On Fri, Feb 25, 2011 at 12:47:03AM -0500, Simo Sorce wrote:
> On Thu, 24 Feb 2011 20:55:32 -0500
> Adam Young wrote:
>
> > I updated the reolve.conf of the client machine to point to the
> > server and ran:
> >
> >
> > [root@vm-060 ~]# ipa-client-install --domain idm.lab.bos.redhat.com
> > -p
On Mon, Apr 04, 2011 at 10:01:29AM -0400, Stephen Gallagher wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 04/04/2011 09:58 AM, Stephen Gallagher wrote:
> > On 04/01/2011 06:14 PM, Rich Megginson wrote:
> >> On 04/01/2011 02:17 PM, Rob Crittenden wrote:
> >>> Stephen Gallagher wro
On Tue, Jun 21, 2011 at 04:48:08PM -0600, Pete Zaitcev wrote:
> On Tue, 21 Jun 2011 18:28:36 -0400
> Dmitri Pal wrote:
>
> Dear Dmitri, thanks for the reply. I am reading curl source code
> now and I notice the distinction between "Negotiate" that comes
> from SPNEGO, and "GSS-Negotiate". I'm loo
! /usr/bin/python
+#
+# Authors: Sumit Bose
+# Based on ipa-server-install by Karl MacMillan
+# and ipa-dns-install by Martin Nagy
+#
+# Copyright (C) 2011 Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or mo
On Fri, Aug 26, 2011 at 02:08:27PM +0300, Alexander Bokovoy wrote:
> Hi,
>
> On 26.08.2011 12:39, Sumit Bose wrote:
> > Hi,
> >
> > with this patch an initial samba configuration for the AD trust feature
> > can be created by calling ipa-adtrust-install. Please
On Fri, Aug 26, 2011 at 09:35:16PM +0300, Alexander Bokovoy wrote:
> >>> diff --git a/ipaserver/install/smbinstance.py
> >>> b/ipaserver/install/smbinstance.py
> >>> new file mode 100644
> >> The code in smbinstance.py assumes Samba has been compiled with
> >> /etc/ipa/smb.conf as default configur
On Fri, Aug 26, 2011 at 09:14:27AM -0400, Simo Sorce wrote:
> More comments.
>
> On Fri, 2011-08-26 at 11:39 +0200, Sumit Bose wrote:
>
> [..]
>
> > +if not options.unattended:
> > +print ""
> > +print "The followi
On Wed, Sep 07, 2011 at 06:10:50PM -0400, Simo Sorce wrote:
> On Tue, 2011-08-30 at 16:40 +0200, Sumit Bose wrote:
> > I don't think that we should run winbind.
> >
> > I also changed the path to the smb.conf file from /etc/ipa
> > to /etc/samba
> > which ma
On Thu, Sep 08, 2011 at 02:06:44PM +0200, Martin Kosek wrote:
> On Thu, 2011-09-08 at 13:52 +0200, Sumit Bose wrote:
> > On Wed, Sep 07, 2011 at 06:10:50PM -0400, Simo Sorce wrote:
> > > On Tue, 2011-08-30 at 16:40 +0200, Sumit Bose wrote:
> > > > I don'
On Fri, Sep 09, 2011 at 07:06:47PM -0400, Simo Sorce wrote:
> On Thu, 2011-09-08 at 14:39 +0200, Sumit Bose wrote:
> > On Thu, Sep 08, 2011 at 02:06:44PM +0200, Martin Kosek wrote:
> > > On Thu, 2011-09-08 at 13:52 +0200, Sumit Bose wrote:
> > > > On Wed, Sep 07,
Sep 17 00:00:00 2001
From: Sumit Bose
Date: Tue, 13 Sep 2011 12:37:47 +0200
Subject: [PATCH] Call standard_logging_setup() before any logging is done
---
install/tools/ipa-dns-install |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/install/tools/ipa-dns-install b
On Mon, Sep 12, 2011 at 05:24:38PM -0400, Simo Sorce wrote:
> On Mon, 2011-09-12 at 17:53 +0200, Sumit Bose wrote:
> [..]
> > >
> > I can now run 'smbclient -k -L' on my test system wit hthe recent samba
> > patch.
>
> Sorry a couple more nitpicks.
