Hi John,
let me add that preferred way is to convince your 'solution' to do it in a
safe way. Also, FreeIPA does not store passwords in clear text so the
userPassword attribute should show only hashes and not clear text. It depends
on the 'solution' if it can deal with hashes or not.
Have a nice
On Mon, 26 Oct 2015, John Duino wrote:
I am trying to hook our VoIP solution (sipxecs-based openUC) to our
FreeIPA. But it appears that it wants to read-in the userPassword
rather than just auth against the ldap. I know Directory Manager is
the only account that has the ability to read
On 20.10.2015 23:25, Martin Štefany wrote:
> Hello,
>
> did anybody manage to get FreeIPA admin user (member of admins group,
> full sudo access, etc.) to be also Cockpit user with administrative
> privileges? I've already figured out that it's closely related to
> Polkit, but since FreeIPA and
On Tue, 27 Oct 2015, John Duino wrote:
Hmmm seems I have been misinformed, then. And then why does it have a
field for 'mapping' the password? Well, I think that's off-topic for
the list. I'll dig more later today.
My understanding is that sipxecs has several modes for verifying
passwords when
On Tue, Oct 27, 2015 at 10:03 AM Troels Hansen wrote:
> This might be related to the old thread
> https://www.redhat.com/archives/freeipa-users/2015-January/msg00285.html
> but on the other side not quite, and can't see that it have been been
> solved.
>
> I have been spending
Hmmm seems I have been misinformed, then. And then why does it have a field for
'mapping' the password? Well, I think that's off-topic for the list. I'll dig
more later today.
--
John Duino
- Original Message -
From: "Alexander Bokovoy"
To: "John Duino"
All,
I'm trying to create an S4u2self/proxy that will give me a ticket to
log into ipa web. I have ipa installed on centos 7 and the client
installed on centos 6. The client is written in Java (Java 8). When
I try the following impersonation code:
GSSManager manager =
On Tue, 27 Oct 2015, Tomas Babej wrote:
On 10/27/2015 05:51 PM, Srdjan Dutina wrote:
Hi!
Hello Srdjan,
Is syncing (winsync) users and passwords from MS Active Directory
deprecated in FreeIPA 4.x?
If not, is there some documentation on how to use it?
Winsync synchronization is not
Hi!
Is syncing (winsync) users and passwords from MS Active Directory
deprecated in FreeIPA 4.x?
If not, is there some documentation on how to use it?
Additionaly, when using FreeIPA - AD trust, is it possible for user from
trusted domain to log on to FreeIPA web UI?
Thanks!
--
Manage your
On 10/27/2015 05:51 PM, Srdjan Dutina wrote:
> Hi!
>
Hello Srdjan,
> Is syncing (winsync) users and passwords from MS Active Directory
> deprecated in FreeIPA 4.x?
> If not, is there some documentation on how to use it?
>
Winsync synchronization is not deprecated as of now, but we are
Hi Aleksander and Tomas, thanks for quick responses!
I find trust-based solution more advanced but also more complicated - two
sites, one with FreeIPA and other with AD domain, limited communication
from FreeIPA to AD site, FreeIPA not aware of AD sites, questionable use of
RODCs and Kerberos
Hi,
On a new install, I'm being forced a password reset on every login. Not
sure why but this doesn't look right:
# date
Tue Oct 27 21:02:57 CET 2015
# ipa user-status blah1
Last successful authentication: 2015-10-27T19:34:53Z
Last failed authentication: 2015-10-27T19:34:20Z
Time now:
On 27/10/15 13:11, Marc Boorshtein wrote:
All,
I'm trying to create an S4u2self/proxy that will give me a ticket to
log into ipa web. I have ipa installed on centos 7 and the client
installed on centos 6. The client is written in Java (Java 8). When
I try the following impersonation code:
>>
>> Looking at KrbKdcRep.java:73 it looks like the failure is happening
>> because java is setting the forwardable flag to true on the request
>> but the response has no options in it. Should the forwardable option
>> be false in the request?
>
>
> That's a fair guess.
> the whole point of
On St, 2015-10-21 at 09:32 +0200, Jakub Hrozek wrote:
> On Tue, Oct 20, 2015 at 11:25:56PM +0200, Martin Štefany wrote:
> > Hello,
> >
> > did anybody manage to get FreeIPA admin user (member of admins
> > group,
> > full sudo access, etc.) to be also Cockpit user with administrative
> >
On 27/10/15 15:43, Marc Boorshtein wrote:
Looking at KrbKdcRep.java:73 it looks like the failure is happening
because java is setting the forwardable flag to true on the request
but the response has no options in it. Should the forwardable option
be false in the request?
That's a fair
urgrue wrote:
> Hi,
> On a new install, I'm being forced a password reset on every login. Not
> sure why but this doesn't look right:
>
> # date
> Tue Oct 27 21:02:57 CET 2015
>
> # ipa user-status blah1
>
> Last successful authentication: 2015-10-27T19:34:53Z
> Last failed authentication:
Didn't realize it was GMT, so OK that's not the issue. Any suggestions on
how to debug it? Everything looks OK, but passwords are just perma-expired
at all times.
On Tue, Oct 27, 2015, 21:45 Rob Crittenden wrote:
> urgrue wrote:
> > Hi,
> > On a new install, I'm being
On Ut, 2015-10-27 at 15:48 +0100, Petr Spacek wrote:
> On 20.10.2015 23:25, Martin Štefany wrote:
> > Hello,
> >
> > did anybody manage to get FreeIPA admin user (member of admins
> > group,
> > full sudo access, etc.) to be also Cockpit user with administrative
> > privileges? I've already
Thanks Simo. It wouldn't surprise me that java's implementation is
wrong. The comments in the source even ask if its necessary to check.
Thanks
Marc
Marc Boorshtein
CTO Tremolo Security
marc.boorsht...@tremolosecurity.com
(703) 828-4902
On Tue, Oct 27, 2015 at 4:12 PM, Simo Sorce
Hi,
We have recently updated from IPA 3 to IPA 4.1 and one of the changes in
security is what attributes are available for the anonymous LDAP
queries.
Does anyone know how to edit the anonymous LDAP settings so
that the following are available?
mail: cr...@example.com
postalCode: 3000
street:
Making attributes anonymously readable is very simple. You need to look
into RBAC and define the permissions/privileges you need.
On 28 October 2015 at 08:02, wrote:
> Hi,
>
> We have recently updated from IPA 3 to IPA 4.1 and one of the changes in
> security is
Refer this doc
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#server-access-controls
On 28 October 2015 at 11:11, Prashant Bapat wrote:
> Making attributes anonymously
This might be related to the old thread
https://www.redhat.com/archives/freeipa-users/2015-January/msg00285.html but on
the other side not quite, and can't see that it have been been solved.
I have been spending quite some time on this, but haven't been able to solve it
yet.
My problem is:
24 matches
Mail list logo