|
|
e3ffab |
# Define ONLY_CLIENT to only make the ipa-admintools, ipa-client and ipa-python
|
|
|
e3ffab |
# subpackages
|
|
|
99b6f7 |
%{!?ONLY_CLIENT:%global ONLY_CLIENT 0}
|
|
|
99b6f7 |
|
|
|
403b09 |
%if 0%{?rhel}
|
|
|
403b09 |
%global with_python3 0
|
|
|
403b09 |
%else
|
|
|
403b09 |
%global with_python3 1
|
|
|
403b09 |
%endif
|
|
|
403b09 |
|
|
|
e3ffab |
# RHEL spec file only: START
|
|
|
99b6f7 |
%ifarch x86_64 %{ix86}
|
|
|
99b6f7 |
# Nothing, we want to force just building client on non-Intel
|
|
|
99b6f7 |
%else
|
|
|
99b6f7 |
%global ONLY_CLIENT 1
|
|
|
99b6f7 |
%endif
|
|
|
403b09 |
%global VERSION 4.4.0
|
|
|
e3ffab |
# RHEL spec file only: END
|
|
|
e3ffab |
|
|
|
e3ffab |
%global alt_name freeipa
|
|
|
e3ffab |
%if 0%{?rhel}
|
|
|
d73e7d |
%global samba_version 4.2.10-1
|
|
|
403b09 |
%global selinux_policy_version 3.13.1-70
|
|
|
403b09 |
%global slapi_nis_version 0.56.0-4
|
|
|
e3ffab |
%else
|
|
|
403b09 |
%global samba_version 2:4.0.5-1
|
|
|
403b09 |
%global selinux_policy_version 3.13.1-158.4
|
|
|
403b09 |
%global slapi_nis_version 0.56.1
|
|
|
e3ffab |
%endif
|
|
|
99b6f7 |
|
|
|
590d18 |
%define krb5_base_version %(LC_ALL=C rpm -q --qf '%%{VERSION}' krb5-devel | grep -Eo '^[^.]+\.[^.]+')
|
|
|
590d18 |
|
|
|
99b6f7 |
%global plugin_dir %{_libdir}/dirsrv/plugins
|
|
|
590d18 |
%global etc_systemd_dir %{_sysconfdir}/systemd/system
|
|
|
99b6f7 |
%global gettext_domain ipa
|
|
|
e3ffab |
%if 0%{?rhel}
|
|
|
e3ffab |
%global platform_module rhel
|
|
|
e3ffab |
%else
|
|
|
e3ffab |
%global platform_module fedora
|
|
|
e3ffab |
%endif
|
|
|
99b6f7 |
|
|
|
9991ea |
%define _hardened_build 1
|
|
|
9991ea |
|
|
|
99b6f7 |
Name: ipa
|
|
|
403b09 |
Version: 4.4.0
|
|
|
53a374 |
Release: 14%{?dist}.1.1
|
|
|
99b6f7 |
Summary: The Identity, Policy and Audit system
|
|
|
99b6f7 |
|
|
|
99b6f7 |
Group: System Environment/Base
|
|
|
99b6f7 |
License: GPLv3+
|
|
|
99b6f7 |
URL: http://www.freeipa.org/
|
|
|
99b6f7 |
Source0: http://www.freeipa.org/downloads/src/freeipa-%{VERSION}.tar.gz
|
|
|
e3ffab |
# RHEL spec file only: START: Change branding to IPA and Identity-Management
|
|
|
53a374 |
Source1: header-logo.png
|
|
|
53a374 |
Source2: login-screen-background.jpg
|
|
|
53a374 |
Source3: login-screen-logo.png
|
|
|
53a374 |
Source4: product-name.png
|
|
|
e3ffab |
# RHEL spec file only: END: Change branding to IPA and Identity-Management
|
|
|
99b6f7 |
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
|
|
99b6f7 |
|
|
|
e3ffab |
# RHEL spec file only: START
|
|
|
403b09 |
Patch0001: 0001-Fix-incorrect-check-for-principal-type-when-evaluati.patch
|
|
|
403b09 |
Patch0002: 0002-uninstall-untrack-lightweight-CA-certs.patch
|
|
|
403b09 |
Patch0003: 0003-ipa-nis-manage-Use-server-API-to-retrieve-plugin-sta.patch
|
|
|
403b09 |
Patch0004: 0004-ipa-compat-manage-use-server-API-to-retrieve-plugin-.patch
|
|
|
403b09 |
Patch0005: 0005-ipa-advise-correct-handling-of-plugin-namespace-iter.patch
|
|
|
403b09 |
Patch0006: 0006-kdb-check-for-local-realm-in-enterprise-principals.patch
|
|
|
403b09 |
Patch0007: 0007-Enable-vault-commands-on-client.patch
|
|
|
403b09 |
Patch0008: 0008-vault-add-set-the-default-vault-type-on-the-client-s.patch
|
|
|
403b09 |
Patch0009: 0009-caacl-expand-plugin-documentation.patch
|
|
|
403b09 |
Patch0010: 0010-host-find-do-not-show-SSH-key-by-default.patch
|
|
|
403b09 |
Patch0011: 0011-Removed-unused-method-parameter-from-migrate-ds.patch
|
|
|
403b09 |
Patch0012: 0012-Preserve-user-principal-aliases-during-rename-operat.patch
|
|
|
403b09 |
Patch0013: 0013-messages-specify-message-type-for-ResultFormattingEr.patch
|
|
|
403b09 |
Patch0014: 0014-schema-Fix-subtopic-topic-mapping.patch
|
|
|
403b09 |
Patch0015: 0015-DNS-install-Ensure-that-DNS-servers-container-exists.patch
|
|
|
403b09 |
Patch0016: 0016-Heap-corruption-in-ipapwd-plugin.patch
|
|
|
403b09 |
Patch0017: 0017-Use-server-API-in-com.redhat.idm.trust-fetch-domains.patch
|
|
|
403b09 |
Patch0018: 0018-frontend-copy-command-arguments-to-output-params-on-.patch
