On (23/06/14 14:35), Simo Sorce wrote:
- Original Message -
- Original Message -
Can you check if ipaProtectedOperation is in the aci attribute in the
base tree object ?
It should be there as excluded, and that should cause admin to not be
able to retrieve keytabs.
On Thu, 26 Jun 2014, Simo Sorce wrote:
On Thu, 2014-06-26 at 10:20 -0400, Simo Sorce wrote:
On Thu, 2014-06-26 at 15:33 +0300, Alexander Bokovoy wrote:
On Thu, 26 Jun 2014, Martin Kosek wrote:
On 06/26/2014 04:29 AM, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 17:24 -0400, Nathaniel
On 06/27/2014 10:00 AM, Alexander Bokovoy wrote:
On Thu, 26 Jun 2014, Simo Sorce wrote:
On Thu, 2014-06-26 at 10:20 -0400, Simo Sorce wrote:
On Thu, 2014-06-26 at 15:33 +0300, Alexander Bokovoy wrote:
On Thu, 26 Jun 2014, Martin Kosek wrote:
On 06/26/2014 04:29 AM, Nathaniel McCallum wrote:
On 06/26/2014 04:29 AM, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 17:24 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 14:35 -0400, Simo Sorce wrote:
- Original Message -
- Original Message -
Can you check if ipaProtectedOperation is in the aci attribute in the
On Thu, 26 Jun 2014, Martin Kosek wrote:
On 06/26/2014 04:29 AM, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 17:24 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 14:35 -0400, Simo Sorce wrote:
- Original Message -
- Original Message -
Can you check if
On 06/26/2014 02:33 PM, Alexander Bokovoy wrote:
On Thu, 26 Jun 2014, Martin Kosek wrote:
On 06/26/2014 04:29 AM, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 17:24 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 14:35 -0400, Simo Sorce wrote:
- Original Message -
-
On Thu, 2014-06-26 at 15:33 +0300, Alexander Bokovoy wrote:
On Thu, 26 Jun 2014, Martin Kosek wrote:
On 06/26/2014 04:29 AM, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 17:24 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 14:35 -0400, Simo Sorce wrote:
- Original Message
On Thu, 2014-06-26 at 10:20 -0400, Simo Sorce wrote:
On Thu, 2014-06-26 at 15:33 +0300, Alexander Bokovoy wrote:
On Thu, 26 Jun 2014, Martin Kosek wrote:
On 06/26/2014 04:29 AM, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 17:24 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at
On Thu, 2014-06-26 at 10:37 +0200, Martin Kosek wrote:
On 06/26/2014 04:29 AM, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 17:24 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 14:35 -0400, Simo Sorce wrote:
- Original Message -
- Original Message -
Can you
On Mon, 2014-06-23 at 17:24 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-23 at 14:35 -0400, Simo Sorce wrote:
- Original Message -
- Original Message -
Can you check if ipaProtectedOperation is in the aci attribute in the
base tree object ?
It should be
- Original Message -
On Fri, 2014-06-20 at 16:05 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:47 -0400, Nathaniel McCallum wrote:
This change would have very small impact on your patch set, but would
be
much clearer for the future consumers of this protocol. Code can be
On Fri, 2014-06-20 at 19:55 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 16:50 -0400, Nathaniel McCallum wrote:
On Fri, 2014-06-20 at 16:05 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:47 -0400, Nathaniel McCallum wrote:
This change would have very small impact on your patch set,
On Fri, 2014-06-20 at 19:55 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 16:50 -0400, Nathaniel McCallum wrote:
On Fri, 2014-06-20 at 16:05 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:47 -0400, Nathaniel McCallum wrote:
This change would have very small impact on your patch set,
- Original Message -
Can you check if ipaProtectedOperation is in the aci attribute in the
base tree object ?
It should be there as excluded, and that should cause admin to not be
able to retrieve keytabs.
It was not. While running ipa-ldap-updater I got the following:
On Mon, 2014-06-23 at 14:35 -0400, Simo Sorce wrote:
- Original Message -
- Original Message -
Can you check if ipaProtectedOperation is in the aci attribute in the
base tree object ?
It should be there as excluded, and that should cause admin to not be
able to
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
I'm a bit confused about the behavior of enctypes in the Request.
A list of
On Fri, 2014-06-20 at 14:05 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
I'm a bit
On Fri, 2014-06-20 at 14:10 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:05 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
On Fri, 2014-06-20 at 14:30 -0400, Nathaniel McCallum wrote:
On Fri, 2014-06-20 at 14:10 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:05 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a
On Fri, 2014-06-20 at 14:38 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:30 -0400, Nathaniel McCallum wrote:
On Fri, 2014-06-20 at 14:10 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:05 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
Is there any need to create different permissions for password
generation vs
On Fri, 2014-06-20 at 15:50 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
Is there
On Fri, 2014-06-20 at 15:50 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
Is there
On Fri, 2014-06-20 at 15:55 -0400, Nathaniel McCallum wrote:
On Fri, 2014-06-20 at 15:50 -0400, Nathaniel McCallum wrote:
On Mon, 2014-06-16 at 11:34 -0400, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been
On Fri, 2014-06-20 at 16:05 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:47 -0400, Nathaniel McCallum wrote:
This change would have very small impact on your patch set, but would
be
much clearer for the future consumers of this protocol. Code can be
changed; protocols can't.
Ok
On Fri, 2014-06-20 at 16:50 -0400, Nathaniel McCallum wrote:
On Fri, 2014-06-20 at 16:05 -0400, Simo Sorce wrote:
On Fri, 2014-06-20 at 14:47 -0400, Nathaniel McCallum wrote:
This change would have very small impact on your patch set, but would
be
much clearer for the future consumers
On 06/16/2014 05:34 PM, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
Simo.
Thanks! I was not deeply involved in the review, but from the high level it
On Tue, 2014-06-17 at 09:18 +0200, Martin Kosek wrote:
On 06/16/2014 05:34 PM, Simo Sorce wrote:
Although the code is all done it would be nice to have a review of the
feature, to see if it has all been captured:
http://www.freeipa.org/page/V4/Keytab_Retrieval
Simo.
Thanks! I was
28 matches
Mail list logo