URL: https://github.com/SSSD/sssd/pull/217
Title: #217: KCM: Fix off-by-one error in secrets key validation
Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/217
Title: #217: KCM: Fix off-by-one error in secrets key validation
fidencio commented:
"""
Feel free to push it after running CI (I'll fire one here before calling it a
day),
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/217
Title: #217: KCM: Fix off-by-one error in secrets key validation
Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/217
Title: #217: KCM: Fix off-by-one error in secrets key validation
fidencio commented:
"""
I've just tested it locally here. It works as expected.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/217#issuecomment-290230115
URL: https://github.com/SSSD/sssd/pull/217
Author: jhrozek
Title: #217: KCM: Fix off-by-one error in secrets key validation
Action: opened
PR body:
"""
This is a fix for a bug found by Fabiano. A simple reproducer is to try to
kinit as root with KCM.
"""
To pull the PR as Git branch:
git
URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups
jhrozek commented:
"""
CI is happier now: http://sssd-ci.duckdns.org/logs/job/66/49/summary.html
"""
See the full comment at
https://github.com/SSSD/sssd/pull/215#issuecomment-290205579
URL: https://github.com/SSSD/sssd/pull/136
Title: #136: Tlog integration
spbnick commented:
"""
A better CI result: http://sssd-ci.duckdns.org/logs/job/66/48/summary.html
"""
See the full comment at
https://github.com/SSSD/sssd/pull/136#issuecomment-290197456
URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups
jhrozek commented:
"""
CI: http://sssd-ci.duckdns.org/logs/job/66/47/summary.html
there is a RHEL6 failure in the enumeration code. Because the test only failed
on RHEL-6, I don't think it's related
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
lslebodn commented:
"""
On (29/03/17 05:57), Jakub Hrozek wrote:
>So then the consumer of the API is expected to iterate over the paths and find
>a non-empty attribute? Because the paths
On (29/03/17 19:13), amit kumar wrote:
>Hello,
>
>*Present **Behavior*:
># vim /usr/local/etc/sssd/sssd.conf
>[sssd]
>services = nss, pam
>config_file_version = 2
>domains = LDAP
>
>[domain/LDAP]
>ldap_search_base = dc=example,dc=com
>id_provider = ldap
>*auth_provider = ldap9001**<==
URL: https://github.com/SSSD/sssd/pull/136
Title: #136: Tlog integration
spbnick commented:
"""
Alright, this one includes PAM exporting the original shell as well. One thing
that bothers me about the implementation is that now all responders are reading
the shell settings from the NSS
URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups
jhrozek commented:
"""
retest this please
"""
See the full comment at
https://github.com/SSSD/sssd/pull/215#issuecomment-290113327
___
sssd-devel mailing
URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups
jhrozek commented:
"""
I fixed the minor issues in comments and the man pages. I also fixed the issue
in the Kerberos provider with the following hunk:
```
diff --git a/src/providers/krb5/krb5_auth.c
URL: https://github.com/SSSD/sssd/pull/136
Author: spbnick
Title: #136: Tlog integration
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/136/head:pr136
git checkout pr136
From 22256f94283bce43698b903f6ccb93e58031784c
Hello,
*Present **Behavior*:
# vim /usr/local/etc/sssd/sssd.conf
[sssd]
services = nss, pam
config_file_version = 2
domains = LDAP
[domain/LDAP]
ldap_search_base = dc=example,dc=com
id_provider = ldap
*auth_provider = ldap9001**<== '**sssctl config_check' does not
reports this1*
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
lslebodn commented:
"""
There is still the same problem on rhel7 even with the latest version
```
(gdb) l 563
558 return;
559 }
560
561 len =
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
* master:
82843754193b177275ce16f2901edac2060a3998
2cf7becc05996eb6d8a3352d3d7b97c75652e590
415d93196533a6fcd90889c67396ef5af5bf791a
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/209
Author: sumit-bose
Title: #209: IPA: lookup AD users by certificates on IPA clients
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/209/head:pr209
git checkout pr209
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
jhrozek commented:
"""
* master: 1c551b1373799643f3e9ba4f696d21b8fc57dafd
"""
See the full comment at