|
|
|
403b09 |
Patch0019: 0019-Show-full-error-message-for-selinuxusermap-add-hostg.patch
|
|
|
403b09 |
Patch0020: 0020-allow-value-output-param-in-commands-without-primary.patch
|
|
|
403b09 |
Patch0021: 0021-server-uninstall-fails-to-remove-krb-principals.patch
|
|
|
403b09 |
Patch0022: 0022-expose-secret-option-in-radiusproxy-commands.patch
|
|
|
403b09 |
Patch0023: 0023-prevent-search-for-RADIUS-proxy-servers-by-secret.patch
|
|
|
403b09 |
Patch0024: 0024-trust-add-handle-all-raw-options-properly.patch
|
|
|
403b09 |
Patch0025: 0025-unite-log-file-name-of-ipa-ca-install.patch
|
|
|
403b09 |
Patch0026: 0026-Host-del-fix-behavior-of-updatedns-and-PTR-records.patch
|
|
|
403b09 |
Patch0027: 0027-help-Add-dnsserver-commands-to-help-topic-dns.patch
|
|
|
403b09 |
Patch0028: 0028-DNS-Locations-fix-update-system-records-unpacking-er.patch
|
|
|
403b09 |
Patch0029: 0029-Fix-session-cookies.patch
|
|
|
403b09 |
Patch0030: 0030-Use-copy-when-replacing-files-to-keep-SELinux-contex.patch
|
|
|
403b09 |
Patch0031: 0031-baseldap-Fix-MidairCollision-instantiation-during-en.patch
|
|
|
403b09 |
Patch0032: 0032-Create-indexes-for-krbCanonicalName-attribute.patch
|
|
|
403b09 |
Patch0033: 0033-harden-the-check-for-trust-namespace-overlap-in-new-.patch
|
|
|
403b09 |
Patch0034: 0034-Revert-Enable-vault-commands-on-client.patch
|
|
|
403b09 |
Patch0035: 0035-client-fix-hiding-of-commands-which-lack-server-supp.patch
|
|
|
403b09 |
Patch0036: 0036-Minor-fix-in-ipa-replica-manage-MAN-page.patch
|
|
|
403b09 |
Patch0037: 0037-compat-fix-ping-call.patch
|
|
|
403b09 |
Patch0038: 0038-replica-install-Fix-domain.patch
|
|
|
403b09 |
Patch0039: 0039-idrange-fix-unassigned-global-variable.patch
|
|
|
403b09 |
Patch0040: 0040-re-set-canonical-principal-name-on-migrated-users.patch
|
|
|
403b09 |
Patch0041: 0041-Do-not-initialize-API-in-ipa-client-automount-uninst.patch
|
|
|
403b09 |
Patch0042: 0042-Correct-path-to-HTTPD-s-systemd-service-directory.patch
|
|
|
403b09 |
Patch0043: 0043-vault-Catch-correct-exception-in-decrypt.patch
|
|
|
403b09 |
Patch0044: 0044-Increase-default-length-of-auto-generated-passwords.patch
|
|
|
403b09 |
Patch0045: 0045-vault-add-missing-salt-option-to-vault_mod.patch
|
|
|
403b09 |
Patch0046: 0046-Fix-ipa-hbactest-output.patch
|
|
|
403b09 |
Patch0047: 0047-install-fix-external-CA-cert-validation.patch
|
|
|
403b09 |
Patch0048: 0048-caacl-fix-regression-in-rule-instantiation.patch
|
|
|
403b09 |
Patch0049: 0049-Update-ipa-replica-install-documentation.patch
|
|
|
403b09 |
Patch0050: 0050-ipa-kdb-Fix-unit-test-after-packaging-changes-in-krb.patch
|
|
|
403b09 |
Patch0051: 0051-Improvements-for-the-ipa-cacert-manage-man-and-help.patch
|
|
|
403b09 |
Patch0052: 0052-Revert-spec-add-conflict-with-bind-chroot-to-freeipa.patch
|
|
|
403b09 |
Patch0053: 0053-Fix-unicode-characters-in-ca-and-domain-adders.patch
|
|
|
403b09 |
Patch0054: 0054-ipa-backup-backup-etc-tmpfiles.d-dirsrv-instance-.co.patch
|
|
|
403b09 |
Patch0055: 0055-client-RPM-require-initscripts-to-get-domainname.ser.patch
|
|
|
403b09 |
Patch0056: 0056-parameters-move-the-confirm-kwarg-to-Param.patch
|
|
|
403b09 |
Patch0057: 0057-client-add-missing-output-params-to-client-side-comm.patch
|
|
|
403b09 |
Patch0058: 0058-server-install-Fix-hostname-option-to-always-overrid.patch
|
|
|
403b09 |
Patch0059: 0059-install-Call-hostnamectl-set-hostname-only-if-hostna.patch
|
|
|
403b09 |
Patch0060: 0060-schema-Speed-up-schema-cache.patch
|
|
|
403b09 |
Patch0061: 0061-frontend-Change-doc-summary-topic-and-NO_CLI-to-clas.patch
|
|
|
403b09 |
Patch0062: 0062-schema-Introduce-schema-cache-format.patch
|
|
|
403b09 |
Patch0063: 0063-schema-Generate-bits-for-help-load-them-on-request.patch
|
|
|
403b09 |
Patch0064: 0064-help-Do-not-create-instances-to-get-information-abou.patch
|
|
|
403b09 |
Patch0065: 0065-Fix-ipa-caalc-add-service-error-message.patch
|
|
|
403b09 |
Patch0066: 0066-Don-t-show-force-ntpd-option-in-replica-install.patch
|
|
|
403b09 |
