URL: https://github.com/freeipa/freeipa/pull/3358
Author: tengcm2015
Title: #3358: Added default indicators for preauthentication mechanism
Action: opened
PR body:
"""
Added default indicators for SPAKE, Pkinit and FAST. Also added those as default options in webUI
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3358/head:pr3358
git checkout pr3358
URL: https://github.com/freeipa/freeipa/pull/3429
Author: flo-renaud
Title: #3429: ipatests: add nightly definition for DS integration tests
Action: opened
PR body:
"""
This commit is a first step in order to run nightly
integration tests with the 389-ds Directory Server.
It is listing the tests that should be run against
a nightly build of 389-ds.
Additional work is needed:
- create a vagrant template using the Copr repo for nightly 389-ds
- automate the creation of a PR using this nightly definition
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3429/head:pr3429
git checkout pr3429
URL: https://github.com/freeipa/freeipa/pull/2766
Author: t-woerner
Title: #2766: Fix ipatests test_ntp_options to configure the firewall where needed
Action: opened
PR body:
"""
The firewall has not been configured before replicas and after masters
have been installed using the command line tools and not the available
methods from tasks. This resulted in failed tests as for example in
test_replica_promotion_without_ntp.
Configuration of the firewall has been added to the methods
install_replica, test_replica_promotion_with_ntp_options and
test_replica_promotion_without_ntp.
In the case of testing command line options that may not be used together
for replica installation, a comment has been added that it is theoretical
no need to configure the firewall in this case, because the installation
will not succeed. But it has been added to make sure that the test will
not fail because of the missing firewall configuration if the options will
not conflict. This is the method test_replica_promotion_with_ntp_options.
In the case where conflicting command line options are tested for the
server installation a comment has been added that it is not needed to
configure the firewall as it is configured after successful server
installation normally. This is the method
test_server_client_install_mixed_options.
tasks.uninstall_master is used to cleanup replica installations and test
remains, therefore the firewall configuration is reverted afterwards again.
See: https://pagure.io/freeipa/issue/7719
Signed-off-by: Thomas Woerner <twoerner(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2766/head:pr2766
git checkout pr2766
URL: https://github.com/freeipa/freeipa/pull/3374
Author: rcritten
Title: #3374: Modify the way replicationi timeout is handled, logged
Action: opened
PR body:
"""
Make specific config option for certmonger timeout rather than using replication timeout.
Log the replication timeout value when waiting for an entry/attribute.
Log a hint if the dogtag admin user bind fails.
https://pagure.io/freeipa/issue/7971
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3374/head:pr3374
git checkout pr3374
URL: https://github.com/freeipa/freeipa/pull/3085
Author: ndehadrai
Title: #3085: tasks.py :: prepare_reverse_zone : Using '--skip-overlap-check' option during dnszone creation
Action: opened
PR body:
"""
Currently when the test_replica_promotion tests are run in CI, it returns warning message 'ipa: WARNING: ipa: ERROR: DNS zone with name <xyz> already exists'. Using the above option would force dnszone-add creation.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3085/head:pr3085
git checkout pr3085
URL: https://github.com/freeipa/freeipa/pull/3467
Author: miskopo
Title: #3467: ipatests - test_cli_ipa_not_configured created and implemented test for PG6843
Action: opened
PR body:
"""
When ipa server is not configured and ipa backup is invoked, command
should fail with "not configured" message which should not contain any
link to /var/log as this is not created at this point
https://pagure.io/freeipa/issue/6843
test_var_log_message_with_ipa_backup (BZ1428690) as xfail
not-configured ipa server should return exit code 2 (SERVER_NOT_CONFIGURED from ipapython.admintool), but returns 1.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/3467/head:pr3467
git checkout pr3467
URL: https://github.com/freeipa/freeipa/pull/2147
Author: frozencemetery
Title: #2147: Add a skeleton kdcpolicy plugin
Action: opened
PR body:
"""
Signed-off-by: Robbie Harwood <rharwood(a)redhat.com>
Back in krb5-1.16 (and in RHEL-7.5), I added the [kdcpolicy plugin](http://web.mit.edu/kerberos/krb5-devel/doc/plugindev/kdcpolicy.html) to krb5. This interface allows a module to hook all AS and TGS requests, potentially reject them, and manipulate ticket lifetimes. This PR is a basic implementation of the interface, with all the plumbing IPA needs to get it loaded and installed.
There are two use cases I had in mind, though of course many more are possible (this is a very powerful place to have a hook into the KDC):
- Reduced ticket lifetimes based on [auth indicator](http://web.mit.edu/kerberos/krb5-devel/doc/admin/auth_indicator.…
- Adding (well, subtracting) random jitter from certain principal lifetimes to reduce contention from groups of tickets all needing renewal simultaneously
Since presumably we don't want any of that to be hardcoded behavior, the difficult part is now making it all configurable. (As well as figuring out any behavior we want to control at the moment). Per IRC conversation, I'm opening this PR so that we have something to look at while we discuss that.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2147/head:pr2147
git checkout pr2147
URL: https://github.com/freeipa/freeipa/pull/2307
Author: tiran
Title: #2307: Use pki config file template
Action: opened
PR body:
"""
WIP
For HSM support and more flexible options.
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/2307/head:pr2307
git checkout pr2307