June 2017 - FreeIPA-devel - Fedora Mailing-Lists

[freeipa PR#848][opened] sssd.py: Deprecating no-sssd option.

by Tiboris

URL: https://github.com/freeipa/freeipa/pull/848 Author: Tiboris Title: #848: sssd.py: Deprecating no-sssd option. Action: opened PR body: """ Resolves: https://pagure.io/freeipa/issue/5860 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/848/head:pr848 git checkout pr848

7 years

2
6
0 / 0

[freeipa PR#829][opened] client.py: Replace hardcoded 'admin' with options.principal

by Tiboris

URL: https://github.com/freeipa/freeipa/pull/829 Author: Tiboris Title: #829: client.py: Replace hardcoded 'admin' with options.principal Action: opened PR body: """ Fixes: https://pagure.io/freeipa/issue/5406 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/829/head:pr829 git checkout pr829

7 years

4
19
0 / 0

[freeipa PR#855][opened] Prevent issues with older clients

by simo5

URL: https://github.com/freeipa/freeipa/pull/855 Author: simo5 Title: #855: Prevent issues with older clients Action: opened PR body: """ Older clients have issues parsing cookies, and cannot handle well the MaxAge setting. So the first patch is about removing it. Unfortunately this means cookies will be valid for the duration of the authentication ticket which is set to 24h by default. This is a bit high, so the second patch adds the ability to set the "kinit_lifetime" in /etc/api/default.conf so that users authenticating using username/password can have their tickets (and therefore their session) hard capped at whatever lifetime is set there. Users that use HTTP negotiate can control their session duration by getting shorter lived tickets via kinit. In all cases users can click on the logout button to blow away credentials. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/855/head:pr855 git checkout pr855

7 years

5
16
0 / 0

[freeipa PR#861][opened] [IPA 4.5] Bump version of python-gssapi

by pvomacka

URL: https://github.com/freeipa/freeipa/pull/861 Author: pvomacka Title: #861: [IPA 4.5] Bump version of python-gssapi Action: opened PR body: """ Complete fixing of the bug requires fix on python-gssapi side. That fix is included in version 1.2.0-5. Fixes: https://pagure.io/freeipa/issue/6796 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/861/head:pr861 git checkout pr861

7 years

2
4
0 / 0

[freeipa PR#858][opened] Bumb version of python-gssapi

by pvomacka

URL: https://github.com/freeipa/freeipa/pull/858 Author: pvomacka Title: #858: Bumb version of python-gssapi Action: opened PR body: """ Complete fixing of the bug requires fix on python-gssapi side. That fix is included in version 1.2.0-5. Fixes: https://pagure.io/freeipa/issue/6796 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/858/head:pr858 git checkout pr858

7 years

3
8
0 / 0

[freeipa PR#841][opened] ipa-kdb: use canonical principal in certauth plugin

by sumit-bose

URL: https://github.com/freeipa/freeipa/pull/841 Author: sumit-bose Title: #841: ipa-kdb: use canonical principal in certauth plugin Action: opened PR body: """ Currently the certauth plugin use the unmodified principal from the request to lookup the user. This might fail if e.g. enterprise principals are use. With this patch the canonical principal form the kdc entry is used. Resolves https://pagure.io/freeipa/issue/6993 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/841/head:pr841 git checkout pr841

7 years

3
3
0 / 0

[freeipa PR#836][opened] Only warn when specified server IP addresses don't match intf

by MartinBasti

URL: https://github.com/freeipa/freeipa/pull/836 Author: MartinBasti Title: #836: Only warn when specified server IP addresses don't match intf Action: opened PR body: """ In containers local addresses differ from public addresses and we need a way to provide only public address to installers. https://pagure.io/freeipa/issue/2715 https://pagure.io/freeipa/issue/4317 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/836/head:pr836 git checkout pr836

7 years

3
9
0 / 0

[freeipa PR#843][opened] [WIP] Fixing test_installation.py tests

by felipevolpone

URL: https://github.com/freeipa/freeipa/pull/843 Author: felipevolpone Title: #843: [WIP] Fixing test_installation.py tests Action: opened PR body: """ I've been working on the test_installation.py suite and figure out how to solve some of them. The TestInstallWithCA1 have 9 tests failing; 6 of them can be fixed adding ```bash <ip> ipa-ca.$DOMAIN ``` into the master `/etc/hosts`. After that, three of them are still failing. The log: https://paste.fedoraproject.org/paste/7n3CMEH5nhiHu~Vai8cObV5M1UNdIGYhyRL.... They are: * test_replica1_with_ca_install * test_replica2_with_ca_kra_install * test_replica1_ipa_kra_install I've moved the tests * test_replica2_with_ca_kra_install * test_replica1_ipa_kra_install to a new class (TestInstallWithCA1_KRA1) and created a new install method, which use the `setup_kra=True` option in the install_master method. The tests are still failing, but for another reason, the logs: https://paste.fedoraproject.org/paste/ytzzIUDhh5ARcunpSfSubV5M1UNdIGYhyRL... """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/843/head:pr843 git checkout pr843

7 years

2
5
0 / 0

[freeipa PR#847][opened] Turn off OCSP check

by pvomacka

URL: https://github.com/freeipa/freeipa/pull/847 Author: pvomacka Title: #847: Turn off OCSP check Action: opened PR body: """ The OCSP check was previously turned on but it introduced several issues. Therefore the check will be turned off by default. For turning on should be used ipa advise command with correct recipe. The solution is tracked here: https://pagure.io/freeipa/issue/6982 Fixes: https://pagure.io/freeipa/issue/6981 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/847/head:pr847 git checkout pr847

7 years

3
11
0 / 0

[freeipa PR#852][opened] pkinit manage: introduce ipa-pkinit-manage

by HonzaCholasta

URL: https://github.com/freeipa/freeipa/pull/852 Author: HonzaCholasta Title: #852: pkinit manage: introduce ipa-pkinit-manage Action: opened PR body: """ **server certinstall: update KDC master entry** After the KDC certificate is installed, add the PKINIT enabled flag to the KDC master entry. **pkinit manage: introduce ipa-pkinit-manage** Add the ipa-pkinit-manage tool to allow enabling / disabling PKINIT after the initial server install. **server upgrade: do not enable PKINIT by default** Enabling PKINIT often fails during server upgrade when requesting the KDC certificate. Now that PKINIT can be enabled post-install using ipa-pkinit-manage, avoid the upgrade failure by not enabling PKINIT by default. https://pagure.io/freeipa/issue/7000 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/852/head:pr852 git checkout pr852

7 years

2
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

FreeIPA-devel June 2017