On 03.08.2011 23:52, Dmitri Pal wrote:
But this has not been even filed as an enhancement as no one cared about
such functionality until now.
What is your use case for this functionality?
Actually, I do not need such a functionality. I was asking because I know
Windows rotate keytabs so I
Steven Jones wrote:
Hi,
I have also done this on a new f15 client and it also fails.
But its saying,
500 and not 401 which is the rhel6.1 failure.
HTTP response code is 401, not 200 == RHEL61
HTTP response code is 500, not 200 == FED15
Assuming that the Fedora 15 client is 130.195.53.109
On Thu, 2011-08-04 at 10:25 -0400, Dmitri Pal wrote:
On 08/04/2011 03:52 AM, Ondrej Valousek wrote:
On 03.08.2011 23:52, Dmitri Pal wrote:
But this has not been even filed as an enhancement as no one cared about
such functionality until now.
What is your use case for this
On 08/04/2011 10:28 AM, Simo Sorce wrote:
On Thu, 2011-08-04 at 10:25 -0400, Dmitri Pal wrote:
On 08/04/2011 03:52 AM, Ondrej Valousek wrote:
On 03.08.2011 23:52, Dmitri Pal wrote:
But this has not been even filed as an enhancement as no one cared about
such functionality until now.
What
On 08/04/2011 05:24 AM, Kiran Patil wrote:
Did anybody got it working ?
Please share your experiences with configuration details.
Thanks,
Kiran.
___
Freeipa-users mailing list
Freeipa-users@redhat.com
DRM is the way to go. However it does not support symmetric keys now.
This is the pert that we need for volume keys. May be it is the vault
to store all sorts of keys. This is something that needs to be
designed and looked at as a broader perspective.
Adam likes to repeat a phase about
I agree with Simo, I would expect this from sssd instead, also given the fact that sssd will in future also handle winbind's net *
commands, this seems to me like a most natural way...
Ondrej
On 04.08.2011 16:28, Simo Sorce wrote:
SSSD is probably a more appropriate component for keytabs,
On 08/04/2011 10:47 AM, Simo Sorce wrote:
On Thu, 2011-08-04 at 10:43 -0400, Dmitri Pal wrote:
On 08/04/2011 10:28 AM, Simo Sorce wrote:
On Thu, 2011-08-04 at 10:25 -0400, Dmitri Pal wrote:
On 08/04/2011 03:52 AM, Ondrej Valousek wrote:
On 03.08.2011 23:52, Dmitri Pal wrote:
But this has
On 04.08.2011 16:53, Dmitri Pal wrote:
Yes but server can indicate in some attribute to the client that it is
time to start doing this and the client will do the change.
Would not be just easiest to steal some code from winbind? It is doing the same thing for Samba right? I guess it should
Which CAS server implementation you are using?
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IPA project,
Red Hat Inc.
Sorry, I picked the subject from one of the earlier thread of FreeIPA user list.
Right now we are evaluating different solutions.
We found that FreeIPA project
On 08/04/2011 10:59 AM, Ondrej Valousek wrote:
On 04.08.2011 16:53, Dmitri Pal wrote:
Yes but server can indicate in some attribute to the client that it is
time to start doing this and the client will do the change.
Would not be just easiest to steal some code from winbind? It is doing
On 08/04/2011 02:05 PM, Ian Stokes-Rees wrote:
On 8/3/11 6:13 PM, Dmitri Pal wrote:
On 08/03/2011 10:10 AM, Ian Stokes-Rees wrote:
If there were some way to securely embed an arbitrary string in the
user profile, that would go a long way to solving this problem. At
least 4KB to cover a 2048
Hi,
Yes the first is F15.
I am halting all the AD machines I will retry without the --force first to test
this, when I built IPA originally there was no AD to conflict.
However its plain weird because the RHEL6.1 client points to the IPA server for
DNS.
I will get back to you.
regards
On 08/04/2011 04:12 PM, Rich Megginson wrote:
On 08/04/2011 02:05 PM, Ian Stokes-Rees wrote:
On 8/3/11 6:13 PM, Dmitri Pal wrote:
On 08/03/2011 10:10 AM, Ian Stokes-Rees wrote:
If there were some way to securely embed an arbitrary string in the
user profile, that would go a long way to
Steven Jones wrote:
Hi,
Trying with two rhel61-64bit-clones 04 and 05
They should give the same failures? but are not?..confused, 04 (the first clone has
1/2 joined as its in IPA, but it doesnt say enrolled and a date, 05 failed
totally.
04 is failing because it apparently still
I already included the krb5kdc log
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Rob Crittenden [rcrit...@redhat.com]
Sent: Friday, 5 August 2011 10:11 a.m.
To: Steven Jones
Cc:
Steven Jones wrote:
I already included the krb5kdc log
This sticks out. Can you check /etc/hosts on that client.
ldap/localh...@unix.vuw.ac.nz, Server not found in Kerberos database
regards
Steven Jones
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463
17 matches
Mail list logo