>
On Tue, Sep 13, 2011 at 06:01:33PM +0200, Sumit Bose wrote:
> On Mon, Sep 12, 2011 at 05:24:38PM -0400, Simo Sorce wrote:
> > On Mon, 2011-09-12 at 17:53 +0200, Sumit Bose wrote:
> > [..]
> > > >
> > > I can now run 'smbclient -k -L' on my
Sep 17 00:00:00 2001
From: Sumit Bose
Date: Mon, 19 Sep 2011 11:48:05 +0200
Subject: [PATCH] Fix ACIs in ipa-adtrust-install
---
ipaserver/install/adtrustinstance.py | 15 +--
1 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/ipaserver/install/adtrustinstance.py
b
ckend expects the old objectclasses for users, groups and trust
objects.
bye,
Sumit
From 08ba5beebf81be67f03ae384f2119ae81b3ebf9d Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Mon, 19 Sep 2011 15:45:30 +0200
Subject: [PATCH] Update samba LDAP schema
The samba LDAP schema is updated to the lastest ve
On Mon, Sep 19, 2011 at 12:34:36PM -0400, Simo Sorce wrote:
> Attached find a patch for new attributes and objectclasses for the IPA
> v3 goal of configuring trust relationships between freeipa and windows
> domains.
I think everything is ok, I just started to wonder if it is maybe safer
to always
On Tue, Sep 20, 2011 at 08:47:58AM -0400, Simo Sorce wrote:
> On Tue, 2011-09-20 at 12:36 +0200, Sumit Bose wrote:
> > On Mon, Sep 19, 2011 at 12:34:36PM -0400, Simo Sorce wrote:
> > > Attached find a patch for new attributes and objectclasses for the IPA
> > > v
Hi,
there are three issues in 60basev3.ldif which prevents the LDAP server
from starting. Two are minr typos and one a wrong matching rules for the
octet string syntax.
bye,
Sumit
From e7551b3bbc0f970f9fb5998a66864849b81691bb Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Wed, 21 Sep 2011 12
On Fri, Sep 23, 2011 at 07:48:06AM -0400, Stephen Gallagher wrote:
> On Thu, 2011-09-22 at 21:55 -0400, Dmitri Pal wrote:
> > On 09/21/2011 10:07 PM, Stephen Gallagher wrote:
> > > I've ben working on the multiple search base feature in SSSD and I've had
> > > some thoughts that might be relevant
Hi,
this patch extends the ipa-adtrust-install utility by adding SIDs to the
IPA admin user and the admins group.
bye,
Sumit
From 9d24a20c8d81440398f38e71efd024320b20577d Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Fri, 23 Sep 2011 15:11:23 +0200
Subject: [PATCH] Add admin SIDs
The admin
On Fri, Sep 23, 2011 at 07:27:34PM -0400, Simo Sorce wrote:
> On Fri, 2011-09-23 at 15:20 +0200, Sumit Bose wrote:
> > Hi,
> >
> > this patch extends the ipa-adtrust-install utility by adding SIDs to the
> > IPA admin user and the admins group.
>
> Fixed 2 mi
check in ipa_enrollment.c. But I think enrollments via
LDAPI does not make much sense so it does not need to be changed.
This patch should fix https://fedorahosted.org/freeipa/ticket/1877.
bye,
Sumit
From 8ed807a42982aabe958a4d0cac47d5f4511be11c Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Tue
On Tue, Oct 04, 2011 at 11:15:04AM +0200, Jan Cholasta wrote:
> On 27.9.2011 10:15, Sumit Bose wrote:
> >Hi,
> >
> >currently the change password plugin does not check if the connection is
> >coming from a local LDAPI socket and denies password change requests via
>
On Wed, Oct 05, 2011 at 03:06:19PM +0200, Jan Cholasta wrote:
> On 5.10.2011 11:58, Sumit Bose wrote:
> >On Tue, Oct 04, 2011 at 11:15:04AM +0200, Jan Cholasta wrote:
> >>On 27.9.2011 10:15, Sumit Bose wrote:
> >>>Hi,
> >>>
> >>>currently the c
Hi,
this patch adds DNS service records for for Windows systems during the
setup of trust support.
Fixes https://fedorahosted.org/freeipa/ticket/1939.
bye,
Sumit
>From 098f835edf3baedf2e69392909c9e725fde378f0 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 13 Oct 2011 12:01:57 +0
On Fri, Oct 14, 2011 at 12:15:57PM +0200, Sumit Bose wrote:
> Hi,
>
> this patch adds DNS service records for for Windows systems during the
> setup of trust support.