Patch0067: 0067-DNS-server-upgrade-do-not-fail-when-DNS-server-did-n.patch
|
|
|
403b09 |
Patch0068: 0068-DNS-allow-to-add-forward-zone-to-already-broken-sub-.patch
|
|
|
403b09 |
Patch0069: 0069-cert-speed-up-cert-find.patch
|
|
|
403b09 |
Patch0070: 0070-cert-do-not-crash-on-invalid-data-in-cert-find.patch
|
|
|
403b09 |
Patch0071: 0071-Add-warning-about-only-one-existing-CA-server.patch
|
|
|
403b09 |
Patch0072: 0072-Set-servers-list-as-default-facet-in-topology-facet-.patch
|
|
|
403b09 |
Patch0073: 0073-schema-cache-Do-not-reset-ServerInfo-dirty-flag.patch
|
|
|
403b09 |
Patch0074: 0074-schema-cache-Do-not-read-fingerprint-and-format-from.patch
|
|
|
403b09 |
Patch0075: 0075-Access-data-for-help-separately.patch
|
|
|
403b09 |
Patch0076: 0076-frontent-Add-summary-class-property-to-CommandOverri.patch
|
|
|
403b09 |
Patch0077: 0077-schema-cache-Read-server-info-only-once.patch
|
|
|
403b09 |
Patch0078: 0078-schema-cache-Store-API-schema-cache-in-memory.patch
|
|
|
403b09 |
Patch0079: 0079-client-Do-not-create-instance-just-to-check-isinstan.patch
|
|
|
403b09 |
Patch0080: 0080-schema-cache-Read-schema-instead-of-rewriting-it-whe.patch
|
|
|
403b09 |
Patch0081: 0081-schema-check-Check-current-client-language-against-c.patch
|
|
|
403b09 |
Patch0082: 0082-Fail-on-topology-disconnect-last-role-removal.patch
|
|
|
403b09 |
Patch0083: 0083-server-install-do-not-prompt-for-cert-file-PIN-repea.patch
|
|
|
403b09 |
Patch0084: 0084-service-add-flag-to-allow-S4U2Self.patch
|
|
|
403b09 |
Patch0085: 0085-Add-trusted-to-auth-as-user-checkbox.patch
|
|
|
403b09 |
Patch0086: 0086-Added-new-authentication-method.patch
|
|
|
403b09 |
Patch0087: 0087-schema-cache-Fallback-to-en_us-when-locale-is-not-av.patch
|
|
|
403b09 |
Patch0088: 0088-cert-revoke-fix-permission-check-bypass-CVE-2016-540.patch
|
|
|
403b09 |
Patch0089: 0089-Fix-container-owner-should-be-able-to-add-vault.patch
|
|
|
403b09 |
Patch0090: 0090-ipaserver-dcerpc-reformat-to-make-the-code-closer-to.patch
|
|
|
403b09 |
Patch0091: 0091-trust-automatically-resolve-DNS-trust-conflicts-for-.patch
|
|
|
403b09 |
Patch0092: 0092-trust-make-sure-external-trust-topology-is-correctly.patch
|
|
|
403b09 |
Patch0093: 0093-trust-make-sure-ID-range-is-created-for-the-child-do.patch
|
|
|
403b09 |
Patch0094: 0094-ipa-kdb-simplify-trusted-domain-parent-search.patch
|
|
|
403b09 |
Patch0095: 0095-Remove-Custodia-server-keys-from-LDAP.patch
|
|
|
403b09 |
Patch0096: 0096-Handled-empty-hostname-in-server-del-command.patch
|
|
|
403b09 |
Patch0097: 0097-Secure-permissions-of-Custodia-server.keys.patch
|
|
|
403b09 |
Patch0098: 0098-Require-httpd-2.4.6-31-with-mod_proxy-Unix-socket-su.patch
|
|
|
403b09 |
Patch0099: 0099-Fix-ipa-server-install-in-pure-IPv6-environment.patch
|
|
|
403b09 |
Patch0100: 0100-support-multiple-uid-values-in-schema-compatibility-.patch
|
|
|
403b09 |
Patch0101: 0101-custodia-include-known-CA-certs-in-the-PKCS-12-file-.patch
|
|
|
403b09 |
Patch0102: 0102-otptoken-permission-Convert-custom-type-parameters-o.patch
|
|
|
403b09 |
Patch0103: 0103-Raise-DuplicatedEnrty-error-when-user-exists-in-dele.patch
|
|
|
403b09 |
Patch0104: 0104-cert-add-missing-param-values-to-cert-find-output.patch
|
|
|
403b09 |
Patch0105: 0105-rpcserver-assume-version-1-for-unversioned-command-c.patch
|
|
|
403b09 |
Patch0106: 0106-custodia-force-reconnect-before-retrieving-CA-certs-.patch
|
|
|
403b09 |
Patch0107: 0107-rpcserver-fix-crash-in-XML-RPC-system-commands.patch
|
|
|
403b09 |
Patch0108: 0108-compat-Save-server-s-API-version-in-for-pre-schema-s.patch
|
|
|
403b09 |
Patch0109: 0109-compat-Fix-ping-command-call.patch
|
|
|
403b09 |
Patch0110: 0110-Fix-man-page-ipa-replica-manage-remove-duplicate-c-o.patch
|
|
|
403b09 |
Patch0111: 0111-cert-include-CA-name-in-cert-command-output.patch
|
|
|
403b09 |
Patch0112: 0112-Fix-CA-ACL-Check-on-SubjectAltNames.patch
|
|
|
403b09 |
Patch0113: 0113-do-not-use-trusted-forest-name-to-construct-domain-a.patch
|
|
|
403b09 |
Patch0114: 0114-Always-fetch-forest-info-from-root-DCs-when-establis.patch
