URL: https://github.com/freeipa/freeipa/pull/2676
Author: tiran
Title: #2676: ipa-getkeytab: resolve symlink
Action: opened
PR body:
"""
Resolve one level of symbolic links to support a dangling symlink as
keytab target. To prevent symlink attacks, only resolve symlink when the
symlink is owned by the current effective user and group.
Fixes: https://pagure.io/freeipa/issue/4607
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2676/head:pr2676
git checkout pr2676
URL: https://github.com/freeipa/freeipa/pull/2677
Author: tiran
Title: #2677: Don't configure KEYRING ccache in containers
Action: opened
PR body:
"""
Kernel keyrings are not namespaced yet. Keyrings can leak into other
containers. Therefore keyrings should not be used in containerized
environment.
Don't configure Kerberos to use KEYRING ccache backen when a container
environment is detected by systemd-detect-virt --container.
Fixes: https://pagure.io/freeipa/issue/7807
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2677/head:pr2677
git checkout pr2677
I was going through the article "Implementing FreeIPA in a mixed Environment (Windows/Linux) - Step by step" published at
https://www.freeipa.org/page/Implementing_FreeIPA_in_a_mixed_Environment_...
I stumbled upon some commands and eventually completed setup referring to another article.
Over the versions and years, some commands have changed and they need to reflect in the article.
Below are the changes needed to the article.
> "# ipa-server-install --setup-bind"
"# ipa-server-install --setup-dns"
> "# ipa-finduser admin"
"# ipa user-show admin"
> "# ipa-addservice host/bmdata01.example.com"
Here adding from IPA UI was used.
"ipa host-add --ip-address=192.168.9.120 test-host.example.com"
This may work, but it failed to create reverse dns entry.
> "# ipa-getkeytab -s ds.example.com -p host/bmdata01.example.com -e des-cbc-crc -k krb5.keytab.txt -P"
"# ipa-getkeytab -s ds.example.com -p host/bmdata01.example.com -e arcfour-hmac -k krb5.keytab.txt -P"
The des-cbc-crc had given me error.
> "C:> ksetup /setmachpassword <password> (the same password you have set in IPA server)"
"ksetup /setcomputerpassword <password> (the same password you have set in IPA server)"
regards,
Mohan
URL: https://github.com/freeipa/freeipa/pull/2591
Author: tiran
Title: #2591: [Backport][ipa-4-7] Unify and simplify LDAP service discovery
Action: opened
PR body:
"""
This PR was opened automatically because PR #2144 was pushed to master and backport to ipa-4-7 is required.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2591/head:pr2591
git checkout pr2591
URL: https://github.com/freeipa/freeipa/pull/2670
Author: tiran
Title: #2670: Add index on idnsName
Action: opened
PR body:
"""
The data structures for the internal DNS server use the attribute idnsName
instead of cn in the DN. It's also used to search for entries when entries
are added, modified, or removed.
The new index speeds up dnsrecord and dnszone related commands as well
as commands like host-add and host-del --updatedns.
Fixes: https://pagure.io/freeipa/issue/7803
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
Note, this PR contain changes from https://github.com/freeipa/freeipa/pull/2649 to a avoid merge conflict.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2670/head:pr2670
git checkout pr2670