summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* try to use forms based auth in tests - an EXAMPLEotptestsPetr Vobornik2014-12-121-0/+54
|
* do not finalize api for tests automaticallyPetr Vobornik2014-12-121-6/+6
|
* otp tests -wipPetr Vobornik2014-12-122-42/+95
|
* rpc-client: add forms based auth supportPetr Vobornik2014-12-121-86/+160
|
* wipPetr Vobornik2014-12-122-6/+46
|
* Add initial tests for OTPNathaniel McCallum2014-12-121-0/+373
| | | | | | | | | | | | | | This tests the general workflow for OTP including most possible token combinations. This includes 5872 tests. Further optimization is possible to reduce the number of duplicate tests run. Things not yet tested: * ipa-kdb * ipa-otpd * otptoken-sync * RADIUS proxy * token self-management * type specific attributes
* otptestsPetr Vobornik2014-12-121-0/+71
|
* Remove dependency on subscription-managerGabe2014-12-111-3/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4783 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Fix don't check certificate during getting CA statusMartin Basti2014-12-111-0/+1
| | | | | | | | Due workaroud we accidentaly started to check certificate, which causes problems during installation. Ticket: https://fedorahosted.org/freeipa/ticket/4676 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Show SSHFP record containing space in fingerprintMartin Basti2014-12-101-0/+8
| | | | | | | | | SSHFP records added by nsupdate contains extra space (valid), framework couldn't handle it. Ticket: https://fedorahosted.org/freeipa/ticket/4790 Ticket: https://fedorahosted.org/freeipa/ticket/4789 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Refer the user to freeipa.org when something goes wrong in ipa-cacert-manageJan Cholasta2014-12-101-5/+18
| | | | | | | https://fedorahosted.org/freeipa/ticket/4781 Reviewed-By: Martin Kosek <mkosek@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com>
* Check subject name encoding in ipa-cacert-manage renewJan Cholasta2014-12-101-2/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/4781 Reviewed-By: David Kupka <dkupka@redhat.com>
* Using wget to get status of CAMartin Basti2014-12-104-12/+38
| | | | | | | This is just workaround Ticket: https://fedorahosted.org/freeipa/ticket/4676 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* revert removal of cn attribute from idnsRecordPetr Vobornik2014-12-091-1/+1
| | | | | | | | | The removal, which was done in IPA-3.2, causes replication issues between IPA < 3.2 and IPA 4.1. Because IPA 4.1 adds two more attributes. https://fedorahosted.org/freeipa/ticket/4794 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Improve validation of --instance and --backend options in ipa-restoreJan Cholasta2014-12-093-31/+46
| | | | | | https://fedorahosted.org/freeipa/ticket/4744 Reviewed-By: David Kupka <dkupka@redhat.com>
* Do not renew the IPA CA cert by serial number in dogtag-ipa-ca-renew-agentJan Cholasta2014-12-091-1/+1
| | | | | | | | | | | Always use the full CSR when renewing the IPA CA certificate with Dogtag. The IPA CA certificate may be issued by an external CA, in which case renewal by serial number does not make sense and will fail if the IPA CA was initially installed as a subordinate of an external CA. https://fedorahosted.org/freeipa/ticket/4784 Reviewed-By: David Kupka <dkupka@redhat.com>
* Fix automatic CA cert renewal endless loop in dogtag-ipa-ca-renew-agentJan Cholasta2014-12-091-0/+2
| | | | | | | | | Reset profile name after requesting the CA cert from Dogtag to prevent the automatic renewal request from being restarted in subsequent calls. https://fedorahosted.org/freeipa/ticket/4765 Reviewed-By: David Kupka <dkupka@redhat.com>
* Upgrade fix: masking named should be executed only onceMartin Basti2014-12-091-14/+16
| | | | | | | | | There was error in code, masking was executed more times, even it was succesful https://fedorahosted.org/freeipa/ticket/4755 Reviewed-By: David Kupka <dkupka@redhat.com>
* webui: increase duration of notification messagesPetr Vobornik2014-12-091-1/+1
| | | | | | | | by 66% https://fedorahosted.org/freeipa/ticket/4792 Reviewed-By: Martin Basti <mbasti@redhat.com>
* webui: fix service unprovisioningPetr Vobornik2014-12-091-1/+1
| | | | | | | | Missed part of field refactoring caused that service could not be unprovisioned. https://fedorahosted.org/freeipa/ticket/4770 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Prefer TCP connections to UDP in krb5 clientsNathaniel McCallum2014-12-083-0/+3
| | | | | | | | | | | | | | In general, TCP is a better fit for FreeIPA due to large packet sizes. However, there is also a specific need for TCP when using OTP. If a UDP packet is delivered to the server and the server takes longer to process it than the client timeout (likely), the OTP value will be resent. Unfortunately, this will cause failures or even lockouts. Switching to TCP avoids this problem altogether. https://fedorahosted.org/freeipa/ticket/4725 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* hosts: Display assigned ID view by default in host-find and show commandsTomas Babej2014-12-054-9/+23
| | | | | | | | | | Makes ipaassignedidview a default attribute and takes care about the conversion from the DN to the proper ID view name. https://fedorahosted.org/freeipa/ticket/4774 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Create an OTP help topicNathaniel McCallum2014-12-053-0/+7
| | | | | | | This allows the various OTP related commands to be grouped together in the IPA CLI documentation. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Make token auth and sync windows configurableNathaniel McCallum2014-12-0512-153/+361
| | | | | | | | | | | This introduces two new CLI commands: * otpconfig-show * otpconfig-mod https://fedorahosted.org/freeipa/ticket/4511 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com> Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* No explicit zone specification.Jan Pazdziora2014-12-051-6/+2
| | | | | | https://fedorahosted.org/freeipa/ticket/4780 Reviewed-By: Martin Basti <mbasti@redhat.com>
* add --hosts and --hostgroup options to allow/retrieve keytab methodsPetr Vobornik2014-12-036-36/+257
