freeipa PR#62][synchronized] Configure Anonymous PKINIT on server install

2016-12-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Author: simo5 Title: #62: Configure Anonymous PKINIT on server install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/head:pr62 git checkout pr62 From

[Freeipa-devel] [freeipa PR#62][synchronized] Configure Anonymous PKINIT on server install

2016-12-09 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Author: simo5 Title: #62: Configure Anonymous PKINIT on server install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/head:pr62 git checkout pr62 From

[Freeipa-devel] [freeipa PR#62][synchronized] Configure Anonymous PKINIT on server install

2016-12-12 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Author: simo5 Title: #62: Configure Anonymous PKINIT on server install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/head:pr62 git checkout pr62 From

[Freeipa-devel] [freeipa PR#62][comment] Configure Anonymous PKINIT on server install

2016-12-06 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Title: #62: Configure Anonymous PKINIT on server install simo5 commented: """ Rebased on latest master """ See the full comment at https://github.com/freeipa/freeipa/pull/62#issuecomment-265201018 -- Manage you

[Freeipa-devel] [freeipa PR#62][synchronized] Configure Anonymous PKINIT on server install

2016-12-06 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Author: simo5 Title: #62: Configure Anonymous PKINIT on server install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/head:pr62 git checkout pr62 From

[Freeipa-devel] [freeipa PR#314][comment] RFC: privilege separation for ipa framework code

2016-12-06 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/314 Title: #314: RFC: privilege separation for ipa framework code simo5 commented: """ Yeah going through those right now """ See the full comment at https://github.com/freeipa/freeipa/pull/314#issuecomment-26523451

[Freeipa-devel] [freeipa PR#62][comment] Configure Anonymous PKINIT on server install

2016-12-06 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Title: #62: Configure Anonymous PKINIT on server install simo5 commented: """ Rebasing this code is becoming a little difficult, @frasertweedale can you take a look and confirm the changes in cert.py are ok ? """

[Freeipa-devel] [freeipa PR#62][synchronized] Configure Anonymous PKINIT on server install

2016-12-06 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/62 Author: simo5 Title: #62: Configure Anonymous PKINIT on server install Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/62/head:pr62 git checkout pr62 From

[Freeipa-devel] [freeipa PR#206][comment] Properly handle multiple cookies in rpcclient

2016-12-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/206 Title: #206: Properly handle multiple cookies in rpcclient simo5 commented: """ Sorry I thought this PR was the priv sep one, I have fixes for this, pushing in a moment. """ See the full comment at https://githu

[Freeipa-devel] [freeipa PR#206][synchronized] Properly handle multiple cookies in rpcclient

2016-12-07 Thread simo5
URL: https://github.com/freeipa/freeipa/pull/206 Author: simo5 Title: #206: Properly handle multiple cookies in rpcclient Action: synchronized To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/206/head:pr206 git checkout pr206

  1   2   3   >