https://github.com/SSSD/sssd/pull/204#issuecomment-290083552
URL: https://github.com/SSSD/sssd/pull/204
Author: sumit-bose
Title: #204: krb5: return to responder that pkinit is not available
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/204/head:pr204
git checkout pr204
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/201
Author: sumit-bose
Title: #201: Fix handling of binary keys in the ssh responder
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/201/head:pr201
git checkout pr201
URL: https://github.com/SSSD/sssd/pull/201
Title: #201: Fix handling of binary keys in the ssh responder
jhrozek commented:
"""
* master:
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800a
bd1fa0ec90be717c3b7796d74b6f243f40178d16
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
anyway, these patches work and we can push them
"""
See the full comment at
https://github.com/SSSD/sssd/pull/209#issuecomment-290081403
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
So then the consumer of the API is expected to iterate over the paths and find
a non-empty attribute? Because the paths from the domains where the user is not
are
URL: https://github.com/SSSD/sssd/pull/187
Author: fidencio
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/187/head:pr187
git
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
jhrozek commented:
"""
* master:
16385568547351b5d2c562f3081f35f3341f695b
1e437af958f59a0b8bf2f751d3c2ea28365ac64d
66c8e92eb5a4985bb7f64c349a53b08030a000cf
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/201
Title: #201: Fix handling of binary keys in the ssh responder
Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/201
Title: #201: Fix handling of binary keys in the ssh responder
jhrozek commented:
"""
The code looks good to me and seems to work fine:
```
./sss_ssh_authorizedkeys administra...@win.trust.test
ssh-rsa
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
sumit-bose commented:
"""
It is expected that ListByCertificate returns matches from all domains. So as
long as all the listed users have the certficate in their corresponding user
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
jhrozek commented:
"""
ok, thanks!
"""
See the full comment at
https://github.com/SSSD/sssd/pull/204#issuecomment-290063709
___
sssd-devel
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
Hmm, looking at the debug output, it might be the cache_req's code fault:
```
(Wed Mar 29 11:30:04 2017) [sssd[ifp]] [cache_req_set_domain] (0x0400): CR #6:
Using
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
These patches look OK, but I suspect we might have a bug in the IFP list code.
I added a certificate to a user's idview entry and now listing the certificate
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
fidencio commented:
"""
CI: http://sssd-ci.duckdns.org/logs/job/66/41/summary.html
It failed on rhel6 but the failure doesn't seem to be related to these
URL: https://github.com/SSSD/sssd/pull/193
Title: #193: UTIL: Use max 15 characters for AD host UPN
Label: +Changes requested
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
lslebodn commented:
"""
rhel7 error
```
test_secrets.py::test_crd_ops PASSED
test_secrets.py::test_curlwrap_crd_ops FAILED
test_secrets.py::test_curlwrap_parallel PASSED
URL: https://github.com/SSSD/sssd/pull/215
Title: #215: Support for non-POSIX users and groups
pbrezina commented:
"""
```xml
POSIX domains are reachable by all services.
Application
domains are only reachable
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
lslebodn commented:
"""
On (29/03/17 01:58), Jakub Hrozek wrote:
>I really don't mind one way or another. I find all the proposed versions of
>the condition complex, that's why I'm
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
lslebodn commented:
"""
We should skip secrets test on rhel6.
So the patch "ci: do not build secrets on rhel6" should also contain
```
diff --git a/src/tests/intg/test_secrets.py
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
pbrezina commented:
"""
I fixed the hang. It was created due to newly added test in KCM patches that
uses POST to create a container. Tcurl test tool can provide body to POST
operation which was
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
pbrezina commented:
"""
I'm going to run CI before pushing these patches.