>
> Fixes https://fedorahosted.org/freeipa/ticket/1939.
>
> bye,
> Sumit
Alexander made some comme
On Fri, Oct 14, 2011 at 08:21:51PM +0300, Alexander Bokovoy wrote:
> On Fri, 14 Oct 2011, Sumit Bose wrote:
> > On Fri, Oct 14, 2011 at 12:15:57PM +0200, Sumit Bose wrote:
> > > Hi,
> > >
> > > this patch adds DNS service records for for Windows systems dur
On Fri, Nov 04, 2011 at 10:49:40AM -0400, Simo Sorce wrote:
> The attached patches are for master and concern the effort of creating
> trust relationships between IPA and AD domains.
>
> With these patches if you have run ipa-adtrust-install the IPA kdc will
> be able to create a MS-PAC if the use
On Thu, Nov 17, 2011 at 05:00:51PM -0500, Simo Sorce wrote:
> Attached find a series of patches that implement a CLDAP server as a
> dirsrv plugin.
>
> The server right now responds only to a very limited class of requests,
> as observed on the wire. But it can be easily expanded to respond to
> a
On Fri, Nov 18, 2011 at 11:50:47AM -0500, Simo Sorce wrote:
> On Fri, 2011-11-18 at 16:07 +0100, Sumit Bose wrote:
> > On Thu, Nov 17, 2011 at 05:00:51PM -0500, Simo Sorce wrote:
> > > Attached find a series of patches that implement a CLDAP server as a
> > > dirsrv plug
On Tue, Nov 22, 2011 at 07:10:54PM -0500, Simo Sorce wrote:
> In some cases the KDC will decide to use a different checksum type when
> re-signing a PAC to include it in a service ticket.
>
> This is common in a cross-realm trust with AD as most AD DCs will use a
> HMAC-MD5-RC4 checksum while IPA'
On Wed, Nov 23, 2011 at 11:53:11AM +0100, Sumit Bose wrote:
> On Tue, Nov 22, 2011 at 07:10:54PM -0500, Simo Sorce wrote:
> > In some cases the KDC will decide to use a different checksum type when
> > re-signing a PAC to include it in a service ticket.
> >
> > This
On Wed, Nov 23, 2011 at 05:33:42PM -0500, Rob Crittenden wrote:
> Alexander Bokovoy wrote:
> >Hi Sumit,
> >
> >On Fri, 14 Oct 2011, Sumit Bose wrote:
> >>>It would make more clear what is the default and that it is really
> >>>optional setting -- I&#
On Mon, Nov 28, 2011 at 02:26:00PM +0200, Alexander Bokovoy wrote:
> On Fri, 25 Nov 2011, Sumit Bose wrote:
> > On Wed, Nov 23, 2011 at 05:33:42PM -0500, Rob Crittenden wrote:
> > > Alexander Bokovoy wrote:
> > > >Hi Sumit,
> > > >
> > > >On
ne.
bye,
Sumit
From 68d66eba4e31a314242322471dbfe698f4493737 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 24 Nov 2011 18:38:38 +0100
Subject: [PATCH] Make pwd-extop aware of new ipaNTHash attribute
---
.../ipa-pwd-extop/ipa_pwd_extop.c |4 +-
daemons/ipa-slapi-plugins/ip
On Mon, Nov 28, 2011 at 07:43:57PM -0500, Simo Sorce wrote:
> On Thu, 2011-11-24 at 13:54 +0100, Sumit Bose wrote:
> > I think I found two issues which should be fixed by the following
> > patch:
> > - krb5_pac_add_buffer() expects krb5_pac and not krb5_pac * as a
>
On Tue, Nov 29, 2011 at 11:25:41PM +0200, Alexander Bokovoy wrote:
> On Tue, 29 Nov 2011, Sumit Bose wrote:
> > @@ -199,10 +216,11 @@ class ADTRUSTInstance(service.Service):
> > self.admin_conn.addEntry(entry)
> >
> > entry = ip
Hi,
we recently changed the name of the samba packages in the ipa-devel
respository. The packages are now called samba4-* and libsmbclient4-*
instead of samba-4.0-* and libsmbclient-4.0-* .
