On Sun, Nov 20, 2016 at 08:59:55PM +0200, Catalin wrote:
> the default sss is a good choice for pc into internet without dns settings ?
> I saw was reported like a bug
> https://bugzilla.redhat.com/show_bug.cgi?id=867473
That bug was resolved.
Could you please rephrase your question? Are you not
On Ne, 2016-11-20 at 18:47 -0600, Michael Catanzaro wrote:
>
> Well I fixed all my typos except the two in that quote there. :)
> Maybe
> I am a shitty htypist byt yeah I have to use backspace al ot. Somehow
> I
> tnhink the popelo (oh gosh I am doing really badly here) who
> recommend
> passphare
Michael Catanzaro wrote:
> I have no idea how this fancy Kerberos works or integrates with GNOME,
> but the above is a truism that stands the test of time.
Kerberos integrates fine with KDE's Konqueror. If I go to a kerberised page
for which I have a TGT, KDE will do the ticket look up automati
On Sat, Nov 19, 2016 at 07:11:25PM -0600, Dennis Gilmore wrote:
> koji authentication will be switching to Kerberos. Koji supports multiple
> authentication mechanisms. Fedora infrastructure has set up a freeipa
> instance
> internally that has credential syncing to fas. We are working on ensuri
Dne 20.11.2016 v 02:11 Dennis Gilmore napsal(a):
> koji authentication will be switching to Kerberos. Koji supports multiple
> authentication mechanisms. Fedora infrastructure has set up a freeipa
> instance
> internally that has credential syncing to fas. We are working on ensuring
> that
>
On Sa, 2016-11-19 at 08:56 +0100, Kevin Kofler wrote:
> Adam Williamson wrote:
> > I think I've proposed at least once that we make Obsoletes: for retired
> > packages mandatory. My last proposal currently seems to be assigned to
> > tibbs.
>
> IMHO, forcefully removing packages that still work is
I'm not skilled with this config files of networking.
I want to know more about how is working this file.
I saw this can activate some dns settings - but this is not the main issue.
Why is that sss word put into default file?
How can I improve my Fedora security?
I used into internet rarely and mos
On 2016-11-20, 01:11 GMT, Dennis Gilmore wrote:
> you can get started today by doing kinit username>@FEDORAPROJECT.ORG if you move your ~/.fedora.cert
> file out of the way authentication will still work.
a) Is it possible to have multiple tickets, each from different
realm? When I do kinit mc..
DNF will have soon (Pull-Request
https://github.com/rpm-software-management/dnf/pull/621) --deplist option
that should provide requested information. The new option will be available
first for rawhide in DNF-2.0 and later for Fc26. This output is similar to
```yum deplist``` command.
Jaroslav
On W
On Nov 21, 2016 11:47 AM, "Jaroslav Mracek" wrote:
>
> DNF will have soon (Pull-Request
https://github.com/rpm-software-management/dnf/pull/621) --deplist option
that should provide requested information. The new option will be available
first for rawhide in DNF-2.0 and later for Fc26. This output
On Mon, Nov 21, 2016 at 4:42 AM, Piotr Ozarowski wrote:
> Hi,
>
> [Germano Massullo, 2016-11-20]
>> We often deal with upstream developers that bundle libraries in their
>> code, so to make a package we have to debundle them, etc.
>> This time, an upstream dev. asked me what he could do to make ea
On 11/21/2016 05:01 AM, Catalin wrote:
> I'm not skilled with this config files of networking.
> I want to know more about how is working this file.
This file lists the possible sources of user/group/host/etc. data that the
system may wish to use. In the case of 'sss', it is opportunistic. What th
On 11/21/2016 05:02 AM, Matěj Cepl wrote:
> On 2016-11-20, 01:11 GMT, Dennis Gilmore wrote:
>> you can get started today by doing kinit > username>@FEDORAPROJECT.ORG if you move your ~/.fedora.cert
>> file out of the way authentication will still work.
>
> a) Is it possible to have multiple ticke
> On 2016-11-20, 01:11 GMT, Dennis Gilmore wrote:
>
> a) Is it possible to have multiple tickets, each from different
> realm? When I do kinit mcepl(a)FEDORAPROJECT.ORG, klist lookslike my
> @REDHAT.COM ticket has been knocked out (i.e., thereis only FPO
> ticket there). Ah, klist -A seems
Thank you Stephen, really helps me your answer.
