<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<br>
<div class="moz-cite-prefix">On 01.07.2016 09:25, Martin Babinsky
wrote:<br>
</div>
<blockquote
cite="mid:93ea9fe5-733c-d7b6-8290-f63844f0a66c@redhat.com"
type="cite">On 06/30/2016 11:17 PM, David Kupka wrote:
<br>
<blockquote type="cite">On 28/06/16 20:08, Martin Babinsky wrote:
<br>
<blockquote type="cite">On 06/24/2016 09:52 AM, Martin Babinsky
wrote:
<br>
<blockquote type="cite">Hi list,
<br>
<br>
I am furiously working on tickets related to the proper
support and API
<br>
for managing kerberos principal aliases for hosts, users,
and
<br>
services[1-5].
<br>
<br>
To better track and comment on my progress, I have forked
freeipa on git
<br>
and created a branch for you to test and review. The link is
here:
<br>
<br>
<a class="moz-txt-link-freetext" href="https://github.com/martbab/freeipa/tree/krb5-principal-aliases">https://github.com/martbab/freeipa/tree/krb5-principal-aliases</a>
<br>
<br>
Please be aware that I may force-push into the branch
without warning
<br>
when fixing issues we will discover during testing/review.
<br>
<br>
[1]
<a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/V4/Kerberos_principal_aliases">http://www.freeipa.org/page/V4/Kerberos_principal_aliases</a>
<br>
[2] <a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/3864">https://fedorahosted.org/freeipa/ticket/3864</a>
<br>
[3] <a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/3961">https://fedorahosted.org/freeipa/ticket/3961</a>
<br>
[4] <a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/1365">https://fedorahosted.org/freeipa/ticket/1365</a>
<br>
[5] <a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/5413">https://fedorahosted.org/freeipa/ticket/5413</a>
<br>
<br>
</blockquote>
<br>
Based on Jan's suggestions I have reworked the code
substantially and
<br>
force-pushed it into the github branch. Please review.
<br>
<br>
</blockquote>
<br>
Hello!
<br>
<br>
I have gone through the code and tested the functionality in
basic use
<br>
cases (server-install, upgrade, replica-install, adding/removing
<br>
principals, getting ticket with alias, ...). Code looks good to
me and
<br>
everything* seems to work smoothly.
<br>
<br>
condACK, if Pavel or Petr^1 (or anyone else who tried this)
don't report
<br>
any issue really soon.
<br>
<br>
*except for <a class="moz-txt-link-freetext" href="https://fedorahosted.org/freeipa/ticket/6017">https://fedorahosted.org/freeipa/ticket/6017</a>
<br>
<br>
</blockquote>
Thanks, David.
<br>
<br>
here are the reviewed patches rebased on the most current master.
If no one objects I suggest to push them.
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
master:<br>
* de6abc7af2dac7994b0fff4396115320d1a9a54d ipapython module for
Kerberos principal manipulation and parsing<br>
* e6fc8f84d3ad5fc4c030ad592a3d743c02393439 Test suite for
`ipapython/kerberos.py`<br>
* 974eb7b5efd20ad2195b0ad578637ab31f4c1df4 ipalib: introduce
Principal parameter<br>
* c2af032c0333f7e210c54369159d1d9f5e3fec74 Migrate management
framework plugins to use Principal parameter<br>
* d1517482b5e9508780087ec48be63a5bb531fed9 Add ACI for admins to
modify principal attributes<br>
* 7e803aa4625869ef6a8e78a09cd99270c4cc77e5 replace an ACI relying on
presence of deprecated objectclass<br>
* 750a392fe22aa8ddcb21077e8c24b96d36ecf20c Allow for commands that
use positional parameters to add/remove attributes<br>
* a28d312796839e3413c98ee37d34ccc892e85357 Make framework consider
krbcanonicalname as service primary key<br>
* e6ff83e3610d553f6ff98e3adbfbe3c6984b2f17 Provide API for
management of host, service, and user principal aliases<br>
* acf2234ebc8609a35a8f45598d5d817cbdbff121 Unify display of
principal names/aliases across entities<br>
<br>
</body>
</html>