|
|
|
403b09 |
Patch0115: 0115-factor-out-populate_remote_domain-method-into-module.patch
|
|
|
403b09 |
Patch0116: 0116-Always-fetch-forest-info-from-root-DCs-when-establis.patch
|
|
|
403b09 |
Patch0117: 0117-cli-use-full-name-when-executing-a-command.patch
|
|
|
403b09 |
Patch0118: 0118-Use-RSA-OAEP-instead-of-RSA-PKCS-1-v1.5.patch
|
|
|
403b09 |
Patch0119: 0119-Fix-ipa-certupdate-for-CA-less-installation.patch
|
|
|
403b09 |
Patch0120: 0120-Track-lightweight-CAs-on-replica-installation.patch
|
|
|
403b09 |
Patch0121: 0121-dns-normalize-record-type-read-interactively-in-dnsr.patch
|
|
|
403b09 |
Patch0122: 0122-dns-prompt-for-missing-record-parts-in-CLI.patch
|
|
|
403b09 |
Patch0123: 0123-dns-fix-crash-in-interactive-mode-against-old-server.patch
|
|
|
403b09 |
Patch0124: 0124-schema-cache-Store-and-check-info-for-pre-schema-ser.patch
|
|
|
403b09 |
Patch0125: 0125-Fix-parse-errors-with-link-local-addresses.patch
|
|
|
403b09 |
Patch0126: 0126-Add-support-for-additional-options-taken-from-table-.patch
|
|
|
403b09 |
Patch0127: 0127-WebUI-Fix-showing-certificates-issued-by-sub-CA.patch
|
|
|
403b09 |
Patch0128: 0128-WebUI-add-support-for-sub-CAs-while-revoking-certifi.patch
|
|
|
403b09 |
Patch0129: 0129-cert-fix-cert-find-certificate-when-the-cert-is-not-.patch
|
|
|
403b09 |
Patch0130: 0130-Make-host-service-cert-revocation-aware-of-lightweig.patch
|
|
|
403b09 |
Patch0131: 0131-Fix-regression-introduced-in-ipa-certupdate.patch
|
|
|
403b09 |
Patch0132: 0132-Start-named-during-configuration-upgrade.patch
|
|
|
403b09 |
Patch0133: 0133-Catch-DNS-exceptions-during-emptyzones-named.conf-up.patch
|
|
|
403b09 |
Patch0134: 0134-trust-fetch-domains-contact-forest-DCs-when-fetching.patch
|
|
|
fef02c |
Patch0135: 0135-ipa-passwd-use-correct-normalizer-for-user-principal.patch
|
|
|
fef02c |
Patch0136: 0136-Keep-NSS-trust-flags-of-existing-certificates.patch
|
|
|
fef02c |
Patch0137: 0137-Properly-handle-LDAP-socket-closures-in-ipa-otpd.patch
|
|
|
fef02c |
Patch0138: 0138-cert-add-revocation-reason-back-to-cert-find-output.patch
|
|
|
fef02c |
Patch0139: 0139-Make-httpd-publish-its-CA-certificate-on-DL1.patch
|
|
|
fef02c |
Patch0140: 0140-Add-cert-checks-in-ipa-server-certinstall.patch
|
|
|
fef02c |
Patch0141: 0141-WebUI-services-without-canonical-name-are-shown-corr.patch
|
|
|
fef02c |
Patch0142: 0142-Fix-missing-file-that-fails-DL1-replica-installation.patch
|
|
|
fef02c |
Patch0143: 0143-trustdomain-del-fix-the-way-how-subdomain-is-searche.patch
|
|
|
fef02c |
Patch0144: 0144-spec-file-bump-minimal-required-version-of-389-ds-ba.patch
|
|
|
53a374 |
Patch0145: 0145-certprofile-mod-correctly-authorise-config-update.patch
|
|
|
53a374 |
Patch0146: 0146-password-policy-Add-explicit-default-password-policy.patch
|
|
|
53a374 |
Patch0147: 0147-ipa-kdb-search-for-password-policies-globally.patch
|
|
|
99b6f7 |
|
|
|
99b6f7 |
Patch1001: 1001-Hide-pkinit-functionality-from-production-version.patch
|
|
|
99b6f7 |
Patch1002: 1002-Remove-pkinit-plugin.patch
|
|
|
99b6f7 |
Patch1003: 1003-Remove-pkinit-references-from-tool-man-pages.patch
|
|
|
99b6f7 |
Patch1004: 1004-Change-branding-to-IPA-and-Identity-Management.patch
|
|
|
99b6f7 |
Patch1005: 1005-Remove-pylint-from-build-process.patch
|
|
|
99b6f7 |
Patch1006: 1006-Remove-i18test-from-build-process.patch
|
|
|
e3ffab |
Patch1007: 1007-Do-not-build-tests.patch
|
|
|
e3ffab |
Patch1008: 1008-RCUE.patch
|
|
|
403b09 |
Patch1009: 1009-Revert-Increased-mod_wsgi-socket-timeout.patch
|
|
|
403b09 |
Patch1010: 1010-WebUI-add-API-browser-is-tech-preview-warning.patch
|
|
|
e3ffab |
# RHEL spec file only: END
|
|
|
99b6f7 |
|
|
|
99b6f7 |
%if ! %{ONLY_CLIENT}
|
|
|
403b09 |
BuildRequires: 389-ds-base-devel >= 1.3.5.6
|
|
|
99b6f7 |
BuildRequires: svrcore-devel
|
|
|
e3ffab |
BuildRequires: policycoreutils >= 2.1.14-37
|
|
|
99b6f7 |
BuildRequires: systemd-units
|
|
|
e3ffab |
BuildRequires: samba-devel >= %{samba_version}
|
|
|
99b6f7 |
BuildRequires: samba-python
|
|
|
99b6f7 |
