Hi,
On 27.4.2016 12:19, Jakub Hrozek wrote:
Hi,
please see the attached trivial patch. The issue was reported by adelton
on IRC.
LGTM.
Honza
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https
details, that's what man pages are for.
=== How To Test ===
This section should explain to a person with admin-level of SSSD understanding
how this change affects run time behaviour of SSSD and how can an SSSD user
test this change. If the feature is internal-only, please list what areas of
S
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
= Issuer specific matching =
Although the MIT Kerberos rules allow to select the issuer of a
certificate there are use cases where a more specific selection is
needed. E.g. if
Bump, Sumit, have you seen my comments? I haven't heard back from you.
On 17.10.2016 09:50, Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
On Tue, Oct 11, 2016 at 01:37:09PM +0200, Sumit Bose wrote:
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
Hi,
On 25.11.2016 15:55, Sumit Bose wrote:
On Fri, Nov 25, 2016 at 02:19:10PM +0100, Jan Cholasta wrote:
Bump, Sumit, have you seen my comments? I haven't heard back from you.
Yes, I've seen it and added a comment about it on the page
https://fedorahosted.org/sssd/wiki/
On 18.10.2016 07:34, Jan Cholasta wrote:
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
= Issuer specific matching =
Although the MIT Kerberos rules allow to select the issuer of a
certificate there are use cases where a more
On 5.1.2017 10:39, Sumit Bose wrote:
On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
On 18.10.2016 07:34, Jan Cholasta wrote:
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
On 13.10.2016 18:52, Sumit Bose wrote:
= Issuer specific matching
On 6.1.2017 10:30, Sumit Bose wrote:
On Fri, Jan 06, 2017 at 08:50:14AM +0100, Jan Cholasta wrote:
On 5.1.2017 10:39, Sumit Bose wrote:
On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
On 18.10.2016 07:34, Jan Cholasta wrote:
On 17.10.2016 16:50, Rob Crittenden wrote:
Jan
ced to change SSSD configuration
because of it.
Honza
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Dne 2.9.2014 v 16:37 Lukas Slebodnik napsal(a):
On (02/09/14 16:21), Pavel Reichl wrote:
On 09/01/2014 02:27 PM, Pavel Reichl wrote:
On 08/29/2014 10:41 AM, Jan Cholasta wrote:
Dne 28.8.2014 v 18:11 Pavel Reichl napsal(a):
On 08/25/2014 02:05 PM, Jan Cholasta wrote:
Dne 4.8.2014 v 19:34
Hi,
Dne 19.1.2015 v 23:16 Jakub Hrozek napsal(a):
On Fri, Jan 16, 2015 at 02:35:33PM +0100, Pavel Reichl wrote:
Hello, please see attached simple patch. Thanks!
Does this patch look sane, Honza?
yes.
Honza
--
Jan Cholasta
___
sssd-devel
a full ACK.)
Honza
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Hi,
the attached patch fixes <https://fedorahosted.org/sssd/ticket/1843>.
Honza
--
Jan Cholasta
>From 9ae232bdce21844e730405bab5dc92861bb5e6fe Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Tue, 23 Apr 2013 11:09:26 +0200
Subject: [PATCH] Add exit status section to sss_ssh_*
Hi,
the attached patches fix <https://fedorahosted.org/sssd/ticket/1897>.
See commit messages for more info. Backward compatibility with older
clients is maintained.
Honza
--
Jan Cholasta
>From 2c2dcbbe0fcdbfe29c80046f1668df26bb2ff394 Mon Sep 17 00:00:00 2001
From: Jan Cholasta
On 7.5.2013 10:30, Jakub Hrozek wrote:
On Fri, Apr 26, 2013 at 02:49:05PM +0200, Jan Cholasta wrote:
Hi,
the attached patches fix
<https://fedorahosted.org/sssd/ticket/1897>. See commit messages for
more info. Backward compatibility with older clients is maintained.
Honza
--
Jan Ch
Hi,
the attached patches fix <https://fedorahosted.org/sssd/ticket/1949>.