2016-11-21 14:13 GMT+02:00 Stephen Gallagher :
> On 11/21/2016 05:01 AM, Catalin wrote:
> > I'm not skilled with this config files of networking.
> > I want to know more about how is working this file.
>
> This file lists the possible sources of use
On 11/20/2016 08:50 AM, Florian Weimer wrote:
> On 11/20/2016 02:11 AM, Dennis Gilmore wrote:
>> koji authentication will be switching to Kerberos. Koji supports multiple
>> authentication mechanisms. Fedora infrastructure has set up a freeipa
>> instance
>> internally that has credential syncing
On 11/21/2016 04:24 AM, Tomasz Torcz wrote:
> On Sat, Nov 19, 2016 at 07:11:25PM -0600, Dennis Gilmore wrote:
>> koji authentication will be switching to Kerberos. Koji supports multiple
>> authentication mechanisms. Fedora infrastructure has set up a freeipa
>> instance
>> internally that has c
On 11/18/2016 10:11 PM, Kevin Fenzi wrote:
So if you got notified in the past, but haven't visited the page
since then, you won't get further emails.
I have not received *any* such notifications, and I don't think I
visited the changed page between adjusting my notification
preferences and the
On 11/21/2016 04:32 AM, Vít Ondruch wrote:
>
>
> Dne 20.11.2016 v 02:11 Dennis Gilmore napsal(a):
>> koji authentication will be switching to Kerberos. Koji supports multiple
>> authentication mechanisms. Fedora infrastructure has set up a freeipa
>> instance
>> internally that has credential
Dne 21.11.2016 v 13:36 Stephen Gallagher napsal(a):
> On 11/21/2016 04:24 AM, Tomasz Torcz wrote:
>> On Sat, Nov 19, 2016 at 07:11:25PM -0600, Dennis Gilmore wrote:
>>> koji authentication will be switching to Kerberos. Koji supports multiple
>>> authentication mechanisms. Fedora infrastructure
Dne 21.11.2016 v 14:07 Vít Ondruch napsal(a):
>
> Dne 21.11.2016 v 13:36 Stephen Gallagher napsal(a):
>> On 11/21/2016 04:24 AM, Tomasz Torcz wrote:
>>> On Sat, Nov 19, 2016 at 07:11:25PM -0600, Dennis Gilmore wrote:
koji authentication will be switching to Kerberos. Koji supports multiple
On 11/21/2016 01:31 PM, Stephen Gallagher wrote:
Thanks for your explanation.
So yes, we have protection against that. FreeIPA (which is backing this
solution) requires preauthentication for all user accounts.
“That” meaning offline attacks without intercepted packets. With
intercepted pack
Dne 21.11.2016 v 14:18 Vít Ondruch napsal(a):
>
> Dne 21.11.2016 v 14:07 Vít Ondruch napsal(a):
>> Dne 21.11.2016 v 13:36 Stephen Gallagher napsal(a):
>>> On 11/21/2016 04:24 AM, Tomasz Torcz wrote:
On Sat, Nov 19, 2016 at 07:11:25PM -0600, Dennis Gilmore wrote:
> koji authentication wil
On 11/21/2016 08:07 AM, Vít Ondruch wrote:
>
>
> Dne 21.11.2016 v 13:36 Stephen Gallagher napsal(a):
>> On 11/21/2016 04:24 AM, Tomasz Torcz wrote:
>>> On Sat, Nov 19, 2016 at 07:11:25PM -0600, Dennis Gilmore wrote:
koji authentication will be switching to Kerberos. Koji supports multiple
>
On ma, 21 marras 2016, Vít Ondruch wrote:
Dne 21.11.2016 v 14:18 Vít Ondruch napsal(a):
Dne 21.11.2016 v 14:07 Vít Ondruch napsal(a):
Dne 21.11.2016 v 13:36 Stephen Gallagher napsal(a):
On 11/21/2016 04:24 AM, Tomasz Torcz wrote:
On Sat, Nov 19, 2016 at 07:11:25PM -0600, Dennis Gilmore wro
On ma, 21 marras 2016, Florian Weimer wrote:
On 11/21/2016 01:31 PM, Stephen Gallagher wrote:
Thanks for your explanation.