BuildRequires: libtalloc-devel
|
|
|
99b6f7 |
BuildRequires: libtevent-devel
|
|
|
99b6f7 |
%endif # ONLY_CLIENT
|
|
|
99b6f7 |
BuildRequires: nspr-devel
|
|
|
99b6f7 |
BuildRequires: nss-devel
|
|
|
99b6f7 |
BuildRequires: openssl-devel
|
|
|
99b6f7 |
BuildRequires: openldap-devel
|
|
|
590d18 |
BuildRequires: krb5-devel >= 1.13
|
|
|
99b6f7 |
BuildRequires: krb5-workstation
|
|
|
99b6f7 |
BuildRequires: libuuid-devel
|
|
|
99b6f7 |
BuildRequires: libcurl-devel >= 7.21.7-2
|
|
|
99b6f7 |
BuildRequires: xmlrpc-c-devel >= 1.27.4
|
|
|
99b6f7 |
BuildRequires: popt-devel
|
|
|
99b6f7 |
BuildRequires: autoconf
|
|
|
99b6f7 |
BuildRequires: automake
|
|
|
99b6f7 |
BuildRequires: m4
|
|
|
99b6f7 |
BuildRequires: libtool
|
|
|
99b6f7 |
BuildRequires: gettext
|
|
|
99b6f7 |
BuildRequires: python-devel
|
|
|
99b6f7 |
BuildRequires: python-ldap
|
|
|
99b6f7 |
BuildRequires: python-setuptools
|
|
|
99b6f7 |
BuildRequires: python-nss
|
|
|
403b09 |
BuildRequires: python-cryptography >= 0.9
|
|
|
99b6f7 |
BuildRequires: python-netaddr
|
|
|
403b09 |
BuildRequires: python-gssapi >= 1.1.2
|
|
|
99b6f7 |
BuildRequires: python-rhsm
|
|
|
99b6f7 |
BuildRequires: pyOpenSSL
|
|
|
e3ffab |
# RHEL spec file only: DELETED: Remove pylint from build process
|
|
|
e3ffab |
# RHEL spec file only: DELETED: Remove i18test from build process
|
|
|
590d18 |
BuildRequires: python-libipa_hbac
|
|
|
99b6f7 |
BuildRequires: python-memcached
|
|
|
99b6f7 |
BuildRequires: python-lxml
|
|
|
99b6f7 |
BuildRequires: python-pyasn1 >= 0.0.9a
|
|
|
e3ffab |
BuildRequires: python-qrcode-core >= 5.0.0
|
|
|
e3ffab |
BuildRequires: python-dns >= 1.11.1-2
|
|
|
99b6f7 |
BuildRequires: libsss_idmap-devel
|
|
|
403b09 |
BuildRequires: libsss_nss_idmap-devel >= 1.14.0
|
|
|
e3ffab |
BuildRequires: java-headless
|
|
|
031d60 |
BuildRequires: rhino
|
|
|
99b6f7 |
BuildRequires: libverto-devel
|
|
|
99b6f7 |
BuildRequires: systemd
|
|
|
99b6f7 |
BuildRequires: libunistring-devel
|
|
|
e3ffab |
# RHEL spec file only: START
|
|
|
99b6f7 |
BuildRequires: diffstat
|
|
|
e3ffab |
# RHEL spec file only: END
|
|
|
e3ffab |
BuildRequires: python-lesscpy
|
|
|
590d18 |
BuildRequires: python-yubico >= 1.2.3
|
|
|
590d18 |
BuildRequires: openssl-devel
|
|
|
403b09 |
BuildRequires: pki-base >= 10.3.3-7
|
|
|
590d18 |
# RHEL spec file only: DELETED: Do not build tests
|
|
|
590d18 |
BuildRequires: python-kdcproxy >= 0.3
|
|
|
403b09 |
BuildRequires: python-six
|
|
|
403b09 |
BuildRequires: python-jwcrypto
|
|
|
403b09 |
BuildRequires: custodia
|
|
|
403b09 |
BuildRequires: libini_config-devel >= 1.2.0
|
|
|
403b09 |
BuildRequires: dbus-python
|
|
|
403b09 |
BuildRequires: python-netifaces >= 0.10.4
|
|
|
403b09 |
|
|
|
403b09 |
# Build dependencies for unit tests
|
|
|
403b09 |
BuildRequires: libcmocka-devel
|
|
|
403b09 |
BuildRequires: nss_wrapper
|
|
|
403b09 |
# Required by ipa_kdb_tests
|
|
|
403b09 |
BuildRequires: %{_libdir}/krb5/plugins/kdb/db2.so
|
|
|
403b09 |
|
|
|
403b09 |
%if 0%{?with_python3}
|
|
|
403b09 |
BuildRequires: python3-devel
|
|
|
403b09 |
%endif # with_python3
|
|
|
99b6f7 |
|
|
|
99b6f7 |
%description
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
|
|
|
99b6f7 |
|
|
|
99b6f7 |
%if ! %{ONLY_CLIENT}
|
|
|
403b09 |
|
|
|
99b6f7 |
%package server
|
|
|
99b6f7 |
Summary: The IPA authentication server
|
|
|
99b6f7 |
Group: System Environment/Base
|
|
|
403b09 |
Requires: %{name}-server-common = %{version}-%{release}
|
|
|
99b6f7 |
Requires: %{name}-client = %{version}-%{release}
|
|
|
99b6f7 |
Requires: %{name}-admintools = %{version}-%{release}
|
|
|
403b09 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
403b09 |
Requires: python2-ipaserver = %{version}-%{release}
|
|
|
fef02c |
Requires: 389-ds-base >= 1.3.5.10-12
|
|
|
99b6f7 |
Requires: openldap-clients > 2.4.35-4
|
|
|
99b6f7 |
Requires: nss >= 3.14.3-12.0
|
|
|
99b6f7 |
Requires: nss-tools >= 3.14.3-12.0
|
|
|
590d18 |
Requires(post): krb5-server >= %{krb5_base_version}, krb5-server < %{krb5_base_version}.100