Honza
--
Jan Cholasta
>From 99a16294d9b5613fd5244b2b521276c09a066b9b Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Mon, 27 May 2013 17:09:59 +0200
Subject: [PATCH 1/2] SSH: When host is removed from LDAP,
t;Found more than one host with name [%s].\n",
state->name));
+}
Shouldn't we keep the host in sysdb if state->count > 1? This is not
normal condition, but an error. I think we should not modify sysdb on
error.
Sure, fixed.
Updated and rebased patches attached.
Honza
--
the right thing to call.
Why do you want to force writing out a new hosts file? The file should
never be used without sss_ssh_knownhostsproxy, which already takes care
of rewriting it.
I've put Honza who wrote the SSH responder originally to CC, I'm sure
he'll kno
y takes care
of rewriting it.
Okay, that's good to know. I'll assume it's re-written every time it's
accessed then?
That's right.
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
enotes
known_hosts entry expiration, hence my request to add support for
SYSDB_CACHE_EXPIRE. Unless you do that, I can't ACK.
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Hi,
the attached patch fixes <https://fedorahosted.org/sssd/ticket/2349>.
Honza
--
Jan Cholasta
>From 3af40652cce1d55d2c23250f67339f0f3e0bac6d Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Tue, 3 Jun 2014 14:49:56 +0200
Subject: [PATCH] SSH: Allow newline at the end of public k
On 5.6.2014 16:34, Pavel Reichl wrote:
On Wed, 2014-06-04 at 17:05 +0200, Jan Cholasta wrote:
Hi,
the attached patch fixes <https://fedorahosted.org/sssd/ticket/2349>.
Honza
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
Hi,
I'm terribly sorry for the late reply.
On 18.6.2014 17:53, Jakub Hrozek wrote:
On Thu, May 29, 2014 at 10:30:26AM +0930, William wrote:
On Mon, 2014-05-26 at 09:19 +0200, Jan Cholasta wrote:
On 26.5.2014 03:41, William wrote:
I'm afraid there is no right thing to call ATM, a
On 29.6.2014 13:14, William wrote:
On Sun, 2014-06-29 at 20:22 +0930, William wrote:
On Tue, 2014-06-24 at 10:21 +0200, Jan Cholasta wrote:
Hi,
I'm terribly sorry for the late reply.
That's okay, I understand how it can be.
Could you add a sssd.conf option for the cache timeo
mments and advice welcome.
The confdb argument in sysdb_store_ssh_host is not needed anymore.
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
On 16.7.2014 04:16, William wrote:
On Tue, 2014-07-15 at 15:57 +0200, Jan Cholasta wrote:
On 11.7.2014 03:35, William wrote:
Thanks. Could you please rename the option to
"entry_cache_ssh_host_timeout", so that it's consistent with the rest of
the cache timeout options?
H
n building without SSH bits.
--
Jan Cholasta
>From 31312ab877da0b7fe8da9ddd808345e3096dbcd0 Mon Sep 17 00:00:00 2001
From: William B
Date: Mon, 21 Jul 2014 11:13:25 +0200
Subject: [PATCH] Allow sss_cache tool to flush SSH hosts cache
---
src/confdb/confdb.c| 11 ++
src/co
Dne 4.8.2014 v 19:34 Pavel Reichl napsal(a):
On 07/21/2014 02:08 PM, Jakub Hrozek wrote:
On Mon, Jul 21, 2014 at 01:55:20PM +0200, Jan Cholasta wrote:
On 18.7.2014 06:41, William wrote:
Ignore that last patch, I messed up and didn't include a .h file.
Here
is the fixed patch.
This new
Dne 28.8.2014 v 18:11 Pavel Reichl napsal(a):
On 08/25/2014 02:05 PM, Jan Cholasta wrote:
Dne 4.8.2014 v 19:34 Pavel Reichl napsal(a):
On 07/21/2014 02:08 PM, Jakub Hrozek wrote:
On Mon, Jul 21, 2014 at 01:55:20PM +0200, Jan Cholasta wrote:
On 18.7.2014 06:41, William wrote:
Ignore that
Hi,
the attached patch fixes <https://fedorahosted.org/sssd/ticket/1560>.