So yes, we have protection against that. FreeIPA (which is backing this
solution) requires preauthentication for all user accounts.
“That” meaning offline attacks withou
On 2016-11-21, Vít Ondruch wrote:
> From: =?UTF-8?Q?V=c3=adt_Ondruch?=
>> You mean something like this?
>>
>> ```
>> # rpm -qf /etc/krb5.conf.d/fedoraproject_org
>> fedora-packager-0.5.10.7-4.fc26.noarch
>>
>> # cat /etc/krb5.conf.d/fedoraproject_org
>> [realms]
>> FEDORAPROJECT.ORG = {
>>
On 11/21/2016 04:03 PM, Alexander Bokovoy wrote:
Fedora infrastructure uses MS-KKDCP proxy with Fedora certificate to
tunnel Kerberos 5 traffic. If you have recent Fedora, you'll get it used
automatically with the help of DNS URI. For older clients which don't
support DNS-based discovery you can
On 11/21/2016 10:32 AM, Florian Weimer wrote:
> On 11/21/2016 04:03 PM, Alexander Bokovoy wrote:
>
>> Fedora infrastructure uses MS-KKDCP proxy with Fedora certificate to
>> tunnel Kerberos 5 traffic. If you have recent Fedora, you'll get it used
>> automatically with the help of DNS URI. For olde
Change in package status over the last 168 hours
3 packages were orphaned
python-django-profile [f23, master, f25, epel7, f24] was orphaned by cstratak
Django pluggable user profile zone
https://admin.fedoraproject
Start Date: 2016-11-14 10:08:01.660727
End Date: 2016-11-21 10:08:01.660727
Jitka Plesnikova : 6
https://bugzilla.redhat.com/show_bug.cgi?id=1394215
perl-Tie-DataUUID
https://bugzilla.redhat.com/show_bug.cgi?id=1394174 perl-XML-Spice
https://bugzilla.redhat.com/sh
OLD: Fedora-Rawhide-20161120.n.0
NEW: Fedora-Rawhide-20161121.n.0
= SUMMARY =
Added images:1
Dropped images: 0
Added packages: 6
Dropped packages:12
Upgraded packages: 28
Downgraded packages: 0
Size of added packages: 5.07 MiB
Size of dropped packages
Dne 21.11.2016 v 16:07 Alexander Bokovoy napsal(a):
>
>>
}
[domain_realm]
.fedoraproject.org = FEDORAPROJECT.ORG
fedoraproject.org = FEDORAPROJECT.ORG
```
>>> But apparently, with this snippet, I can't kinit anymore :/
>>>
>>> ```
>>> $ kinit vondr...@fedoraprojec
Missing expected images:
Cloud_base qcow2 x86_64
Atomic qcow2 x86_64
Workstation live i386
Kde live x86_64
Cloud_base raw-xz x86_64
Atomic raw-xz x86_64
Workstation live x86_64
Kde live i386
Failed openQA tests: 53/79 (x86_64), 14/15 (i386), 1/2 (arm)
Old failures (same test failed in Rawhide-20
= Proposed Self Contained Change:Java/OpenJDK enforces the system-wide
crypto policy =
https://fedoraproject.org/wiki/Changes/JavaCryptoPolicies
Change owner(s):
* Nikos Mavrogiannopoulos
As it is now, the System-wide crypto policy in F25 is enforced by the
OpenSSL, GnuTLS and NSS TLS libraries
Ooh! This is handy:
https://fedoraproject.org/wiki/Template:FedoraVersionNumber/doc
The current version of [[Fedora]] is
'''{{FedoraVersionNumber|current}}'''.
The next version of [[Fedora]] is '''{{FedoraVersionNumber|next}}'''.