|
|
|
99b6f7 |
Requires: krb5-pkinit-openssl
|
|
|
99b6f7 |
Requires: cyrus-sasl-gssapi%{?_isa}
|
|
|
99b6f7 |
Requires: ntp
|
|
|
403b09 |
Requires: httpd >= 2.4.6-31
|
|
|
99b6f7 |
Requires: mod_wsgi
|
|
|
403b09 |
Requires: mod_auth_gssapi >= 1.4.0
|
|
|
9991ea |
Requires: mod_nss >= 1.0.8-26
|
|
|
e3ffab |
Requires: python-ldap >= 2.4.15
|
|
|
403b09 |
Requires: python-gssapi >= 1.1.2
|
|
|
99b6f7 |
Requires: acl
|
|
|
99b6f7 |
Requires: memcached
|
|
|
99b6f7 |
Requires: python-memcached
|
|
|
99b6f7 |
Requires: systemd-units >= 38
|
|
|
590d18 |
Requires(pre): shadow-utils
|
|
|
99b6f7 |
Requires(pre): systemd-units
|
|
|
99b6f7 |
Requires(post): systemd-units
|
|
|
e3ffab |
Requires: selinux-policy >= %{selinux_policy_version}
|
|
|
590d18 |
Requires(post): selinux-policy-base >= %{selinux_policy_version}
|
|
|
403b09 |
Requires: slapi-nis >= %{slapi_nis_version}
|
|
|
403b09 |
Requires: pki-ca >= 10.3.3-7
|
|
|
403b09 |
Requires: pki-kra >= 10.3.3-7
|
|
|
99b6f7 |
Requires(preun): python systemd-units
|
|
|
99b6f7 |
Requires(postun): python systemd-units
|
|
|
99b6f7 |
Requires: zip
|
|
|
e3ffab |
Requires: policycoreutils >= 2.1.14-37
|
|
|
99b6f7 |
Requires: tar
|
|
|
590d18 |
Requires(pre): certmonger >= 0.78
|
|
|
fef02c |
Requires(pre): 389-ds-base >= 1.3.5.10-12
|
|
|
e3ffab |
Requires: fontawesome-fonts
|
|
|
e3ffab |
Requires: open-sans-fonts
|
|
|
e0ab38 |
Requires: openssl >= 1:1.0.1e-42
|
|
|
590d18 |
Requires: softhsm >= 2.0.0rc1-1
|
|
|
590d18 |
Requires: p11-kit
|
|
|
590d18 |
Requires: systemd-python
|
|
|
590d18 |
Requires: %{etc_systemd_dir}
|
|
|
590d18 |
Requires: gzip
|
|
|
403b09 |
Requires: oddjob
|
|
|
e3ffab |
|
|
|
403b09 |
Provides: %{alt_name}-server = %{version}
|
|
|
e3ffab |
Conflicts: %{alt_name}-server
|
|
|
e3ffab |
Obsoletes: %{alt_name}-server < %{version}
|
|
|
e3ffab |
|
|
|
e3ffab |
# RHEL spec file only: DELETED
|
|
|
99b6f7 |
|
|
|
590d18 |
# upgrade path from monolithic -server to -server + -server-dns
|
|
|
590d18 |
Obsoletes: %{name}-server <= 4.2.0-2
|
|
|
99b6f7 |
|
|
|
99b6f7 |
# Versions of nss-pam-ldapd < 0.8.4 require a mapping from uniqueMember to
|
|
|
99b6f7 |
# member.
|
|
|
99b6f7 |
Conflicts: nss-pam-ldapd < 0.8.4
|
|
|
99b6f7 |
|
|
|
e3ffab |
# RHEL spec file only: START: Do not build tests
|
|
|
9991ea |
# ipa-tests subpackage was moved to separate srpm
|
|
|
9991ea |
Conflicts: ipa-tests < 3.3.3-9
|
|
|
e3ffab |
# RHEL spec file only: END: Do not build tests
|
|
|
9991ea |
|
|
|
403b09 |
# RHEL spec file only: START
|
|
|
403b09 |
# https://bugzilla.redhat.com/show_bug.cgi?id=1296140
|
|
|
403b09 |
Obsoletes: redhat-access-plugin-ipa
|
|
|
403b09 |
Conflicts: redhat-access-plugin-ipa
|
|
|
403b09 |
# RHEL spec file only: END
|
|
|
403b09 |
|
|
|
99b6f7 |
%description server
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
If you are installing an IPA server, you need to install this package.
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%package -n python2-ipaserver
|
|
|
403b09 |
Summary: Python libraries used by IPA server
|
|
|
403b09 |
Group: System Environment/Libraries
|
|
|
403b09 |
BuildArch: noarch
|
|
|
403b09 |
Provides: python-ipaserver = %{version}-%{release}
|
|
|
403b09 |
Requires: %{name}-server-common = %{version}-%{release}
|
|
|
403b09 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
403b09 |
Requires: python2-ipaclient = %{version}-%{release}
|
|
|
403b09 |
Requires: python-ldap >= 2.4.15
|
|
|
403b09 |
Requires: python-gssapi >= 1.1.2
|
|
|
403b09 |
Requires: python-sssdconfig
|
|
|
403b09 |
Requires: python-pyasn1
|
|
|
403b09 |
Requires: dbus-python
|
|
|
403b09 |
Requires: python-dns >= 1.11.1-2
|
|
|
403b09 |
Requires: python-kdcproxy >= 0.3
|
|
|
403b09 |
Requires: rpm-libs
|
|
|
403b09 |
|
|
|
403b09 |
%description -n python2-ipaserver
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
If you are installing an IPA server, you need to install this package.
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%package server-common
|
|
|
403b09 |
Summary: Common files used by IPA server
|
|
|
403b09 |
Group: System Environment/Base
|
|
|
403b09 |
BuildArch: noarch
|
|
|
403b09 |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
403b09 |
Requires: httpd >= 2.4.6-31
|
|
|
403b09 |
Requires: systemd-units >= 38
|
|
|
403b09 |
Requires: custodia
|
|
|
403b09 |
|
|
|
403b09 |
Provides: %{alt_name}-server-common = %{version}
|
|
|
403b09 |
Conflicts: %{alt_name}-server-common
|
|
|
403b09 |
Obsoletes: %{alt_name}-server-common < %{version}
|
|
|
403b09 |
|
|
|
403b09 |
%description server-common
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
If you are installing an IPA server, you need to install this package.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
|
|
|
590d18 |
%package server-dns
|
|
|
590d18 |
Summary: IPA integrated DNS server with support for automatic DNSSEC signing
|
|
|
590d18 |
Group: System Environment/Base
|
|
|
403b09 |
BuildArch: noarch
|
|
|
590d18 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
403b09 |
Requires: bind-dyndb-ldap >= 10.0
|
|
|
590d18 |
%if 0%{?fedora} >= 21
|
|
|
590d18 |
Requires: bind >= 9.9.6-3
|
|
|
590d18 |
Requires: bind-utils >= 9.9.6-3
|
|
|
590d18 |
Requires: bind-pkcs11 >= 9.9.6-3
|
|
|
590d18 |
Requires: bind-pkcs11-utils >= 9.9.6-3
|
|
|
590d18 |
%else
|
|
|
590d18 |
Requires: bind >= 9.9.4-21
|
|
|
590d18 |
Requires: bind-utils >= 9.9.4-21
|
|
|
590d18 |
Requires: bind-pkcs11 >= 9.9.4-21
|
|
|
590d18 |
Requires: bind-pkcs11-utils >= 9.9.4-21
|
|
|
590d18 |
%endif
|
|
|
590d18 |
Requires: opendnssec >= 1.4.6-4
|
|
|
590d18 |
|
|
|
403b09 |
Provides: %{alt_name}-server-dns = %{version}
|
|
|
590d18 |
Conflicts: %{alt_name}-server-dns
|
|
|
590d18 |
Obsoletes: %{alt_name}-server-dns < %{version}
|
|
|
590d18 |
|
|
|
590d18 |
# upgrade path from monolithic -server to -server + -server-dns
|
|
|
590d18 |
Obsoletes: %{name}-server <= 4.2.0-2
|
|
|
590d18 |
|
|
|
590d18 |
%description server-dns
|
|
|
590d18 |
IPA integrated DNS server with support for automatic DNSSEC signing.
|
|
|
590d18 |
Integrated DNS server is BIND 9. OpenDNSSEC provides key management.