The name was changed because the samba packages will updated the samba4
packages which are currently availa
On Wed, Nov 30, 2011 at 08:46:04AM -0500, Stephen Gallagher wrote:
> On Wed, 2011-11-30 at 14:40 +0100, Sumit Bose wrote:
> > Hi,
> >
> > we recently changed the name of the samba packages in the ipa-devel
> > respository. The packages are now called samba4-* and lib
Hi,
the samba team decided to rename the symbol to initialize a new module
(again). This patch adds the new name and keeps the old one.
bye,
Sumit
From a9036112ca47f14d9f17f665fd6bd3efba9dc7b3 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Wed, 7 Dec 2011 17:23:53 +0100
Subject: [PATCH] Add a
On Mon, Dec 12, 2011 at 07:49:04PM +0200, Alexander Bokovoy wrote:
> Hi,
>
> I'm working on ticket #1821 to introduce FreeIPA 3.0 AD trusts
> management CLI and GUI. It is quite apparent that most of management
> commands will be similar to all future trust types (AD, IPA, etc),
> thus, it make
On Tue, Dec 13, 2011 at 07:08:24PM +0200, Alexander Bokovoy wrote:
> On Tue, 13 Dec 2011, Simo Sorce wrote:
> > On Mon, 2011-12-12 at 22:27 +0200, Alexander Bokovoy wrote:
> > > On Mon, 12 Dec 2011, Sumit Bose wrote:
> > > > > --password [type-specific parameter
On Wed, Dec 14, 2011 at 07:45:53AM -0500, Simo Sorce wrote:
> On Wed, 2011-12-14 at 10:23 +0100, Sumit Bose wrote:
> > On Tue, Dec 13, 2011 at 07:08:24PM +0200, Alexander Bokovoy wrote:
> > > On Tue, 13 Dec 2011, Simo Sorce wrote:
> > > > On Mon, 2011-12-12 at 22:27
On Wed, Dec 14, 2011 at 08:31:57AM -0500, Simo Sorce wrote:
> On Wed, 2011-12-14 at 14:12 +0100, Sumit Bose wrote:
> > On Wed, Dec 14, 2011 at 07:45:53AM -0500, Simo Sorce wrote:
> > > On Wed, 2011-12-14 at 10:23 +0100, Sumit Bose wrote:
> > > > On Tue, Dec 13, 2011
On Wed, Sep 14, 2016 at 06:03:37PM +0200, Martin Basti wrote:
>
>
> On 14.09.2016 17:53, Alexander Bokovoy wrote:
> > On Wed, 14 Sep 2016, Martin Basti wrote:
> > >
> > >
> > > On 14.09.2016 17:41, Alexander Bokovoy wrote:
> > > > On Wed, 14 Sep 2016, Martin Basti wrote:
> > > > > 1)
> > > > >
Hi,
I've started to write a SSSD design page about enhancing the current
mapping of certificates to users and how to select/match a suitable
certificate if multiple certificates are on a Smartcard.
My currently thoughts and idea and be found at
https://fedorahosted.org/sssd/wiki/DesignDocs/Matchi
On Thu, Oct 06, 2016 at 10:33:48AM -0400, Rob Crittenden wrote:
> Sumit Bose wrote:
> > Hi,
> >
> >
>
> Wow, this is really great.
Hi Rob,
thank you for the feedback.
>
> I think I'd pre-plan to support different configuration per issuer subject,
>
On Mon, Oct 10, 2016 at 09:43:24AM +0200, rajat gupta wrote:
> https://access.redhat.com/documentation/en-US/Red_Hat_
> Enterprise_Linux/7/html/Windows_Integration_Guide/
> trust-requirements.html#trust-req-ports
>
> these port are required for trust. Is port 88 required to open from ipa
> client
On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> Hi,
>
> I've started to write a SSSD design page about enhancing the current
> mapping of certificates to users and how to select/match a suitable
> certificate if multiple certificates are on a Smartcard.
