[Freeipa-devel] [WIP] Kerberos principal aliases pt. 2
Martin Basti
mbasti at redhat.com
Fri Jul 1 07:37:58 UTC 2016
On 01.07.2016 09:25, Martin Babinsky wrote:
> On 06/30/2016 11:17 PM, David Kupka wrote:
>> On 28/06/16 20:08, Martin Babinsky wrote:
>>> On 06/24/2016 09:52 AM, Martin Babinsky wrote:
>>>> Hi list,
>>>>
>>>> I am furiously working on tickets related to the proper support and
>>>> API
>>>> for managing kerberos principal aliases for hosts, users, and
>>>> services[1-5].
>>>>
>>>> To better track and comment on my progress, I have forked freeipa
>>>> on git
>>>> and created a branch for you to test and review. The link is here:
>>>>
>>>> https://github.com/martbab/freeipa/tree/krb5-principal-aliases
>>>>
>>>> Please be aware that I may force-push into the branch without warning
>>>> when fixing issues we will discover during testing/review.
>>>>
>>>> [1] http://www.freeipa.org/page/V4/Kerberos_principal_aliases
>>>> [2] https://fedorahosted.org/freeipa/ticket/3864
>>>> [3] https://fedorahosted.org/freeipa/ticket/3961
>>>> [4] https://fedorahosted.org/freeipa/ticket/1365
>>>> [5] https://fedorahosted.org/freeipa/ticket/5413
>>>>
>>>
>>> Based on Jan's suggestions I have reworked the code substantially and
>>> force-pushed it into the github branch. Please review.
>>>
>>
>> Hello!
>>
>> I have gone through the code and tested the functionality in basic use
>> cases (server-install, upgrade, replica-install, adding/removing
>> principals, getting ticket with alias, ...). Code looks good to me and
>> everything* seems to work smoothly.
>>
>> condACK, if Pavel or Petr^1 (or anyone else who tried this) don't report
>> any issue really soon.
>>
>> *except for https://fedorahosted.org/freeipa/ticket/6017
>>
> Thanks, David.
>
> here are the reviewed patches rebased on the most current master. If
> no one objects I suggest to push them.
>
>
>
master:
* de6abc7af2dac7994b0fff4396115320d1a9a54d ipapython module for Kerberos
principal manipulation and parsing
* e6fc8f84d3ad5fc4c030ad592a3d743c02393439 Test suite for
`ipapython/kerberos.py`
* 974eb7b5efd20ad2195b0ad578637ab31f4c1df4 ipalib: introduce Principal
parameter
* c2af032c0333f7e210c54369159d1d9f5e3fec74 Migrate management framework
plugins to use Principal parameter
* d1517482b5e9508780087ec48be63a5bb531fed9 Add ACI for admins to modify
principal attributes
* 7e803aa4625869ef6a8e78a09cd99270c4cc77e5 replace an ACI relying on
presence of deprecated objectclass
* 750a392fe22aa8ddcb21077e8c24b96d36ecf20c Allow for commands that use
positional parameters to add/remove attributes
* a28d312796839e3413c98ee37d34ccc892e85357 Make framework consider
krbcanonicalname as service primary key
* e6ff83e3610d553f6ff98e3adbfbe3c6984b2f17 Provide API for management of
host, service, and user principal aliases
* acf2234ebc8609a35a8f45598d5d817cbdbff121 Unify display of principal
names/aliases across entities
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160701/f227c568/attachment.htm>
More information about the Freeipa-devel
mailing list