|
|
|
590d18 |
|
|
|
590d18 |
|
|
|
99b6f7 |
%package server-trust-ad
|
|
|
99b6f7 |
Summary: Virtual package to install packages required for Active Directory trusts
|
|
|
99b6f7 |
Group: System Environment/Base
|
|
|
403b09 |
Requires: %{name}-server = %{version}-%{release}
|
|
|
403b09 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
99b6f7 |
Requires: samba-python
|
|
|
e3ffab |
Requires: samba >= %{samba_version}
|
|
|
99b6f7 |
Requires: samba-winbind
|
|
|
99b6f7 |
Requires: libsss_idmap
|
|
|
590d18 |
Requires: python-libsss_nss_idmap
|
|
|
590d18 |
Requires: python-sss
|
|
|
99b6f7 |
# We use alternatives to divert winbind_krb5_locator.so plugin to libkrb5
|
|
|
99b6f7 |
# on the installes where server-trust-ad subpackage is installed because
|
|
|
99b6f7 |
# IPA AD trusts cannot be used at the same time with the locator plugin
|
|
|
99b6f7 |
# since Winbindd will be configured in a different mode
|
|
|
99b6f7 |
Requires(post): %{_sbindir}/update-alternatives
|
|
|
99b6f7 |
Requires(post): python
|
|
|
99b6f7 |
Requires(postun): %{_sbindir}/update-alternatives
|
|
|
99b6f7 |
Requires(preun): %{_sbindir}/update-alternatives
|
|
|
99b6f7 |
|
|
|
403b09 |
Provides: %{alt_name}-server-trust-ad = %{version}
|
|
|
e3ffab |
Conflicts: %{alt_name}-server-trust-ad
|
|
|
e3ffab |
Obsoletes: %{alt_name}-server-trust-ad < %{version}
|
|
|
e3ffab |
|
|
|
99b6f7 |
%description server-trust-ad
|
|
|
99b6f7 |
Cross-realm trusts with Active Directory in IPA require working Samba 4
|
|
|
99b6f7 |
installation. This package is provided for convenience to install all required
|
|
|
99b6f7 |
dependencies at once.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
%endif # ONLY_CLIENT
|
|
|
99b6f7 |
|
|
|
99b6f7 |
|
|
|
99b6f7 |
%package client
|
|
|
99b6f7 |
Summary: IPA authentication for use on clients
|
|
|
99b6f7 |
Group: System Environment/Base
|
|
|
403b09 |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
403b09 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
403b09 |
Requires: python2-ipaclient = %{version}-%{release}
|
|
|
99b6f7 |
Requires: python-ldap
|
|
|
99b6f7 |
Requires: cyrus-sasl-gssapi%{?_isa}
|
|
|
99b6f7 |
Requires: ntp
|
|
|
99b6f7 |
Requires: krb5-workstation
|
|
|
99b6f7 |
Requires: authconfig
|
|
|
99b6f7 |
Requires: pam_krb5
|
|
|
403b09 |
Requires: curl
|
|
|
403b09 |
# NIS domain name config: /usr/lib/systemd/system/*-domainname.service
|
|
|
403b09 |
Requires: initscripts
|
|
|
99b6f7 |
Requires: libcurl >= 7.21.7-2
|
|
|
99b6f7 |
Requires: xmlrpc-c >= 1.27.4
|
|
|
403b09 |
Requires: sssd >= 1.14.0
|
|
|
590d18 |
Requires: python-sssdconfig
|
|
|
590d18 |
Requires: certmonger >= 0.78
|
|
|
99b6f7 |
Requires: nss-tools
|
|
|
99b6f7 |
Requires: bind-utils
|
|
|
99b6f7 |
Requires: oddjob-mkhomedir
|
|
|
403b09 |
Requires: python-gssapi >= 1.1.2
|
|
|
99b6f7 |
Requires: libsss_autofs
|
|
|
99b6f7 |
Requires: autofs
|
|
|
99b6f7 |
Requires: libnfsidmap
|
|
|
99b6f7 |
Requires: nfs-utils
|
|
|
99b6f7 |
Requires(post): policycoreutils
|
|
|
99b6f7 |
|
|
|
403b09 |
Provides: %{alt_name}-client = %{version}
|
|
|
e3ffab |
Conflicts: %{alt_name}-client
|
|
|
e3ffab |
Obsoletes: %{alt_name}-client < %{version}
|
|
|
e3ffab |
|
|
|
99b6f7 |
%description client
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
If your network uses IPA for authentication, this package should be
|
|
|
403b09 |
installed on every client machine.
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%package -n python2-ipaclient
|
|
|
403b09 |
Summary: Python libraries used by IPA client
|
|
|
403b09 |
Group: System Environment/Libraries
|
|
|
403b09 |
BuildArch: noarch
|
|
|
403b09 |
Provides: python-ipaclient = %{version}-%{release}
|
|
|
403b09 |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
403b09 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
403b09 |
Requires: python2-ipalib = %{version}-%{release}
|
|
|
403b09 |
Requires: python-dns >= 1.11.1-2
|
|
|
403b09 |
|
|
|
403b09 |
%description -n python2-ipaclient
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
If your network uses IPA for authentication, this package should be
|
|
|
403b09 |
installed on every client machine.
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%if 0%{?with_python3}
|
|
|
403b09 |
|
|
|
403b09 |
%package -n python3-ipaclient
|
|
|
403b09 |
Summary: Python libraries used by IPA client
|
|
|
403b09 |
Group: System Environment/Libraries
|
|
|
403b09 |
BuildArch: noarch
|
|
|
403b09 |
Requires: %{name}-client-common = %{version}-%{release}
|
|
|
403b09 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
403b09 |
Requires: python3-ipalib = %{version}-%{release}
|
|
|
403b09 |
Requires: python3-dns >= 1.11.1
|
|
|
403b09 |
|
|
|
403b09 |
%description -n python3-ipaclient
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
If your network uses IPA for authentication, this package should be
|
|
|
403b09 |
installed on every client machine.