--
Matthew Miller
Fedora Project Leader
On Mon, 2016-11-21 at 18:13 +0100, Jan Kurik wrote:
> As it is now, the System-wide crypto policy in F25 is enforced by the
> OpenSSL, GnuTLS and NSS TLS libraries. To harmonize crypto across all
> applications in Fedora, including the Java ones, OpenJDK is enhanced
> to respect the settings of the
On Mon, 2016-11-21 at 12:34 -0500, Matthew Miller wrote:
> Ooh! This is handy:
>
> https://fedoraproject.org/wiki/Template:FedoraVersionNumber/doc
>
>
> The current version of [[Fedora]] is
> '''{{FedoraVersionNumber|current}}'''.
>
> The next version of [[Fedora]] is '''{{FedoraVersionNu
> On 11/21/2016 10:32 AM, Florian Weimer wrote:
>
> Yes, as I mentioned elsewhere, we should probably have the fedora-packager RPM
> ship with a krb5.conf.d snippet that sets the appropriate values.
You mean something like
http://pkgs.fedoraproject.org/cgit/rpms/fedora-packager.git/commit/?id=b3
> Dne 21.11.2016 v 16:07 Alexander Bokovoy napsal(a):
>
>
> $ KRB5_TRACE=/dev/stderr kinit vondruch(a)FEDORAPROJECT.ORG
> [8655] 1479746886.252240: Resolving unique ccache of type KEYRING
> [8655] 1479746886.252281: Getting initial credentials for
> vondruch(a)FEDORAPROJECT.ORG
> [8655] 147974688
On Mon, Nov 21, 2016 at 5:48 PM, Vít Ondruch wrote:
>
>
> Dne 21.11.2016 v 16:07 Alexander Bokovoy napsal(a):
>>
>>>
> }
> [domain_realm]
> .fedoraproject.org = FEDORAPROJECT.ORG
> fedoraproject.org = FEDORAPROJECT.ORG
> ```
>
But apparently, with this snippet, I ca
On 11/21/2016 03:51 PM, Patrick マルタインアンドレアス Uiterwijk wrote:
>> On 11/21/2016 10:32 AM, Florian Weimer wrote:
>>
>> Yes, as I mentioned elsewhere, we should probably have the fedora-packager
>> RPM
>> ship with a krb5.conf.d snippet that sets the appropriate values.
>
> You mean something like
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If y
The following packages are orphaned and will be retired when they
are orphaned for six weeks, unless someone adopts them. If you know for sure
that the package should be retired, please do so now with a proper reason:
https://fedoraproject.org/wiki/How_to_remove_a_package_at_end_of_life
Note: If y
On Fri, Nov 18, 2016 at 11:13:26PM +0100, Ms Sanchez wrote:
>
>
> On 18/11/16 19:53, Chris Murphy wrote:
> > On Fri, Nov 18, 2016 at 3:13 AM, Ms Sanchez wrote:
> > > Hello Peter!
> > >
> > > I tried to do this but it recorded nothing. Maybe I did something wrong?
> > Worked for me. But I did ma
Gerd Hoffmann wrote:
> That is a non-trivial effort though. We would have to put the major
> shared library version into package names, simliar to debian.
No. When I say "packages that still work", not having broken dependencies is
included in that. If they require an old soname, they no longer
On ma, 21 marras 2016, Florian Weimer wrote:
On 11/21/2016 04:03 PM, Alexander Bokovoy wrote:
Fedora infrastructure uses MS-KKDCP proxy with Fedora certificate to
tunnel Kerberos 5 traffic. If you have recent Fedora, you'll get it used
automatically with the help of DNS URI. For older clients w
Dennis Gilmore wrote:
> koji authentication will be switching to Kerberos. Koji supports multiple
> authentication mechanisms. Fedora infrastructure has set up a freeipa
> instance internally that has credential syncing to fas. We are working on
> ensuring that gssapi caching is supported so that y
On Mon, Nov 21, 2016 at 07:46:13AM -0500, Stephen Gallagher wrote:
> On 11/21/2016 04:32 AM, Vít Ondruch wrote:
> >
> >
> > Dne 20.11.2016 v 02:11 Dennis Gilmore napsal(a):
> >> koji authentication will be switching to Kerberos. Koji supports multiple
> >> authentication mechanisms. Fedora infra
49 matches
Mail list logo