Honza
--
Jan Cholasta
>From 2b0ec2b361dadc9addee576cd2215a92d15ef8c8 Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Fri, 29 Aug 2014 10:52:29 +0200
Subject: [PATCH] SDAP: Set default value of ldap_user_ssh_p
subreq = ipa_host_info_send(state, state->ev, state->sysdb,
sdap_id_op_handle(state->op),
-ctx->opts, state->name,
-state->attrs, ctx->opts->host_map,
-
d.org/sssd/ticket/1184
[PATCH 3/3] SSH: Manage global known_hosts file in the responder
https://fedorahosted.org/sssd/ticket/1193
The known_hosts file is stored in /var/lib/sss/pubconf/known_hosts.
Honza
--
Jan Cholasta
ssh_cleanup.tar.bz2
Description: applic
Hi,
I have updated and rebased the patches on top of current master.
On 24.2.2012 20:35, Stephen Gallagher wrote:
On Fri, 2012-02-24 at 19:10 +0100, Jan Cholasta wrote:
Hi,
this patchset contains these patches:
[PATCH 1/3] SSH: Save SSH host name aliases
This is needed in order to properly
On 24.2.2012 20:54, Stephen Gallagher wrote:
On Fri, 2012-02-24 at 14:17 +0100, Jan Cholasta wrote:
On 22.2.2012 09:13, Jan Zelený wrote:
On Tue, 2012-02-21 at 16:48 +0100, Jakub Hrozek wrote:
On Tue, Feb 21, 2012 at 10:49:54AM +0100, Jan Zelený wrote:
On Thu, Feb 09, 2012 at 06:05:30PM
On 27.2.2012 02:39, Stephen Gallagher wrote:
On Sun, 2012-02-26 at 21:12 +0100, Jan Cholasta wrote:
Hi,
I have updated and rebased the patches on top of current master.
On 24.2.2012 20:35, Stephen Gallagher wrote:
On Fri, 2012-02-24 at 19:10 +0100, Jan Cholasta wrote:
Hi,
this patchset
On 27.2.2012 10:46, Jan Cholasta wrote:
On 27.2.2012 02:39, Stephen Gallagher wrote:
On Sun, 2012-02-26 at 21:12 +0100, Jan Cholasta wrote:
Hi,
I have updated and rebased the patches on top of current master.
On 24.2.2012 20:35, Stephen Gallagher wrote:
On Fri, 2012-02-24 at 19:10 +0100
on of sss_ssh_knownhostsproxy
[PATCH 7/8] SSH: Update sss_ssh_knownhostsproxy manual page
[PATCH 8/8] SSH: Include SSH client source files to the list of source
files which contain translatable strings
Patches for sssd-1-8 are the 5 patches pushed to master and the patches
above, without patch 8/8.
Honza
-
as any other text when
translated into manual page. Sorry.
Honza
--
Jan Cholasta
ssh_cleanup_4_master.tar.bz2
Description: application/bzip
ssh_cleanup_4_sssd-1-8.tar.bz2
Description: application/bzip
___
sssd-devel mailing list
sssd-devel
On 6.3.2012 16:40, Stephen Gallagher wrote:
Jan Cholasta noticed that our upstream builder wasn't producing
experimental packages into the ipa-devel repository. This was due to the
builders not setting the enable_experimental variable. Patch 0003 in
this set now makes that the default i
"The file is created with permissions 0600, that is, read plus write for
owner only. (In glibc versions 2.06 and earlier, the file is created
with permissions 0666, that is, read and write for all users.)"
If you really want to use umask, use umask mode 0133 instead of 0122.
Thanks
On 7.3.2012 17:25, Jan Zelený wrote:
On Wed, 2012-03-07 at 16:23 +0100, Jan Cholasta wrote:
On 7.3.2012 14:22, Jan Zelený wrote:
Please check the umask mode, that's the only thing I'm not sure about.
