On to, 16 joulu 2021, Harry G. Coin via FreeIPA-users wrote:
Alexander and others who care about dnssec:
Given the ongoing problems with opendnssec/libp11 and the many freeipa
routines and resources dedicated to working around it, has bind9's
native dnssec implementation improved to the point
On to, 16 joulu 2021, Sam Morris via FreeIPA-users wrote:
The CA has its own upgrade code which runs unconditionally and I think
that's how both secret and requiredSecret got added to server.xml. I
wasn't able to duplicate the 403 though, it always just worked for me.
Perhaps it has to go through
> The CA has its own upgrade code which runs unconditionally and I think
> that's how both secret and requiredSecret got added to server.xml. I
> wasn't able to duplicate the 403 though, it always just worked for me.
> Perhaps it has to go through more than one upgrade cycle. I did my
> testing on
Alexander and others who care about dnssec:
Given the ongoing problems with opendnssec/libp11 and the many freeipa
routines and resources dedicated to working around it, has bind9's
native dnssec implementation improved to the point we can greatly reduce
the freeipa package count by just using
On to, 16 joulu 2021, Sam Morris wrote:
On Thu, 2021-12-16 at 10:40 +0200, Alexander Bokovoy wrote:
As a workaround, you can skip upgrading ipa-selinux package if that is
possible (it seemed to work in my tests). 'dnf upgrade' should make it
possible to skip that.
Thanks. For me a 'dnf upgrad
On Thu, 2021-12-16 at 17:16 +0200, Alexander Bokovoy wrote:
> On to, 16 joulu 2021, Sam Morris wrote:
> > On Thu, 2021-12-16 at 16:28 +0200, Alexander Bokovoy wrote:
> > > On to, 16 joulu 2021, Sam Morris wrote:
> > > >
> > > > But I don't see the link with ipa user-mod --auth-user-type=hardened..
On to, 16 joulu 2021, Sam Morris wrote:
On Thu, 2021-12-16 at 16:28 +0200, Alexander Bokovoy wrote:
On to, 16 joulu 2021, Sam Morris wrote:
>
> But I don't see the link with ipa user-mod --auth-user-type=hardened...
> in my case it just seems to make it impossible to log in as the user at
> all.
On Thu, 2021-12-16 at 16:28 +0200, Alexander Bokovoy wrote:
> On to, 16 joulu 2021, Sam Morris wrote:
> >
> > But I don't see the link with ipa user-mod --auth-user-type=hardened...
> > in my case it just seems to make it impossible to log in as the user at
> > all...
>
> For hardened, I think I
On to, 16 joulu 2021, Sam Morris wrote:
On Thu, 2021-12-16 at 15:08 +0200, Alexander Bokovoy wrote:
On to, 16 joulu 2021, Sam Morris via FreeIPA-users wrote:
> I was wondering what the purpose of 'ipa user-mod
> --auth-user-type=hardened' was. In the web UI the option is
> labelled
> "Hardened P
On Thu, 2021-12-16 at 15:08 +0200, Alexander Bokovoy wrote:
> On to, 16 joulu 2021, Sam Morris via FreeIPA-users wrote:
> > I was wondering what the purpose of 'ipa user-mod
> > --auth-user-type=hardened' was. In the web UI the option is
> > labelled
> > "Hardened Password (by SPAKE or FAST)".
> >
On to, 16 joulu 2021, Sam Morris via FreeIPA-users wrote:
I was wondering what the purpose of 'ipa user-mod
--auth-user-type=hardened' was. In the web UI the option is labelled
"Hardened Password (by SPAKE or FAST)".
What I found (by setting KRB5_TRACE=/dev/stderr) was that without
setting this
Hi,
I guess it depends which log you're considering.
Some services drop a configuration snippet in /etc/logrotate.d (for
instance httpd, named, and others), and this snippet defines a log rotation
policy. For more details refer to man logrotate(8) and man
logrotate.conf(5).
The LDAP server has it
Retention of some log files is determined by the files in /etc/logrotate.d. For
others you'd have to look at the configuration of individual services on the
server (e.g., for the directory service look inside the cn=config entry; for
the CA service look at /etc/pki/pki-tomcat/logging.properties
I was wondering what the purpose of 'ipa user-mod --auth-user-type=hardened'
was. In the web UI the option is labelled "Hardened Password (by SPAKE or
FAST)".
What I found (by setting KRB5_TRACE=/dev/stderr) was that without setting this
option, kinit already opportunistically uses SPAKE:
$ ki
Hi Team ,
Could you please help me understand or tell what is the log retention period
for FreeIPA ? Couldnt get a clean/clear answer to this anywhere .How can we
find out this information . Thanks
___
FreeIPA-users mailing list -- freeipa-users@lists
On Thu, 2021-12-16 at 10:40 +0200, Alexander Bokovoy wrote:
>
> As a workaround, you can skip upgrading ipa-selinux package if that is
> possible (it seemed to work in my tests). 'dnf upgrade' should make it
> possible to skip that.
Thanks. For me a 'dnf upgrade --nobest' did the trick.
--
Sam
On ke, 15 joulu 2021, Alexander Bokovoy via FreeIPA-users wrote:
On ke, 15 joulu 2021, Sam Morris via FreeIPA-users wrote:
On ma, 13 joulu 2021, Alexander Bokovoy via FreeIPA-users wrote:
RHSA-2021:5142 adds RHEL IdM fix that should work together with Samba
changes introduced in RHSA-2021:5082.
17 matches
Mail list logo
