URL: https://github.com/freeipa/freeipa/pull/4061
Author: RichardKalinec
Title: #4061: doc/designs: Add a design page for application-specific passwords
Action: opened
PR body:
"""
This design page describes a new enhancement: application-specific
passwords and permissions management for them. Users will be able to
have additional passwords besides the primary one, and set permissions
for them specifying what systems and services will each
application-specific password have access to. Application-specific
passwords will also be usable with other authentication mechanisms
incorporating passwords, namely otp, radius and hardened. They will
also be supported by ipa-kdb for Kerberos authentication.
https://pagure.io/freeipa/issue/4510
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4061/head:pr4061
git checkout pr4061
URL: https://github.com/freeipa/freeipa/pull/3275
Author: marcus2376
Title: #3275: Issue 7975 - Accept 389-ds JSON replication status messages
Action: opened
PR body:
"""
Description:
389-ds now stores a replication agreement status message in a JSON string in a new attribute:
replicaLastInitStatusJSON
replicaLastUpdateStatusJSON
The original status attributes' values are not changing at this time, but there are plans to do so eventually as the old status format is confusing.
http://www.port389.org/docs/389ds/design/repl-agmt-status-design.htmlhttps://pagure.io/freeipa/issue/7975
Reviewed by: ?
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3275/head:pr3275
git checkout pr3275
URL: https://github.com/freeipa/freeipa/pull/3774
Author: stanislavlevin
Title: #3774: [DNSSEC] WIP Allow using of a custom OpenSSL engine for BIND
Action: opened
PR body:
"""
For now Debian, Fedora, RHEL, etc. build BIND with 'native PKCS11'
support. Till recently, that was the strict requirement of DNSSEC.
The problem is that this restricts cross-platform features of FreeIPA.
With the help of libp11, which provides `pkcs11` engine plugin for
the OpenSSL library for accessing PKCS11 modules in a semi-
transparent way, FreeIPA could utilize OpenSSL version of BIND.
BIND in turn provides ability to specify the OpenSSL engine on the
command line of `named` and all the BIND `dnssec-*` tools by using
the `-E engine_name`.
Currently, this PR implements just an abstract ability.
Actual configuration and tests results could be seen in my fork Azure Pipelines:
https://dev.azure.com/slev0400/slev/_build/results?buildId=627&view=logs&j=…https://dev.azure.com/slev0400/slev/_build/results?buildId=627&view=logs&j=…
Related: https://pagure.io/freeipa/issue/8094
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3774/head:pr3774
git checkout pr3774
URL: https://github.com/freeipa/freeipa/pull/3544
Author: mulatinho
Title: #3544: [WIP] ipa-join: allowing call with jsonrpc into freeipa API
Action: opened
PR body:
"""
- Adding JSON-C and LibCURL library into configure.ac and Makefile.am
- Creating a API call with option '-j' or '--jsonrpc' to make host join on FreeIPA with JSONRPC and libCURL.
TODO: unenroll process with JSONRPC.
To test the call:
# kinit admin
# ipa-join -s server.freeipa.ipadomain -j
Debug:
# ipa-join -s server.freeipa.ipadomain -j -d
Related: https://pagure.io/freeipa/issue/7966
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3544/head:pr3544
git checkout pr3544
Hi,
we are almost there with FreeIPA 4.8.7 release. I would like to have
some help with release notes.
I prepared a draft at https://vda.li/drafts/freeipa-4.8.7-release-notes.html
As you can see, there are not many notes there yet but we have quite a
lot of fixes (more than 60 tickets closed).
The page has links to each ticket referenced in the commits since 4.8.6
release. If you have details to add, please click on the ticket link and
add a short release note information in the 'changelog' field of the
ticket metadata.
The script I am using to collect release notes will then automatically
pull those changelog entries.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
URL: https://github.com/freeipa/freeipa/pull/4708
Author: flo-renaud
Title: #4708: [Backport][ipa-4-8] ipatests: Check if user with 'User Administrator' role can delete group.
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/4708/head:pr4708
git checkout pr4708
As per below scenario trying to enable 2FA but no luck , please let me know if any one
faced this kind of issue and how it was resolved
I'm trying to enable 2FA authentication only in 2 hosts out-of 5 hosts
test case 1 ) I have enabled 2FA in global configuration of FREEIPA but is working on
all 5hosts
test case 2) Disabled 2FA in Global configuration of freeipa and enabled OTP indicator
only 2 hosts but OTP mechanism doesn't working
https://www.freeipa.org/page/V4/Authentication_Indicators
Hello,
We are running two main CI workflows in our upstream freeipa project
[1]: gating and nightly. The nightly regressions are:
- testing_master_latest
- testing_master_previous
- testing_ipa-4.8_latest
- testing_ipa-4.8_previous
- testing_ipa-4.6
- testing_master_rawhide
- testing_master_389ds
- testing_master_pki
- testing_master_testing
The nightly CI automation works in a way that a pull request (PR) is
sent to the upstream project [1]. Having that amount of PRs makes hard
to navigate the list of PRs, and set a false feeling of many PRs waiting
for reviews. Another important reason is that both CI workflows compete
for the same resources making gating workflows to be delayed.
Hence, we are in the process of moving nightly PRs to separate
repository [2]. This way freeipa project [1] will contain only PRs
related to changes.
[1] https://github.com/freeipa/freeipa
[2] https://github.com/freeipa-pr-ci2/freeipa/pulls
-Eagle Team,