URL: https://github.com/SSSD/sssd/pull/60
Title: #60: Document ad_access_filter search for nested groups
abbra commented:
"""
Please use this URL: https://msdn.microsoft.com/en-us/library/cc223367.aspx
"""
See the full comment at
https://github.com/SSSD/sssd/
URL: https://github.com/SSSD/sssd/pull/193
Title: #193: UTIL: Use max 15 characters for AD host UPN
abbra commented:
"""
I think the requirement for computer accounts comes from NT compatibility where
it is based on NetBIOS spec. Note that samAccountName is not limited by
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
abbra commented:
"""
Still, why you cannot make that decision without an option's help? Sorry, I
don't see a difference -- why by seeing a certificate `pam_sss` cannot
URL: https://github.com/SSSD/sssd/pull/268
Title: #268: pam_sss: add support for SSS_PAM_CERT_INFO_WITH_HINT
abbra commented:
"""
I opened RFE https://pagure.io/SSSD/sssd/issue/3396 to discuss details of this.
I believe "sending potentially bogus data to SSSD"
URL: https://github.com/SSSD/sssd/pull/467
Title: #467: nss-idmap: allow NULL result in *_timeout calls
abbra commented:
"""
I just did a test with slapi-nis that evicts users/groups from cache in case ID
overrides did change and everything worked with this pull request while
URL: https://github.com/SSSD/sssd/pull/522
Author: abbra
Title: #522: Prepare SSSD to support IPA in trust to Samba AD
Action: opened
PR body:
"""
This pull request prepares SSSD ipa provider to support IPA in trust to Samba
AD but the same changes are needed for a prop
URL: https://github.com/SSSD/sssd/pull/620
Title: #620: Add pam_cert_pam_services option
abbra commented:
"""
I'm also fine with @lslebodn patch
"""
See the full comment at
https://github.com/SSSD/sssd/pull/620#issuecomment-411374966
URL: https://github.com/SSSD/sssd/pull/620
Title: #620: Add pam_cert_pam_services option
abbra commented:
"""
I think +service style is better. Sorry for slow answers, I'm at the conference
this week.
"""
See the full comment at
https://github.com/SSSD/sssd/p
URL: https://github.com/SSSD/sssd/pull/620
Author: abbra
Title: #620: Add pam_cert_pam_services option
Action: opened
PR body:
"""
Allow customizing which PAM services are allowed to perform smartcard
authentication.
Fixes: https://pagure.io/SSSD/sssd/issue/3775
""
URL: https://github.com/SSSD/sssd/pull/522
Title: #522: Prepare SSSD to support IPA in trust to Samba AD
abbra commented:
"""
@jhrozek ping, is it possible to review this pull request?
"""
See the full comment at
https://github.com/SSSD/sssd/p
URL: https://github.com/SSSD/sssd/pull/522
Author: abbra
Title: #522: Prepare SSSD to support IPA in trust to Samba AD
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/522/head:pr522
git checkout pr522
From
URL: https://github.com/SSSD/sssd/pull/522
Author: abbra
Title: #522: Prepare SSSD to support IPA in trust to Samba AD
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/522/head:pr522
git checkout pr522
From
URL: https://github.com/SSSD/sssd/pull/522
Author: abbra
Title: #522: Prepare SSSD to support IPA in trust to Samba AD
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/522/head:pr522
git checkout pr522
From
URL: https://github.com/SSSD/sssd/pull/522
Title: #522: Prepare SSSD to support IPA in trust to Samba AD
abbra commented:
"""
@jhrozek @sumit-bose I've updated the patches to address Jakub's comments.TDO
lookup should only be performed in the server mode, so I added that. At t
URL: https://github.com/SSSD/sssd/pull/522
Author: abbra
Title: #522: Prepare SSSD to support IPA in trust to Samba AD
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/522/head:pr522
git checkout pr522
From
URL: https://github.com/SSSD/sssd/pull/522
Title: #522: Prepare SSSD to support IPA in trust to Samba AD
abbra commented:
"""
@jhrozek, @sumit-bose I've updated this pull request with a new code that adds
a missing `cn=trusts,$SUFFIX` base after a user base is parsed. I find
URL: https://github.com/SSSD/sssd/pull/683
Title: #683: PYSSS: Re-add the pysss.getgrouplist() interface
abbra commented:
"""
Looks good to me. Thank you, @jhrozek
"""
See the full comment at
https://github.com/SSSD/sssd/p
URL: https://github.com/SSSD/sssd/pull/798
Title: #798: ipa: ipa_getkeytab don't call libnss_sss
abbra commented:
"""
Looks nice to me too. In this environment and execution flow we do not expect
to resolve any of non-system users because the only user we would need to car
URL: https://github.com/SSSD/sssd/pull/850
Title: #850: sudo: use proper datetime for default modifyTimestamp value
abbra commented:
"""
Thanks. Please push.