>
On Tue, Sep 06, 2016 at 01:18:14PM +0300, Alexander Bokovoy wrote:
> Hi,
>
> Now that FreeIPA 4.4.1 is out, I've pushed to github my prototype for
> FleetCommander integration: https://github.com/abbra/freeipa-desktop-profile/
>
> You can read the design page:
> https://github.com/abbra/freeipa-d
On Tue, Oct 11, 2016 at 01:37:09PM +0200, Sumit Bose wrote:
> On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > I've started to write a SSSD design page about enhancing the current
> > mapping of certificates to users and how to select/mat
h the other sections as well.
bye,
Sumit
>
> On 17.10.2016 09:50, Jan Cholasta wrote:
> > Hi,
> >
> > On 13.10.2016 18:52, Sumit Bose wrote:
> > > On Tue, Oct 11, 2016 at 01:37:09PM +0200, Sumit Bose wrote:
> > > > On Thu, Oct 06, 2016 at 12:49:3
email.domain
altSecurityIdentities: X509:O=Red Hat,OU=prod,CN=Certificate
AuthorityDC
=com,DC=redhat,OU=users,OID.0.9.2342.19200300.100.1.1=sbose,E=sb...@redhat.co
m,CN=Sumit Bose Sumit Bose
* Certificate Mapping Administrators or re-use Certificate
Administrators: I would prefer a new 'Cert
On Mon, Dec 19, 2016 at 10:02:58AM +0100, Jan Cholasta wrote:
> I agree with *almost* everything Sumit said. See my inline comments below.
>
> On 16.12.2016 11:53, Sumit Bose wrote:
> > On Tue, Dec 06, 2016 at 04:39:10PM +0100, Florence Blanc-Renaud wrote:
> > > Hi,
>
On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
> On 18.10.2016 07:34, Jan Cholasta wrote:
> > On 17.10.2016 16:50, Rob Crittenden wrote:
> > > Jan Cholasta wrote:
> > > > Hi,
> > > >
> > > > On 13.10.2016 18:52, Sumi
On Mon, Jan 02, 2017 at 08:06:04AM +0100, Jan Cholasta wrote:
> On 19.12.2016 12:13, Sumit Bose wrote:
> > On Mon, Dec 19, 2016 at 10:02:58AM +0100, Jan Cholasta wrote:
> > > I agree with *almost* everything Sumit said. See my inline comments below.
> > >
> >
On Tue, Dec 20, 2016 at 10:10:29AM +0100, Florence Blanc-Renaud wrote:
> Hi Sumit and Jan,
>
> thanks to both of you for providing detailed comments. Please find answers
> inline.
>
> On 12/19/2016 12:13 PM, Sumit Bose wrote:
> > On Mon, Dec 19, 2016 at 10:02:58AM +
On Fri, Jan 06, 2017 at 08:50:14AM +0100, Jan Cholasta wrote:
> On 5.1.2017 10:39, Sumit Bose wrote:
> > On Mon, Jan 02, 2017 at 09:18:47AM +0100, Jan Cholasta wrote:
> > > On 18.10.2016 07:34, Jan Cholasta wrote:
> > > > On 17.10.2016 16:50, Rob Crittenden wrote
On Fri, Jan 06, 2017 at 08:40:31AM +0100, Jan Cholasta wrote:
> On 5.1.2017 13:15, Sumit Bose wrote:
> > On Mon, Jan 02, 2017 at 08:06:04AM +0100, Jan Cholasta wrote:
> > > On 19.12.2016 12:13, Sumit Bose wrote:
> > > > On Mon, Dec 19, 2016 at 10:02:58AM +0100, J
On Wed, Jan 18, 2017 at 09:59:49AM +0100, David Kupka wrote:
> Hello everyone!