The file mode is changed after the file is created using fchmod(), so no
umask is
On 8.3.2012 13:20, Stephen Gallagher wrote:
On Wed, 2012-03-07 at 09:33 +0100, Jan Cholasta wrote:
On 6.3.2012 16:40, Stephen Gallagher wrote:
Jan Cholasta noticed that our upstream builder wasn't producing
experimental packages into the ipa-devel repository. This was due to the
builder
On 9.3.2012 10:29, Jan Zelený wrote:
On 7.3.2012 17:25, Jan Zelený wrote:
On Wed, 2012-03-07 at 16:23 +0100, Jan Cholasta wrote:
On 7.3.2012 14:22, Jan Zelený wrote:
Please check the umask mode, that's the only thing I'm not sure about.
The file mode is changed after the file
CH 2/2] SSH: Canonicalize host name and do reverse DNS lookup in
sss_ssh_knownhostsproxy
Honza
--
Jan Cholasta
>From c1ecc51ae96f60a82b1f57f7484d0bee02b7787c Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Wed, 14 Mar 2012 07:54:16 -0400
Subject: [PATCH 1/2] SSH: Allow clients to explicitl
Hi,
this patch fixes infinite loop in sss_ssh_knownhostsproxy.
https://fedorahosted.org/sssd/ticket/1268
Honza
--
Jan Cholasta
>From f4f18c096ec9a83aee077fdf74abdb508fec7829 Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Tue, 20 Mar 2012 10:34:55 -0400
Subject: [PATCH] SSH: Fix infin
le polling themselves.
ACK for sss_ssh_knownhostsproxy. I did not use atomic read in there for
purpose, as it is a blocking call and using it would increase latency.
Honza
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted
Hi,
the attached patches add support for host name and address hashing in
the known_hosts file, see <https://fedorahosted.org/sssd/ticket/1203>.
[PATCH 1/2] UTIL: Add HMAC-SHA-1 function
[PATCH 2/2] SSH: Add support for hashed known_hosts
Honza
--
Jan Cholasta
On 23.4.2012 09:21, Jakub Hrozek wrote:
On Thu, Apr 19, 2012 at 11:10:13AM +0200, Jan Cholasta wrote:
Hi,
the attached patches add support for host name and address hashing
in the known_hosts file, see
<https://fedorahosted.org/sssd/ticket/1203>.
[PATCH 1/2] UTIL: Add HMAC-SHA-1 fu
On 23.4.2012 13:22, Jan Cholasta wrote:
On 23.4.2012 09:21, Jakub Hrozek wrote:
On Thu, Apr 19, 2012 at 11:10:13AM +0200, Jan Cholasta wrote:
Hi,
the attached patches add support for host name and address hashing
in the known_hosts file, see
<https://fedorahosted.org/sssd/ticket/1
econd patch should go into both master and sssd-1-8. I'm not sure
about the first one, though.
Honza
--
Jan Cholasta
>From ab87fd87bd8da5f83723c937da797fc008d1011a Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Mon, 28 May 2012 06:58:16 -0400
Subject: [PATCH 1/2] SSH: Supress error mess
On 29.5.2012 17:20, Jan Cholasta wrote:
Hi,
the attached patches fix issues in sss_ssh_knownhostsproxy:
[PATCH 1/2] SSH: Supress error message output in sss_ssh_knownhostsproxy
[PATCH 2/2] SSH: Don't abort connection in sss_ssh_knownhostsproxy when
DNS records are missing
s something wrong here, but I can't figure it out. Any
tips?
Franky
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
_____
SH_FORMAT_OPENSSH.
My guess is: the format should be made configurable and then for openssh
just return what's in ldap ...
Franky
On 2012-07-13 16:55, Jan Cholasta wrote:
Hi,
you have the public keys in LDAP in wrong format. SSSD SSH support is
currently limited only to IPA, which stores on
ntion, but
sss_ssh_authorizedkeys.c uses that section.
Franky
On Fri, 13 Jul 2012 17:22:18 +0200
Jan Cholasta wrote:
This code is for writing public keys, not for reading them from LDAP.
