Re: [Freeipa-devel] [WIP] Kerberos principal aliases pt. 2
On 01.07.2016 09:25, Martin Babinsky wrote: On 06/30/2016 11:17 PM, David Kupka wrote: On 28/06/16 20:08, Martin Babinsky wrote: On 06/24/2016 09:52 AM, Martin Babinsky wrote: Hi list, I am furiously working on tickets related to the proper support and API for managing kerberos principal aliases for hosts, users, and services[1-5]. To better track and comment on my progress, I have forked freeipa on git and created a branch for you to test and review. The link is here: https://github.com/martbab/freeipa/tree/krb5-principal-aliases Please be aware that I may force-push into the branch without warning when fixing issues we will discover during testing/review. [1] http://www.freeipa.org/page/V4/Kerberos_principal_aliases [2] https://fedorahosted.org/freeipa/ticket/3864 [3] https://fedorahosted.org/freeipa/ticket/3961 [4] https://fedorahosted.org/freeipa/ticket/1365 [5] https://fedorahosted.org/freeipa/ticket/5413 Based on Jan's suggestions I have reworked the code substantially and force-pushed it into the github branch. Please review. Hello! I have gone through the code and tested the functionality in basic use cases (server-install, upgrade, replica-install, adding/removing principals, getting ticket with alias, ...). Code looks good to me and everything* seems to work smoothly. condACK, if Pavel or Petr^1 (or anyone else who tried this) don't report any issue really soon. *except for https://fedorahosted.org/freeipa/ticket/6017 Thanks, David. here are the reviewed patches rebased on the most current master. If no one objects I suggest to push them. master: * de6abc7af2dac7994b0fff4396115320d1a9a54d ipapython module for Kerberos principal manipulation and parsing * e6fc8f84d3ad5fc4c030ad592a3d743c02393439 Test suite for `ipapython/kerberos.py` * 974eb7b5efd20ad2195b0ad578637ab31f4c1df4 ipalib: introduce Principal parameter * c2af032c0333f7e210c54369159d1d9f5e3fec74 Migrate management framework plugins to use Principal parameter * d1517482b5e9508780087ec48be63a5bb531fed9 Add ACI for admins to modify principal attributes * 7e803aa4625869ef6a8e78a09cd99270c4cc77e5 replace an ACI relying on presence of deprecated objectclass * 750a392fe22aa8ddcb21077e8c24b96d36ecf20c Allow for commands that use positional parameters to add/remove attributes * a28d312796839e3413c98ee37d34ccc892e85357 Make framework consider krbcanonicalname as service primary key * e6ff83e3610d553f6ff98e3adbfbe3c6984b2f17 Provide API for management of host, service, and user principal aliases * acf2234ebc8609a35a8f45598d5d817cbdbff121 Unify display of principal names/aliases across entities -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [WIP] Kerberos principal aliases pt. 2
On 28/06/16 20:08, Martin Babinsky wrote: On 06/24/2016 09:52 AM, Martin Babinsky wrote: Hi list, I am furiously working on tickets related to the proper support and API for managing kerberos principal aliases for hosts, users, and services[1-5]. To better track and comment on my progress, I have forked freeipa on git and created a branch for you to test and review. The link is here: https://github.com/martbab/freeipa/tree/krb5-principal-aliases Please be aware that I may force-push into the branch without warning when fixing issues we will discover during testing/review. [1] http://www.freeipa.org/page/V4/Kerberos_principal_aliases [2] https://fedorahosted.org/freeipa/ticket/3864 [3] https://fedorahosted.org/freeipa/ticket/3961 [4] https://fedorahosted.org/freeipa/ticket/1365 [5] https://fedorahosted.org/freeipa/ticket/5413 Based on Jan's suggestions I have reworked the code substantially and force-pushed it into the github branch. Please review. Hello! I have gone through the code and tested the functionality in basic use cases (server-install, upgrade, replica-install, adding/removing principals, getting ticket with alias, ...). Code looks good to me and everything* seems to work smoothly. condACK, if Pavel or Petr^1 (or anyone else who tried this) don't report any issue really soon. *except for https://fedorahosted.org/freeipa/ticket/6017 -- David Kupka -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [WIP] Kerberos principal aliases pt. 2
On 06/24/2016 09:52 AM, Martin Babinsky wrote: Hi list, I am furiously working on tickets related to the proper support and API for managing kerberos principal aliases for hosts, users, and services[1-5]. To better track and comment on my progress, I have forked freeipa on git and created a branch for you to test and review. The link is here: https://github.com/martbab/freeipa/tree/krb5-principal-aliases Please be aware that I may force-push into the branch without warning when fixing issues we will discover during testing/review. [1] http://www.freeipa.org/page/V4/Kerberos_principal_aliases [2] https://fedorahosted.org/freeipa/ticket/3864 [3] https://fedorahosted.org/freeipa/ticket/3961 [4] https://fedorahosted.org/freeipa/ticket/1365 [5] https://fedorahosted.org/freeipa/ticket/5413 Based on Jan's suggestions I have reworked the code substantially and force-pushed it into the github branch. Please review. -- Martin^3 Babinsky -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code