> I would like to bring your attention to just published PRs implementing
> FreeIPA part of Certificate Identity Mapping feature [0]:
>
> - certmap plugin [1] by Flo
> - WebUI for certmap plugin [3] by Pavel
> - tests f
On Mon, Jan 09, 2017 at 08:46:22AM +0100, Jan Cholasta wrote:
> On 6.1.2017 10:30, Sumit Bose wrote:
> > On Fri, Jan 06, 2017 at 08:50:14AM +0100, Jan Cholasta wrote:
> > > On 5.1.2017 10:39, Sumit Bose wrote:
> > > > On Mon, Jan 02, 2017 at 09:18:47AM +0100, Ja
URL: https://github.com/freeipa/freeipa/pull/410
Title: #410: ipa-kdb: support KDB DAL version 6.1
sumit-bose commented:
"""
Are there any plans how to handle 6.0? Should configure at least show a warning
if KRB5_KDB_DAL_MAJOR_VERSION == 6 but no free e_data callback was fou
On Wed, Feb 22, 2017 at 10:02:24AM +0100, Petr Vobornik wrote:
> On 02/22/2017 12:43 AM, Fraser Tweedale wrote:
> > On Tue, Feb 21, 2017 at 06:12:23PM +0100, Petr Vobornik wrote:
> > > On 02/21/2017 05:15 PM, Florence Blanc-Renaud wrote:
> > > > Hi,
> > > >
> > > > related to the Certificate Ident
URL: https://github.com/freeipa/freeipa/pull/398
Title: #398: Support for Certificate Identity Mapping
sumit-bose commented:
"""
It looks like the ACis on the latest version do not allow hosts to access the
rules. When I do 'kinit -k' on the IPA server or a client an
URL: https://github.com/freeipa/freeipa/pull/398
Title: #398: Support for Certificate Identity Mapping
sumit-bose commented:
"""
Ok, sorry for the noise, I tested on a fresh install again and now it is
working as expected. I guess I shouldn't have tried to update from an ol
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
sumit-bose commented:
"""
Yes, a hint aka user name will be used during authentication. But this PR here
is about to get an idea which user is allowed to authen
URL: https://github.com/freeipa/freeipa/pull/516
Title: #516: IdM Server: list all Employees with matching Smart Card
sumit-bose commented:
"""
I agree, it would be good if the help text can mention that cached data is used
and maybe even mention the sss_cache utility to inval
Hi,
with the recent addition of PKINIT support there is now a second method
available to Smartcard authentication besides local authentication.
I was about to add some sssd.conf option which can control the fallback
to local authentication if PKINIT fails. Currently there is only a
fallback to lo
On Fri, Mar 10, 2017 at 11:58:25AM +0200, Alexander Bokovoy wrote:
> On pe, 10 maalis 2017, Sumit Bose wrote:
> > Hi,
> >
> > with the recent addition of PKINIT support there is now a second method
> > available to Smartcard authentication besides local authentication.
On Fri, Mar 10, 2017 at 01:39:27PM +0200, Alexander Bokovoy wrote:
> On pe, 10 maalis 2017, Sumit Bose wrote:
> > On Fri, Mar 10, 2017 at 11:58:25AM +0200, Alexander Bokovoy wrote:
> > > On pe, 10 maalis 2017, Sumit Bose wrote:
> > > > Hi,
> > > >
> >
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: opened
PR body:
"""
This patch add a certauth plugin which allows the IPA server to support
PKINIT for certificates which do not include a special SAN extension w
URL: https://github.com/freeipa/freeipa/pull/575
Title: #575: IPA certauth plugin
sumit-bose commented:
"""
This patch depends on https://github.com/SSSD/sssd/pull/192 (SSSD's certmap
library) and https://github.com/krb5/krb5/pull/610 (MIT Kerberos certauth
plugin suppor
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From
URL: https://github.com/freeipa/freeipa/pull/575
Title: #575: IPA certauth plugin
sumit-bose commented:
"""
I updated the code to reflect the latest changes in the interface from
https://github.com/krb5/krb5/pull/610.
"""
See the full comment at
https://githu
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: opened
PR body:
"""
Certificates can be assigned to multiple user so the extdom plugin must use
sss_nss_getlistbycert() instead of sss_nss_getnamebycert
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/644/head:pr644
git checkout pr644
From
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
From
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/644/head:pr644
git checkout pr644
From
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
--
Manage your subscription
URL: https://github.com/freeipa/freeipa/pull/575
Author: sumit-bose
Title: #575: IPA certauth plugin
Action: reopened
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/575/head:pr575
git checkout pr575
--
Manage your
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: reopened
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/644/head:pr644
git checkout pr644
--
Manage
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: closed
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/644/head:pr644
git checkout pr644
--
Manage
URL: https://github.com/freeipa/freeipa/pull/657
Author: sumit-bose
Title: #657: configure: fix --disable-server with certauth plugin
Action: opened
PR body:
"""
Resolves https://pagure.io/freeipa/issue/6816
"""
To pull the PR as Git branch:
git remote ad
URL: https://github.com/freeipa/freeipa/pull/657
Author: sumit-bose
Title: #657: configure: fix --disable-server with certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/657/head:pr657
git
URL: https://github.com/freeipa/freeipa/pull/657
Author: sumit-bose
Title: #657: configure: fix --disable-server with certauth plugin
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/657/head:pr657
git
URL: https://github.com/freeipa/freeipa/pull/644
Author: sumit-bose
Title: #644: extdom: improve certificate request
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/644/head:pr644
git checkout pr644
From
URL: https://github.com/freeipa/freeipa/pull/672
Author: sumit-bose
Title: #672: IPA-KDB: use relative path in ipa-certmap config snippet
Action: opened
PR body:
"""
Architecture specific paths should be avoided in the global Kerberos
configuration because it is read e.g. by
On Fri, Apr 07, 2017 at 10:38:55AM +0200, Jakub Hrozek wrote:
> On Thu, Oct 06, 2016 at 12:49:30PM +0200, Sumit Bose wrote:
> > Hi,
> >
> > I've started to write a SSSD design page about enhancing the current
> > mapping of certificates to users and how to select/
On Fri, May 21, 2010 at 04:30:12PM -0400, Rob Crittenden wrote:
> Add the ipqUniqueID object to HBAC services and make sure that they
> get the memberOf attribute if they are members of service groups.