"""
See the full comment at
https://github.com/SSSD/sssd/p
URL: https://github.com/SSSD/sssd/pull/850
Title: #850: sudo: use proper datetime for default modifyTimestamp value
Label: +Accepted
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to
URL: https://github.com/SSSD/sssd/pull/850
Title: #850: sudo: use proper datetime for default modifyTimestamp value
abbra commented:
"""
LGTM but could you please add a comment to the commit message about a
particular format of the timestamp (the fact that month and day cannot
URL: https://github.com/SSSD/sssd/pull/905
Title: #905: Don't ignore host entries in Group Policy security filters
abbra commented:
"""
@dmulder they need to be reviewed by SSSD core team (I'm not the one ;)), so we
need a review from @pbrezina and @sumit-bose, at least.
&q
URL: https://github.com/SSSD/sssd/pull/905
Title: #905: WIP: Don't ignore host entries in Group Policy security filters
abbra commented:
"""
Few observations:
- we already have code to translate between string/structure for SIDs, why
there is a need for another one?
- may be y
URL: https://github.com/SSSD/sssd/pull/905
Title: #905: WIP: Don't ignore host entries in Group Policy security filters
abbra commented:
"""
Sure, David.
See src/lib/idmap/sss_idmap.h for SID-related functions.
For accessing `ad_hostname`, you have it already in the `struct
ad_g
URL: https://github.com/SSSD/sssd/pull/5300
Title: #5300: ad: use parallel cldap ping for site discovery
abbra commented:
"""
@pbrezina I see linking failures:
```
/usr/bin/ld: /tmp/nss-srv-tests.hGpNig.ltrans0.ltrans.o: in function
`__wrap_sss_packet_get_body':
/builddir/b
URL: https://github.com/SSSD/sssd/pull/5367
Title: #5367: pam: add pam_sss_gss module for gssapi authentication
abbra commented:
"""
You can pass `ccache` in client creds store you pass to
`gss_acquire_cred_from()`. You are already using `keytab` there, passing
`ccache
URL: https://github.com/SSSD/sssd/pull/5367
Title: #5367: pam: add pam_sss_gss module for gssapi authentication
abbra commented:
"""
> While testing I came across a behavior which can be a bug or a feature and we
> should decide how to handle and/or document it.
>
&g
URL: https://github.com/SSSD/sssd/pull/5251
Title: #5251: subdomains: allow to inherit case_sensitive=Preserving
abbra commented:
"""
For what it worth, IPA always lowcases user and group names when storing in
LDAP, there is no way to avoid it.
"""
See the full
URL: https://github.com/SSSD/sssd/pull/5476
Author: abbra
Title: #5476: sudo runas: do not add '%' to external groups in IPA
Action: opened
PR body:
"""
When IPA allows to add AD users and groups directly to sudo rules
(FreeIPA 4.9.1 or later), external groups will already
URL: https://github.com/SSSD/sssd/pull/5476
Author: abbra
Title: #5476: sudo runas: do not add '%' to external groups in IPA
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5476/head:pr5476
git checkout pr5476
From
URL: https://github.com/SSSD/sssd/pull/5494
Title: #5494: pam_sss_gss: support authentication indicators
abbra commented:
"""
It now works for me. Here is a test on Fedora 33:
```
[admin@master ~]$ export KRB5CCNAME=/tmp/admin.cc
[admin@master ~]$ sudo -l
pam_sss_gss: Init
URL: https://github.com/SSSD/sssd/pull/5494
Author: abbra
Title: #5494: pam_sss_gss: support authentication indicators
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5494/head:pr5494
git checkout pr5494
From
URL: https://github.com/SSSD/sssd/pull/5494
Title: #5494: pam_sss_gss: support authentication indicators
abbra commented:
"""
Thanks, @frozencemetery, I updated the code according to the suggestions.