Dne 13.7.2012 17:18, Franky Van Liedekerke napsal(a):
That seems weird to me, as the code clearly specifies
07-16 11:15, Jan Cholasta wrote:
Hi,
that's because the output of sss_ssh_authorizedkeys is generated
using this code, so it is always executed.
Honza
Dne 13.7.2012 20:11, Franky Van Liedekerke napsal(a):
If that is the case, why am I entering that code section when reading
keys from LDAP
ll fix will need more extensive changes in the code.
Honza
--
Jan Cholasta
>From 6d9ead715e08e50678084c221605cbd40a662546 Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Fri, 24 Aug 2012 03:07:56 -0400
Subject: [PATCH] SSH: Parse OpenSSH formatted public keys
---
src/util/sss_s
ll fix will need more extensive changes in the code.
Honza
--
Jan Cholasta
>From 6d9ead715e08e50678084c221605cbd40a662546 Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Fri, 24 Aug 2012 03:07:56 -0400
Subject: [PATCH] SSH: Parse OpenSSH formatted public keys
---
src/util/sss_s
Dne 24.8.2012 10:04, Jan Cholasta napsal(a):
Hi,
this patch allows use of OpenSSH formatted public keys in LDAP. This is
needed to fix <https://fedorahosted.org/freeipa/ticket/2932>.
Note that this is just a quick fix, only the public key portion of an
OpenSSH formatted public key i
Dne 24.8.2012 12:01, Jan Cholasta napsal(a):
Dne 24.8.2012 10:04, Jan Cholasta napsal(a):
Hi,
this patch allows use of OpenSSH formatted public keys in LDAP. This is
needed to fix <https://fedorahosted.org/freeipa/ticket/2932>.
Note that this is just a quick fix, only the public key p
Dne 27.8.2012 11:36, Jan Cholasta napsal(a):
Dne 24.8.2012 12:01, Jan Cholasta napsal(a):
Dne 24.8.2012 10:04, Jan Cholasta napsal(a):
Hi,
this patch allows use of OpenSSH formatted public keys in LDAP. This is
needed to fix <https://fedorahosted.org/freeipa/ticket/2932>.
Note that t
Dne 28.8.2012 14:15, Jakub Hrozek napsal(a):
On Mon, Aug 27, 2012 at 04:08:48PM +0200, Jan Cholasta wrote:
Dne 27.8.2012 11:36, Jan Cholasta napsal(a):
Dne 24.8.2012 12:01, Jan Cholasta napsal(a):
Dne 24.8.2012 10:04, Jan Cholasta napsal(a):
Hi,
this patch allows use of OpenSSH formatted
Hi,
this patch fixes an infinite loop in ssh_host_pubkeys_update_known_hosts.
Honza
--
Jan Cholasta
>From 40acc3c86d56248aa25a6f4a5bd37967b4078671 Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Tue, 18 Sep 2012 05:01:48 -0400
Subject: [PATCH] SSH: Fix possible infinite loop when updat
is established (which usually takes just a few seconds).
The individual patches are:
[PATCH 1/3] DB: Add function for deleting values from sysdb_attrs
[PATCH 2/3] SSH: Refactor sysdb code
[PATCH 3/3] SSH: Expire hosts in known_hosts
Honza
--
Jan Cholasta
>F
Hi,
Dne 19.9.2012 20:01, Stephen Gallagher napsal(a):
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Wed 19 Sep 2012 06:09:59 AM EDT, Jan Cholasta wrote:
Hi,
this patch set changes the way the known_hosts file is updated so that
only entries for hosts that were requested recently (in the
Dne 24.9.2012 15:03, Pavel Březina napsal(a):
On 09/19/2012 12:09 PM, Jan Cholasta wrote:
Hi,
this patch set changes the way the known_hosts file is updated so that
only entries for hosts that were requested recently (in the last 5
minutes) are written to the file. There is no need to keep
Hi,
Dne 24.9.2012 15:56, Jan Cholasta napsal(a):
Dne 24.9.2012 15:03, Pavel Březina napsal(a):
On 09/19/2012 12:09 PM, Jan Cholasta wrote:
Hi,
this patch set changes the way the known_hosts file is updated so that
only entries for hosts that were requested recently (in the last 5
minutes
Hi,
On 1.10.2012 19:54, Pavel Březina wrote:
On 10/01/2012 10:23 AM, Jan Cholasta wrote:
Hi,
Dne 24.9.2012 15:56, Jan Cholasta napsal(a):
Dne 24.9.2012 15:03, Pavel Březina napsal(a):
On 09/19/2012 12:09 PM, Jan Cholasta wrote:
Hi,
this patch set changes the way the known_hosts file is
nf
to sshPublicKey.