>
> rob
I think 30-hbacsvc.update is missing.
bye,
Sumit
> __
On Wed, May 26, 2010 at 09:51:21AM -0400, Rob Crittenden wrote:
> Sumit Bose wrote:
> >On Fri, May 21, 2010 at 04:30:12PM -0400, Rob Crittenden wrote:
> >>Add the ipqUniqueID object to HBAC services and make sure that they
> >>get the memberOf attribute if they ar
On Thu, Aug 19, 2010 at 02:47:33PM -0400, Rob Crittenden wrote:
> Dmitri Pal wrote:
> >Hello,
> >
> >It occurred to me that we can have a compromise. We can have two ways
> >and let the admins to decide which model to follow.
> >So the schema will look like this:
> >The sudo rule entry will have a
On Thu, Sep 30, 2010 at 12:06:01AM -0400, Dmitri Pal wrote:
> JR Aquino wrote:
> > I have encountered and troubleshot several instances recently where a user
> > was present in more than 1 sudo rule. One that permitted the user, the
> > host, and commands, and another that permited the user, and
> On Sep 30, 2010, at 6:17 AM,
> mailto:freeipa-devel-requ...@redhat.com>>
> mailto:freeipa-devel-requ...@redhat.com>>
> wrote:
>
> I think this behaviour is a contradiction to 'paranoid behavior'. I
> think that instead of
>
> 'If there are conflicting command rules on an entry, the negative
On Thu, Nov 18, 2010 at 05:27:13PM -0500, Dmitri Pal wrote:
> Adam Young wrote:
> > On 11/18/2010 04:02 PM, Stephen Gallagher wrote:
> > On 11/18/2010 09:55 AM, Dmitri Pal wrote:
> >
> > >>> Steve can you summarize where we are and what we agreed to,
> > please, and
> > >>> identify the questions
On Sun, Jan 30, 2011 at 11:53:19PM -0500, Dmitri Pal wrote:
> On 01/30/2011 11:23 AM, JR Aquino wrote:
> > On 1/29/11 3:40 PM, "Dmitri Pal" wrote:
> >
> >> On 01/29/2011 12:37 PM, JR Aquino wrote:
> >>> On 1/29/11 9:30 AM, "JR Aquino" wrote:
> >>>
> From: Dmitri Pal mailto:d...@redhat.com>>
On Wed, Sep 05, 2012 at 05:13:41PM +0200, Martin Kosek wrote:
> range_mod and range_del command could easily create objects with
> ID which is suddenly out of specified range. This could cause issues
> in trust scenarios where range objects are used for computation of
> remote IDs.
>
> Add validat
easy to see
that the Kerberos configuration was changes.
bye,
Sumit
From af51c4e31fe691a05498c29d334b5958c60dface Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Thu, 16 Aug 2012 13:16:55 +0200
Subject: [PATCH 67/68] Set master_kdc and dns_lookup_kdc to true
---
contrib/RHEL4/ipa-client-setup
Hi,
in samba4 rc1 there is an API change which we have to adopt in ipasam.
This patch updates ipasam and unbreaks the build with samba4 rc1.
bye,
Sumit
From 4e39eb306da08b29f694b9ff44ccb53865e33d92 Mon Sep 17 00:00:00 2001
From: Sumit Bose
Date: Fri, 14 Sep 2012 14:14:23 +0200
Subject: [PATCH
1 - 100 of 434 matches
Mail list logo