I also decided to unify a bit the man page example language -- I do talk abo
URL: https://github.com/SSSD/sssd/pull/5494
Author: abbra
Title: #5494: pam_sss_gss: support authentication indicators
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5494/head:pr5494
git checkout pr5494
From
URL: https://github.com/SSSD/sssd/pull/5494
Author: abbra
Title: #5494: pam_sss_gss: support authentication indicators
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5494/head:pr5494
git checkout pr5494
From
URL: https://github.com/SSSD/sssd/pull/5494
Author: abbra
Title: #5494: pam_sss_gss: support authentication indicators
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5494/head:pr5494
git checkout pr5494
From
URL: https://github.com/SSSD/sssd/pull/5494
Author: abbra
Title: #5494: pam_sss_gss: support authentication indicators
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5494/head:pr5494
git checkout pr5494
From
URL: https://github.com/SSSD/sssd/pull/5494
Author: abbra
Title: #5494: pam_sss_gss: support authentication indicators
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5494/head:pr5494
git checkout pr5494
From
URL: https://github.com/SSSD/sssd/pull/5494
Title: #5494: pam_sss_gss: support authentication indicators
abbra commented:
"""
@alexey-tikhonov I fixed couple covscan-reported issues. There are others which
are due to covscan not finishing its analysis in the limited time and th
URL: https://github.com/SSSD/sssd/pull/5494
Title: #5494: pam_sss_gss: support authentication indicators
abbra commented:
"""
@alexey-tikhonov I ran covscan for my patches and while it still failed, at
least two issues addressed by the separate patches here were fixed. I seem fe
URL: https://github.com/SSSD/sssd/pull/5494
Author: abbra
Title: #5494: pam_sss_gss: support authentication indicators
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5494/head:pr5494
git checkout pr5494
From
URL: https://github.com/SSSD/sssd/pull/5494
Title: #5494: pam_sss_gss: support authentication indicators
abbra commented:
"""
@alexey-tikhonov so I looked closer to covscan failure that prevents the clean
run. It is due to the following problem:
```
RPM build errors:
error: Em
URL: https://github.com/SSSD/sssd/pull/5494
Title: #5494: pam_sss_gss: support authentication indicators
abbra commented:
"""
Added few more covscan fixes.
@sumit-bose asked on IRC to add a way to 'cancel' authentication indicator
check in a subdomain. I added support for
URL: https://github.com/SSSD/sssd/pull/5494
Title: #5494: pam_sss_gss: support authentication indicators
abbra commented:
"""
I'll move covscan fixes to a separate PR.
"""
See the full comment at
https://github.com/SSSD/sssd/pu
URL: https://github.com/SSSD/sssd/pull/5494
Author: abbra
Title: #5494: pam_sss_gss: support authentication indicators
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5494/head:pr5494
git checkout pr5494
From
URL: https://github.com/SSSD/sssd/pull/5498
Author: abbra
Title: #5498: Covscan fixes
Action: opened
PR body:
"""
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5498/head:p
URL: https://github.com/SSSD/sssd/pull/5494
Title: #5494: pam_sss_gss: support authentication indicators
abbra commented:
"""
Moved the covscan fixes to PR https://github.com/SSSD/sssd/pull/5498
"""
See the full comment at
https://github.com/SSSD/sssd/pu
URL: https://github.com/SSSD/sssd/pull/5494
Author: abbra
Title: #5494: pam_sss_gss: support authentication indicators
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5494/head:pr5494
git checkout pr5494
From
URL: https://github.com/SSSD/sssd/pull/5494
Title: #5494: pam_sss_gss: support authentication indicators
abbra commented:
"""
@sumit-bose thank you! I added this one line and re-pushed.
"""
See the full comment at
https://github.com/SSSD/sssd/pu
URL: https://github.com/SSSD/sssd/pull/5484
Title: #5484: sudo: do not search by low usn value to improve performance
abbra commented:
"""
Please fix the commit description: `no we omit`
"""
See the full comment at
https://github.com/SSSD/sssd/pu
URL: https://github.com/SSSD/sssd/pull/5498
Title: #5498: Covscan fixes
abbra commented:
"""
I did receive them but had no time to fix. If you have some time, please feel
free to overtake this PR. I don't think I'll have much time until maybe mid
March.
"""
URL: https://github.com/SSSD/sssd/pull/5498
Title: #5498: Covscan fixes
abbra commented:
"""
@alexey-tikhonov thanks for handling this. I am OK with dropping the remaining
patch.
"""
See the full comment at
https://github.com/SSSD/sssd/pu
URL: https://github.com/SSSD/sssd/pull/5494
Author: abbra
Title: #5494: pam_sss_gss: support authentication indicators
Action: opened
PR body:
"""
MIT Kerberos allows to associate authentication indicators with the
issued ticket based on the way how the TGT was obtained.
URL: https://github.com/SSSD/sssd/pull/5494
Title: #5494: pam_sss_gss: support authentication indicators
abbra commented:
"""
This is a draft implementation of https://github.com/SSSD/sssd/issues/5482. I
haven't tested it yet myself.
"""
See the full comment at
URL: https://github.com/SSSD/sssd/pull/5494
Author: abbra
Title: #5494: pam_sss_gss: support authentication indicators
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5494/head:pr5494
git checkout pr5494
From
URL: https://github.com/SSSD/sssd/pull/5847
Title: #5847: pam_sss: Allow offline authentication against
non-ipa-desktopprofiles aware DC
abbra commented:
"""
In FreeIPA, if desktop profiles' support is enabled, the data is in replicated
tree. This means you should be able
56 matches
Mail list logo
