[Freeipa-devel] [PATCH] 0001 Added new authentication method
Jan Cholasta
jcholast at redhat.com
Wed Aug 17 14:56:51 UTC 2016
On 17.8.2016 16:33, Stanislav Laznicka wrote:
> On 08/17/2016 04:11 PM, Tibor Dudlak wrote:
>>
>> On Wed, Aug 17, 2016 at 3:36 PM, Stanislav Laznicka
>> <slaznick at redhat.com <mailto:slaznick at redhat.com>> wrote:
>>
>> On 08/16/2016 03:16 PM, Tibor Dudlak wrote:
>>> Hi,
>>>
>>> I have edited this patch after review. It should be okay now.
>>>
>>> Thank you.
>>>
>>> On Thu, Aug 11, 2016 at 7:49 PM, Petr Vobornik
>>> <pvoborni at redhat.com <mailto:pvoborni at redhat.com>> wrote:
>>>
>>> On 08/11/2016 07:21 PM, Martin Basti wrote:
>>> >
>>> >
>>> > On 11.08.2016 18:57, Pavel Vomacka wrote:
>>> >>
>>> >>
>>> >> On 08/11/2016 02:00 PM, Petr Vobornik wrote:
>>> >>> On 08/11/2016 10:54 AM, Alexander Bokovoy wrote:
>>> >>>> On Thu, 11 Aug 2016, Jan Cholasta wrote:
>>> >>>>> On 4.8.2016 17:27, Jan Pazdziora wrote:
>>> >>>>>> On Wed, Aug 03, 2016 at 10:29:52AM +0300, Alexander
>>> Bokovoy wrote:
>>> >>>>>>> Got it. One thing I would correct, though, -- don't use
>>> >>>>>>> kadmin.local, we
>>> >>>>>>> do support setting ok_as_delegate on the service
>>> principals via IPA
>>> >>>>>>> CLI:
>>> >>>>>>> $ ipa service-mod --help |grep -A1 ok-as-delegate
>>> >>>>>>> --ok-as-delegate=BOOL
>>> >>>>>>> Client credentials may be
>>> delegated to the
>>> >>>>>>> service
>>> >>>>>> I've tried
>>> >>>>>>
>>> >>>>>> ipa service-mod --ok-as-delegate=True
>>> HTTP/$(hostname)
>>> >>>>>>
>>> >>>>>> but that does not seem to have the same effect as
>>> >>>>>>
>>> >>>>>> modprinc +ok_to_auth_as_delegate
>>> HTTP/ipa.example.test
>>> >>>>>>
>>> >>>>>> -- obtaining the delegated certificated fails.
>>> >>>>> That's because ok_as_delegate and
>>> ok_to_auth_as_delegate are different
>>> >>>>> flags.
>>> >>>> Right. The following patch adds ok_to_auth_as_delegate
>>> to the service
>>> >>>> principal.
>>> >>>>
>>> >>>> I haven't added any tickets to it yet.
>>> >>>>
>>> >>>>
>>> >>> This might deserve also nice Web UI checkbox similar to
>>> "Trusted for
>>> >>> delegation". CCing Pavel.
>>> >>>
>>> >> Here is patch with new checkbox. It is without ticket in
>>> commit message so
>>> >> once we will have the ticket I will send another patch
>>> witch updated commit
>>> >> message.
>>> >
>>> > https://fedorahosted.org/freeipa/newticket
>>> <https://fedorahosted.org/freeipa/newticket>
>>> >
>>> > ;-)
>>>
>>> It's prerequisite for
>>> https://fedorahosted.org/freeipa/ticket/5764
>>> <https://fedorahosted.org/freeipa/ticket/5764> so we
>>> might use that.
>>>
>>>
>> Please, add your answers at the end of the previous mail in the
>> future.
>>
>> Also, your patch raises pep8 errors:
>> ./ipaserver/plugins/xmlserver.py:31:80: E501 line too long (189 >
>> 79 characters)
>> ./ipaserver/rpcserver.py:885:5: E113 unexpected indentation
>>
>> Could you please fix them?
>>
>>
>> Hi,
>>
>> thanks for review Stanislav. I understand
>> ./ipaserver/rpcserver.py:885:5: E113 unexpected indentation, that is
>> my fault but really do not understand first one. Is there policy that
>> you decided not to patch existing files, even if there was obviously
>> longer line before patch until it is not necessary?
>> Anyway I hope it should be ok now.
>>
>> Thank you.
>
> There's a policy to try to be pep8 compliant as much as we can with any
> new patches. Your new patch would still raise some pep8 errors, please
> see the attached patch that should be ok. If it's ok with you then ACK,
> it seems to be working.
(16:54:22) pvoborni_: tdudlak: muzem pushnout tu standovu verzi tveho
patche?
(16:54:36) tdudlak: jasne
(16:55:12) pvoborni_: jcholast: ^
Pushed to master: d25a0725c0e09891bd0df927641dac878dfe6a7d
--
Jan Cholasta
More information about the Freeipa-devel
mailing list