"""
See the full comment at
https://github.com/SSSD/sssd/pull/198#issuecomment-290040911
URL: https://github.com/SSSD/sssd/pull/193
Title: #193: UTIL: Use max 15 characters for AD host UPN
mzidek-rh commented:
"""
Hi, I have this on my "to test" list, but could you please add a comment to the
code, why we use exactly 15. It is cleat from the ticket, but in the code the
number is
URL: https://github.com/SSSD/sssd/pull/204
Title: #204: krb5: return to responder that pkinit is not available
jhrozek commented:
"""
I really don't mind one way or another. I find all the proposed versions of the
condition complex, that's why I'm glad there is a comment atop them.
So from my
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
fidencio commented:
"""
@lslebodn: your comment has been addressed in the latest patch series.
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
lslebodn commented:
"""
The patch "UTIL: Simplify usage of create_subdom_conf_path " did not move
function to right module.
The function
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
jhrozek commented:
"""
On Wed, Mar 29, 2017 at 12:29:27AM -0700, lslebodn wrote:
> BTW the 1st patch "tcurl: add support for ssl and raw output" caused a hang
> in test_secrets and therefore
URL: https://github.com/SSSD/sssd/pull/201
Title: #201: Fix handling of binary keys in the ssh responder
jhrozek commented:
"""
CI: http://sssd-ci.duckdns.org/logs/job/66/04/summary.html
"""
See the full comment at
https://github.com/SSSD/sssd/pull/201#issuecomment-290007826
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
(the machine in CI is broken, not the patches..)
"""
See the full comment at
https://github.com/SSSD/sssd/pull/209#issuecomment-290007734
URL: https://github.com/SSSD/sssd/pull/209
Title: #209: IPA: lookup AD users by certificates on IPA clients
jhrozek commented:
"""
I started the review by running CI which passed except rawhide which seems
broken: http://sssd-ci.duckdns.org/logs/job/66/06/summary.html
"""
See the full comment
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
lslebodn commented:
"""
BTW the 1st patch "tcurl: add support for ssl and raw output" caused a hang in
test_secrets and therefore internal CI was blocked whole night. The 2nd patch
"tcurl test:
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
fidencio commented:
"""
I'm removing the Accepted label till our internal CI passes
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
Label: -Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/213
Title: #213: intg: Remove bashism from intgcheck-prepare
Label: +Pushed
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
URL: https://github.com/SSSD/sssd/pull/213
Title: #213: intg: Remove bashism from intgcheck-prepare
lslebodn commented:
"""
master:
* f75ba99fc8dd64e45af2f642d9fb7660860fd28f
"""
See the full comment at
https://github.com/SSSD/sssd/pull/213#issuecomment-290001091
URL: https://github.com/SSSD/sssd/pull/213
Author: lslebodn
Title: #213: intg: Remove bashism from intgcheck-prepare
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/213/head:pr213
git checkout pr213
URL: https://github.com/SSSD/sssd/pull/216
Author: mzidek-rh
Title: #216: Subdomain shortnames
Action: closed
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/216/head:pr216
git checkout pr216
URL: https://github.com/SSSD/sssd/pull/216
Title: #216: Subdomain shortnames
fidencio commented:
"""
I'm closing the PR as it's been superseded by PR 187, which was rebased on top
of this patchset.
Btw, your patch was reviewed and ack-ed there. :-)
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/187
Title: #187: Add support to lookup for users/groups in subdomains just by the
user shortname
fidencio commented:
"""
So, by @lslebodn comment I've dropped the "Allow subdomains to inherit
"use_fully_qualified_names" option" patch and rebased my
URL: https://github.com/SSSD/sssd/pull/198
Title: #198: secrets: support https in proxy provider
lslebodn commented:
"""
hmm, it still fails with rhel{6,7}.
http://sssd-ci.duckdns.org/logs/job/66/07/summary.html
"""
See the full comment at
64 matches
Mail list logo