Currently there is no default value for ldap_user_ssh_public_key in LDAP
domains. Does it make sense to make sshPublicKey the default value for it?
Honza
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
On 3.10.2012 13:29, Jakub Hrozek wrote:
On Wed, Oct 03, 2012 at 12:09:58PM +0200, Jan Cholasta wrote:
Hi,
now that SSSD supports OpenSSH formatted public keys, the
OpenSSH-LPK <http://code.google.com/p/openssh-lpk/> schema is
automatically supported as well in the LDAP provider. All yo
On 3.10.2012 14:05, Dmitri Pal wrote:
On 10/03/2012 08:04 AM, Jan Cholasta wrote:
On 3.10.2012 13:29, Jakub Hrozek wrote:
On Wed, Oct 03, 2012 at 12:09:58PM +0200, Jan Cholasta wrote:
Hi,
now that SSSD supports OpenSSH formatted public keys, the
OpenSSH-LPK <http://code.google.com/p/open
Hi,
the attached patch fixes <https://fedorahosted.org/sssd/ticket/1574>.
Honza
--
Jan Cholasta
>From 42406150f84419611681611f1d9363e30b51a74a Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Fri, 12 Oct 2012 10:32:43 -0400
Subject: [PATCH] SSH: When host keys are removed from LDA
On 12.10.2012 16:48, Jan Cholasta wrote:
Hi,
the attached patch fixes <https://fedorahosted.org/sssd/ticket/1574>.
Honza
Removed an unnecessary if at the end of sysdb_store_ssh_host. Updated
patch attached.
Honza
--
Jan Cholasta
>From 8925cd224117094e93e80936a655353ee77d1fda M
s. Also trac cannot 'trac' patches that are not associated to a bug,
so it will always be incomplete.
In Trac's defense, it is actually fedorahosted that is slow. See how
fast it is on other sites, e.g. <https://dev.openwrt.org> or
<http://bin
stemctl daemon-reload >/dev/null 2>&1 || :
+/bin/systemctl try-restart sssd.service >/dev/null 2>&1 || :
+fi
There is no reason to call systemctl daemon-reload again inside the if.
Honza
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
ache.c and tools_util.c
right after sysdb_init_domain_and_sysdb is called IMO.
3) I would prefer if you did not suppress logging of debug messages when
ret == EMEDIUMTYPE.
Honza
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedora
debug-tests,
find_uid-tests, ipa_hbac-tests, ipa_ldap_opt-tests, pac_responder-tests,
sss_idmap-tests, strtonum-tests, util-tests.
Also, stress-tests does not accept the -d option at all.
Honza
--
Jan Cholasta
___
sssd-devel mailing list
sssd-
On 9.11.2012 13:24, Ondrej Kos wrote:
On 11/08/2012 07:01 PM, Jan Cholasta wrote:
Hi,
On 8.11.2012 15:05, Ondrej Kos wrote:
https://fedorahosted.org/sssd/ticket/1589
patch is attached
O.