| | | | | | | | | | | | | | | | | | `--hosts` and `--hostgroup` options added to: * service-allow-create-keytab * service-allow-retrieve-keytab * service-disallow-create-keytab * service-disallow-retrieve-keytab * host-allow-create-keytab * host-allow-retrieve-keytab * host-disallow-create-keytab * host-disallow-retrieve-keytab in order to allow hosts to retrieve keytab of their services or related hosts as described on http://www.freeipa.org/page/V4/Keytab_Retrieval design page https://fedorahosted.org/freeipa/ticket/4777 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Enable last token deletion when password auth type is configuredNathaniel McCallum2014-12-031-70/+173
| | | | | | | | | | | Also, ensure that the last token check only executes on DNs/entries that are tokens. This resolves a large performance issue where a query was being performed to load all the user's tokens on every del/mod operation. https://fedorahosted.org/freeipa/ticket/4697 https://fedorahosted.org/freeipa/ticket/4719 Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* Move authentication configuration cache into libotpNathaniel McCallum2014-12-0311-408/+346
| | | | | | | | This enables plugins to share authentication configuration cache code. Additionally, update the caching mechanism to be declarative and faster. Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* Preliminary refactoring of libotp filesNathaniel McCallum2014-12-0312-101/+90
| | | | | | | | There are no major changes in this commit other than changing filenames and symbols to have consistent namespaces. This prepares for larger changes to come in subsequent commits. Reviewed-By: Thierry Bordaz <tbordaz@redhat.com>
* certs: Fix incorrect flag handling in load_cacertTomas Babej2014-12-022-5/+3
| | | | | | | | | | | | | For CA certificates that are not certificates of IPA CA, we incorrectly set the trust flags to ",,", regardless what the actual trust_flags parameter was passed. Make the load_cacert method respect trust_flags and make it a required argument. https://fedorahosted.org/freeipa/ticket/4779 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* fix indentation in ipa-restore pagePetr Vobornik2014-12-021-2/+3
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Throw zonemgr error message before installation proceedsMartin Basti2014-12-012-30/+50
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4771 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* Re-initialize NSS database after otptoken plugin testsTomas Babej2014-11-272-11/+25
| | | | | | | | | | | | OTP token tests do not properly reinitialize the NSS db, thus making subsequent xmlrpc tests fail on SSL cert validation. Make sure NSS db is re-initalized in the teardown method. https://fedorahosted.org/freeipa/ticket/4748 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use singular in help metavars + update man pages.David Kupka2014-11-268-17/+24
| | | | | | https://fedorahosted.org/freeipa/ticket/4695 Reviewed-By: Martin Basti <mbasti@redhat.com>
* Catch USBError during YubiKey locationNathaniel McCallum2014-11-251-2/+5
| | | | | | https://fedorahosted.org/freeipa/ticket/4693 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix zonemgr option encoding detectionMartin Basti2014-11-251-1/+4
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4766 Reviewed-By: Jan Cholasta <jcholast@redhat.com>
* webui: add radius fields to user pagePetr Vobornik2014-11-251-0/+11
| | | | | | | | add --radius=ID --radius-username=radiusUserName to Web UI https://fedorahosted.org/freeipa/ticket/4686 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Become IPA 4.1.2Petr Vobornik2014-11-251-1/+1
|
* Add TLS 1.2 to the protocol list in mod_nss configJan Cholasta2014-11-252-3/+17
| | | | | | https://fedorahosted.org/freeipa/ticket/4653 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* AD trust: improve trust validationAlexander Bokovoy2014-11-251-3/+16
| | | | | | | | | | | | | | | Trust validation requires AD DC to contact IPA server to verify that trust account actually works. It can fail due to DNS or firewall issue or if AD DC was able to resolve IPA master(s) via SRV records, it still may contact a replica that has no trust data replicated yet. In case AD DC still returns 'access denied', wait 5 seconds and try validation again. Repeat validation until we hit a limit of 10 attempts, at which point raise exception telling what's happening. https://fedorahosted.org/freeipa/ticket/4764 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix memory leak in GetKeytabControl asn1 codeJan Cholasta2014-11-251-1/+10
| | | | | | https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix unchecked return value in krb5 common utilsJan Cholasta2014-11-251-0/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix unchecked return value in ipa-joinJan Cholasta2014-11-251-1/+4
| | | | | | https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix unchecked return values in ipa-winsyncJan Cholasta2014-11-251-20/+20
| | | | | | https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix unchecked return value in ipa-kdbJan Cholasta2014-11-251-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix Kerberos error handling in ipa-samJan Cholasta2014-11-251-1/+1
| | | | | | https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Unload P11_Helper object's library when it is finalized in ipap11helperJan Cholasta2014-11-252-2/+12
| | | | | | https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Remove redefinition of LOG from ipa-otp-lasttokenJan Cholasta2014-11-251-3/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4713 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* copy_schema_to_ca: Fallback to old import location for ipaplatform.servicesPetr Viktorin2014-11-251-1/+5
| | | | | | | | | | This file is copied to older servers that might not have the ipaplatform refactoring. Import from the old location if the new one is not available. https://fedorahosted.org/freeipa/ticket/4763 Reviewed-By: Tomas Babej <tbabej@redhat.com>
* Fix error message for nonexistent members and add tests.David Kupka2014-11-242-1/+39
| | | | | | https://fedorahosted.org/freeipa/ticket/4643 Reviewed-By: Tomas Babej <tbabej@redhat.com>
generated by cgit (git 2.34.1) at 2025-08-31 19:00:50 +0000