URL: https://github.com/freeipa/freeipa/pull/2797
Author: tiran
Title: #2797: Move Custodia secrets handler to scripts
Action: opened
PR body:
"""
Implement the import and export handlers for Custodia keys as external
scripts. It's a prerequisite to drop DAC override permission and proper
SELinux rules for ipa-custodia.
Fixes: https://pagure.io/freeipa/issue/6888
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2797/head:pr2797
git checkout pr2797
URL: https://github.com/freeipa/freeipa/pull/2411
Author: onkarkarale
Title: #2411: Test ipa-server-install when mandatory params not specified.
Action: opened
PR body:
"""
When installing ipa-server in unattended mode (i.e -U option),
some manadatory params should be specified with the install
commands like -p, -r and -a etc. If we don't specify these
params, installation will fail.
Signed-off-by: Onkar Karale <karaleonkar19(a)gmail.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2411/head:pr2411
git checkout pr2411
URL: https://github.com/freeipa/freeipa/pull/2464
Author: Tiboris
Title: #2464: Support interactive prompt for ntp options
Action: opened
PR body:
"""
FreeIPA will now ask user for NTP source server
or pool address in interactive mode if there is
no server nor pool specified and autodiscovery
has not found any NTP source in DNS records.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2464/head:pr2464
git checkout pr2464
URL: https://github.com/freeipa/freeipa/pull/2635
Author: Tiboris
Title: #2635: [Backport][ipa-4-7] Added automation for NTP options test scenarios
Action: opened
PR body:
"""
This PR is **manual backport** of https://github.com/freeipa/freeipa/pull/2404 please wait for CI before pushing.
In case of questions or problems contact @varunmylaraiah who is author of the original PR.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2635/head:pr2635
git checkout pr2635
URL: https://github.com/freeipa/freeipa/pull/2638
Author: Tiboris
Title: #2638: Fix test_ntp_options
Action: opened
PR body:
"""
On nightly tests are failing because custom client and replica install methods
Use methods:
- tasks.replica_install()
- tasks.client_isntall()
instead of custom methods.
Move ntp_pool/server to class scope.
Related to: https://pagure.io/freeipa/issue/7719
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2638/head:pr2638
git checkout pr2638
URL: https://github.com/freeipa/freeipa/pull/2584
Author: tiran
Title: #2584: ipa-pwd-extop: don't check password policy for non-Kerberos account set by DM or a passsync manager
Action: opened
PR body:
"""
The PR was originally PR @abbra's PR https://github.com/freeipa/freeipa/pull/2106. PR-CI was broken for that PR. I also squashed some intermediate commits.
## Original PR message
Password changes performed by cn=Directory Manager are excluded from
password policy checks according to [1]. This is correctly handled by
ipa-pwd-extop in case of a normal Kerberos principal in IPA. However,
non-kerberos accounts were not excluded from the check.
As result, password updates for PKI CA admin account in o=ipaca were
failing if a password policy does not allow a password reuse. We are
re-setting the password for PKI CA admin in ipa-replica-prepare in case
the original directory manager's password was updated since creation of
`cacert.p12`.
Do password policy check for non-Kerberos accounts only if it was set by
a regular user or admin. Changes performed by a cn=Directory Manager and
passsync managers should be excluded from the policy check.
Fixes: https://pagure.io/freeipa/issue/7181
Signed-off-by: Alexander Bokovoy <abokovoy(a)redhat.com>
[1] https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/h…
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2584/head:pr2584
git checkout pr2584
URL: https://github.com/freeipa/freeipa/pull/2163
Author: tiran
Title: #2163: Make ipaclient.csrgen optional
Action: opened
PR body:
"""
ipaclient's csrgen plugin has been turned into an optional dependency.
The ipaclient plugin, helper modules like ipaclient.csrgen and templates
are shipped conditionally.
The ipaclient cert plugin and ipatests handle missing csrgen gracefully.
Signed-off-by: Christian Heimes <cheimes(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2163/head:pr2163
git checkout pr2163