1) I think monitor and responders should use a different error message,
excluding "If greater ve
On 12.11.2012 15:19, Jakub Hrozek wrote:
On Thu, Nov 08, 2012 at 01:17:28PM +0100, Jan Cholasta wrote:
Hi,
On 26.10.2012 16:00, Pavel Březina wrote:
On 10/22/2012 03:46 PM, Jakub Hrozek wrote:
On Mon, Oct 22, 2012 at 02:00:29PM +0200, Pavel Březina wrote:
On 10/19/2012 12:43 PM, Jakub
On 12.11.2012 14:34, Jakub Hrozek wrote:
On Fri, Nov 09, 2012 at 10:31:13AM +0100, Jan Cholasta wrote:
On 8.11.2012 20:10, Jakub Hrozek wrote:
Please see the attached patch. It wasn't possible to set the debug level
of tests easily, which made debugging them hard.
The following tests
On 13.11.2012 15:41, Ondrej Kos wrote:
On 11/12/2012 01:14 PM, Jan Cholasta wrote:
On 9.11.2012 13:24, Ondrej Kos wrote:
On 11/08/2012 07:01 PM, Jan Cholasta wrote:
Hi,
On 8.11.2012 15:05, Ondrej Kos wrote:
https://fedorahosted.org/sssd/ticket/1589
patch is attached
O.
1) I think
On 14.11.2012 14:03, Ondrej Kos wrote:
On 11/14/2012 11:53 AM, Jan Cholasta wrote:
On 13.11.2012 15:41, Ondrej Kos wrote:
On 11/12/2012 01:14 PM, Jan Cholasta wrote:
On 9.11.2012 13:24, Ondrej Kos wrote:
On 11/08/2012 07:01 PM, Jan Cholasta wrote:
Hi,
On 8.11.2012 15:05, Ondrej Kos wrote
On 14.11.2012 16:20, Ondrej Kos wrote:
On 11/14/2012 03:38 PM, Simo Sorce wrote:
On Wed, 2012-11-14 at 15:18 +0100, Jan Cholasta wrote:
Just one more nitpick: SSS_DB_CHECK_PTS and sss_db_version_check are
used only in sysdb.c, so there is no reason to have them defined
publicly in util.h
On 16.11.2012 09:48, Jakub Hrozek wrote:
On Tue, Nov 13, 2012 at 09:40:54AM +0100, Jan Cholasta wrote:
Honza agreed to take over this patch.
Updated patch attached.
Also created a new patch with fixes for errors reported by rpmlint.
Honza
--
Jan Cholasta
Patch 1 is mostly good builds on
On 16.11.2012 15:25, Ondrej Kos wrote:
On 11/15/2012 03:03 PM, Jan Cholasta wrote:
On 14.11.2012 16:20, Ondrej Kos wrote:
On 11/14/2012 03:38 PM, Simo Sorce wrote:
On Wed, 2012-11-14 at 15:18 +0100, Jan Cholasta wrote:
Just one more nitpick: SSS_DB_CHECK_PTS and sss_db_version_check are
On 16.11.2012 16:05, Jan Cholasta wrote:
On 16.11.2012 09:48, Jakub Hrozek wrote:
On Tue, Nov 13, 2012 at 09:40:54AM +0100, Jan Cholasta wrote:
Honza agreed to take over this patch.
Updated patch attached.
Also created a new patch with fixes for errors reported by rpmlint.
Honza
--
Jan
it to sss_ssh_authorizedkeys.
Honza
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Hi,
the attached patch fixes <https://fedorahosted.org/sssd/ticket/1660>.
Honza
--
Jan Cholasta
>From 74c9224d76d12db776d76da341902c6af6ad61ed Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Thu, 22 Nov 2012 12:21:52 +0100
Subject: [PATCH] LDAP: If deref search fails, try agai
On 3.12.2012 21:36, Stephen Gallagher wrote:
On Mon 03 Dec 2012 11:14:28 AM EST, Jan Cholasta wrote:
Hi,
the attached patch fixes <https://fedorahosted.org/sssd/ticket/1660>.
Could we do this as a check during the RootDSE lookup (similar to how we
test for the Active Directory ma
Hi,
I have accidentally placed documentation for ssh_known_hosts_timeout in
the autofs section of sssd.conf(5). The attached patch fixes it.
