freeipa.git/ipalib/plugins, branch master_keytab FreeIPA patches Allow admins to disable preauth for SPNs. 2015-12-11T20:20:52+00:00 Simo Sorce simo@redhat.com 2015-11-24T20:39:08+00:00 5435680ab89e356969eb657c3f4fe7b402a1e9eb Some legacy softare is not able to properly cope with preauthentication, allow the admins to disable the requirement to use preauthentication for all Service Principal Names if they so desire. IPA Users are excluded, for users, which use password of lessere entrpy, preauthentication is always required by default. This setting does NOT override explicit policies set on service principals or in the global policy, it only affects the default. Signed-off-by: Simo Sorce <simo@redhat.com> Ticket: https://fedorahosted.org/freeipa/ticket/3860 
Some legacy softare is not able to properly cope with preauthentication,
allow the admins to disable the requirement to use preauthentication for
all Service Principal Names if they so desire. IPA Users are excluded,
for users, which use password of lessere entrpy, preauthentication is
always required by default.

This setting does NOT override explicit policies set on service principals
or in the global policy, it only affects the default.

Signed-off-by: Simo Sorce <simo@redhat.com>

Ticket: https://fedorahosted.org/freeipa/ticket/3860
Disable User's ability to use the setkeytab exop. 2015-12-11T20:20:52+00:00 Simo Sorce simo@redhat.com 2015-11-24T19:02:01+00:00 49b1d167ec3a39328630a8febd247ce48f2d8dce Users can still obtain a keytab for themselves using the getkeytab exop which does not circumvent password policy checks. Users are disallowed from using setkeytab by default in new installations but not in existing installations (no forced upgrade). Signed-off-by: Simo Sorce <simo@redhat.com> Ticket: https://fedorahosted.org/freeipa/ticket/5485 
Users can still obtain a keytab for themselves using the getkeytab exop
which does not circumvent password policy checks.

Users are disallowed from using setkeytab by default in new installations
but not in existing installations (no forced upgrade).

Signed-off-by: Simo Sorce <simo@redhat.com>

Ticket: https://fedorahosted.org/freeipa/ticket/5485
Introduce option to disable the SetKeytab exop 2015-12-11T20:20:52+00:00 Simo Sorce simo@redhat.com 2015-11-24T18:42:10+00:00 347fb7cea4676e61cb4d50ce5448bbd0842fd4d1 If DisableSetKeytab is set in ipaConfig options then setkeytab will not be available. The default is still to allow this operation for backwards compatibility towards older clients that do not know how to use the new GetKeytab extended operation. Signed-off-by: Simo Sorce <simo@redhat.com> Ticket: https://fedorahosted.org/freeipa/ticket/5485 
If DisableSetKeytab is set in ipaConfig options then setkeytab will not be
available. The default is still to allow this operation for backwards
compatibility towards older clients that do not know how to use the new
GetKeytab extended operation.

Signed-off-by: Simo Sorce <simo@redhat.com>

Ticket: https://fedorahosted.org/freeipa/ticket/5485
Fix minor typos 2015-12-07T11:07:47+00:00 Yuri Chornoivan yurchor@ukr.net 2015-12-06T17:33:08+00:00 2180d5db8a8e99007c39466c19759a4b1bf098fa Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
aci: add IPA servers host group 'ipaservers' 2015-12-07T07:13:23+00:00 Jan Cholasta jcholast@redhat.com 2015-12-01T09:42:38+00:00 a8d7ce5cf1ccd6c8a81fa5b4569afa3aa3c2882d https://fedorahosted.org/freeipa/ticket/3416 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Simo Sorce <ssorce@redhat.com> 
https://fedorahosted.org/freeipa/ticket/3416

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Extend topology help 2015-12-04T18:51:55+00:00 Petr Vobornik pvoborni@redhat.com 2015-12-03T15:29:27+00:00 81c06327b955f71cbbd89e5cfa47594157c3fcae `ipa help topology` is improved. Reviewed-By: Petr Vobornik <pvoborni@redhat.com> Reviewed-By: Tomas Babej <tbabej@redhat.com> 
`ipa help topology` is improved.

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Reviewed-By: Tomas Babej <tbabej@redhat.com>
topologysuffix: change iparepltopoconfroot API properties 2015-12-03T11:41:07+00:00 Petr Vobornik pvoborni@redhat.com 2015-12-01T12:02:18+00:00 581f5432bff7df909c1d7d7b8a55c5c81282afc0 Change CLI option, label and type to reflect that it is a only a DN of the suffix. Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Change CLI option, label and type to reflect that it is a only a DN
of the suffix.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Removed duplicate domain name validating function 2015-12-02T16:26:56+00:00 Stanislav Laznicka slaznick@redhat.com 2015-11-25T15:38:00+00:00 498471e4aed1367b72cd74d15811d0584a6ee268 Reviewed-By: Martin Basti <mbasti@redhat.com> 
Reviewed-By: Martin Basti <mbasti@redhat.com>
topology: replace "suffices" with "suffixes" 2015-12-01T08:30:21+00:00 Jan Cholasta jcholast@redhat.com 2015-11-27T07:07:57+00:00 4d24d8b26cd720f2ac24d05cbb00fd69ebd675a9 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
server: use topologysuffix name in iparepltopomanagedsuffix 2015-12-01T08:30:21+00:00 Jan Cholasta jcholast@redhat.com 2015-11-30T09:25:01+00:00 46ae52569a179f73b1445922f7bac993d598c953 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>