Honza
--
Jan Cholasta
>From 3d0b036aa559b21c7df2dd69b5842ca1b9644aeb Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Wed, 5 Dec 2012 10:58:55 +0
Hi,
the attached patch fixes <https://fedorahosted.org/sssd/ticket/1687>.
Honza
--
Jan Cholasta
>From 6ee131a63425d71b54cca052421dc7368b3e56d9 Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Thu, 22 Nov 2012 18:04:30 +0100
Subject: [PATCH] SSH: Reject requests for authorized key
Hi,
this patch fixes CVE-2013-0220.
https://fedorahosted.org/sssd/ticket/1781
Honza
--
Jan Cholasta
>From 5b0893a10acbe56f7bf8cddc40fffde172a52b11 Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Wed, 23 Jan 2013 12:26:17 +0100
Subject: [PATCH] Check that strings do not go beyond the end
Pv6 network and reserved addresses (see
python-netaddr source for a list). BTW IPv4 loopback is the whole
127.0.0.0/8 net, you might also want to check that.
Honza
--
Jan Cholasta
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedo
Dne 4.2.2012 11:05, Jakub Hrozek napsal(a):
On Fri, Feb 03, 2012 at 11:29:52PM +0100, Jan Cholasta wrote:
Hi,
this is a set of patches implementing SSH support in SSSD.
To test it, install a SSH-patched (patches are on freeipa-devel) IPA
server, create a test user with SSH public keys (&quo
s should apply on master.
On Sat, Feb 04, 2012 at 11:43:56AM +0100, Jan Cholasta wrote:
Dne 4.2.2012 11:05, Jakub Hrozek napsal(a):
On Fri, Feb 03, 2012 at 11:29:52PM +0100, Jan Cholasta wrote:
Hi,
this is a set of patches implementing SSH support in SSSD.
To test it, install a SSH-patched
Updated patches attached.
Dne 6.2.2012 23:13, Jakub Hrozek napsal(a):
On Mon, Feb 06, 2012 at 07:48:10PM +0100, Jakub Hrozek wrote:
On Mon, Feb 06, 2012 at 05:42:15PM +0100, Jan Cholasta wrote:
Updated& rebased the patches on top of current master.
To test them, install a SSH-patched
A few more issues were found.
Updates patches attached.
Dne 7.2.2012 00:08, Jan Zeleny napsal(a):
Jan Cholasta wrote:
Updated patches attached.
Dne 6.2.2012 23:13, Jakub Hrozek napsal(a):
On Mon, Feb 06, 2012 at 07:48:10PM +0100, Jakub Hrozek wrote:
On Mon, Feb 06, 2012 at 05:42:15PM
your SSH-related code. That is the last code
that uses host fetching.
Everything seems to be working fine.
If this patch makes it to master, I plan to do some more cleanup in the HBAC
code which is closely related to the code this patch cleans.
Thanks
Jan
Honza
--
Jan Cholasta
Dne 7.2.2012 14:05, Stephen Gallagher napsal(a):
On Tue, 2012-02-07 at 13:55 +0100, Jan Cholasta wrote:
Dne 7.2.2012 13:40, Jan Zelený napsal(a):
With all these changes happening in last two weeks, the IPA hosts code was
messy at best. This patch sorts out some of the mess. I already did some
this issue. See attachment.
Honza
--
Jan Cholasta
>From a7cbc87e07e0be53c516526b9136a1b8e1ec5aca Mon Sep 17 00:00:00 2001
From: Jan Cholasta
Date: Tue, 7 Feb 2012 10:29:10 -0500
Subject: [PATCH] Add missing services to sssd.api.conf
---
src/config/etc/sssd.api.conf |2 +-
1 files changed
Dne 7.2.2012 16:35, Stephen Gallagher napsal(a):
On Tue, 2012-02-07 at 16:34 +0100, Jan Cholasta wrote:
Hi,
while working on ipa-client-install changes that reflect the addition of
my SSH work to SSSD, I have noticed that the new (autofs, sudo, ssh)
services are not listed in sssd.api.conf
1 - 100 of 107 matches
Mail list logo