|
|
|
403b09 |
|
|
|
403b09 |
%endif # with_python3
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%package client-common
|
|
|
403b09 |
Summary: Common files used by IPA client
|
|
|
403b09 |
Group: System Environment/Base
|
|
|
403b09 |
BuildArch: noarch
|
|
|
403b09 |
|
|
|
403b09 |
Provides: %{alt_name}-client-common = %{version}
|
|
|
403b09 |
Conflicts: %{alt_name}-client-common
|
|
|
403b09 |
Obsoletes: %{alt_name}-client-common < %{version}
|
|
|
403b09 |
|
|
|
403b09 |
%description client-common
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
If your network uses IPA for authentication, this package should be
|
|
|
403b09 |
installed on every client machine.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
|
|
|
99b6f7 |
%package admintools
|
|
|
99b6f7 |
Summary: IPA administrative tools
|
|
|
99b6f7 |
Group: System Environment/Base
|
|
|
403b09 |
BuildArch: noarch
|
|
|
403b09 |
Requires: python2-ipaclient = %{version}-%{release}
|
|
|
99b6f7 |
Requires: python-ldap
|
|
|
99b6f7 |
|
|
|
403b09 |
Provides: %{alt_name}-admintools = %{version}
|
|
|
e3ffab |
Conflicts: %{alt_name}-admintools
|
|
|
e3ffab |
Obsoletes: %{alt_name}-admintools < %{version}
|
|
|
e3ffab |
|
|
|
99b6f7 |
%description admintools
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
This package provides command-line tools for IPA administrators.
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
403b09 |
%package python-compat
|
|
|
403b09 |
Summary: Compatiblity package for Python libraries used by IPA
|
|
|
403b09 |
Group: System Environment/Libraries
|
|
|
403b09 |
BuildArch: noarch
|
|
|
403b09 |
Obsoletes: %{name}-python < 4.2.91
|
|
|
403b09 |
Provides: %{name}-python = %{version}-%{release}
|
|
|
403b09 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
403b09 |
Requires: python2-ipalib = %{version}-%{release}
|
|
|
403b09 |
|
|
|
403b09 |
Provides: %{alt_name}-python-compat = %{version}
|
|
|
403b09 |
Conflicts: %{alt_name}-python-compat
|
|
|
403b09 |
Obsoletes: %{alt_name}-python-compat < %{version}
|
|
|
403b09 |
|
|
|
403b09 |
Obsoletes: %{alt_name}-python < 4.2.91
|
|
|
403b09 |
Provides: %{alt_name}-python = %{version}
|
|
|
403b09 |
|
|
|
403b09 |
%description python-compat
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
This is a compatibility package to accommodate %{name}-python split into
|
|
|
403b09 |
python2-ipalib and %{name}-common. Packages still depending on
|
|
|
403b09 |
%{name}-python should be fixed to depend on python2-ipaclient or
|
|
|
403b09 |
%{name}-common instead.
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%package -n python2-ipalib
|
|
|
99b6f7 |
Summary: Python libraries used by IPA
|
|
|
99b6f7 |
Group: System Environment/Libraries
|
|
|
403b09 |
BuildArch: noarch
|
|
|
403b09 |
Conflicts: %{name}-python < 4.2.91
|
|
|
403b09 |
Provides: python-ipalib = %{version}-%{release}
|
|
|
403b09 |
Provides: python2-ipapython = %{version}-%{release}
|
|
|
403b09 |
Provides: python-ipapython = %{version}-%{release}
|
|
|
403b09 |
Provides: python2-ipaplatform = %{version}-%{release}
|
|
|
403b09 |
Provides: python-ipaplatform = %{version}-%{release}
|
|
|
403b09 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
403b09 |
Requires: python-gssapi >= 1.1.2
|
|
|
99b6f7 |
Requires: gnupg
|
|
|
99b6f7 |
Requires: keyutils
|
|
|
99b6f7 |
Requires: pyOpenSSL
|
|
|
e3ffab |
Requires: python-nss >= 0.16
|
|
|
403b09 |
Requires: python-cryptography >= 0.9
|
|
|
99b6f7 |
Requires: python-lxml
|
|
|
99b6f7 |
Requires: python-netaddr
|
|
|
590d18 |
Requires: python-libipa_hbac
|
|
|
e3ffab |
Requires: python-qrcode-core >= 5.0.0
|
|
|
e3ffab |
Requires: python-pyasn1
|
|
|
e3ffab |
Requires: python-dateutil
|
|
|
590d18 |
Requires: python-yubico >= 1.2.3
|
|
|
590d18 |
Requires: python-sss-murmur
|
|
|
590d18 |
Requires: dbus-python
|
|
|
590d18 |
Requires: python-setuptools
|
|
|
403b09 |
Requires: python-six
|
|
|
403b09 |
Requires: python-jwcrypto
|
|
|
403b09 |
Requires: python-cffi
|
|
|
403b09 |
Requires: python-ldap >= 2.4.15
|
|
|
403b09 |
Requires: python-requests
|
|
|
403b09 |
Requires: python-custodia
|
|
|
403b09 |
Requires: python-dns >= 1.11.1-2
|
|
|
403b09 |
Requires: python-netifaces >= 0.10.4
|
|
|
403b09 |
Requires: pyusb
|
|
|
403b09 |
|
|
|
403b09 |
Conflicts: %{alt_name}-python < %{version}
|
|
|
403b09 |
|
|
|
403b09 |
%description -n python2-ipalib
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
If you are using IPA, you need to install this package.
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%if 0%{?with_python3}
|
|
|
403b09 |
|
|
|
403b09 |
%package -n python3-ipalib
|
|
|
403b09 |
Summary: Python3 libraries used by IPA
|
|
|
403b09 |
Group: System Environment/Libraries
|
|
|
403b09 |
BuildArch: noarch
|
|
|
403b09 |
Provides: python3-ipapython = %{version}-%{release}
|
|
|
403b09 |
Provides: python3-ipaplatform = %{version}-%{release}
|
|
|
403b09 |
Requires: %{name}-common = %{version}-%{release}
|
|
|
403b09 |
Requires: python3-gssapi >= 1.1.2
|
|
|
403b09 |
Requires: gnupg
|
|
|
403b09 |
Requires: keyutils
|
|
|
403b09 |
Requires: python3-pyOpenSSL
|
|
|
403b09 |
Requires: python3-nss >= 0.16
|
|
|
403b09 |
Requires: python3-cryptography
|
|
|
403b09 |
Requires: python3-lxml
|
|
|
403b09 |
Requires: python3-netaddr
|
|
|
403b09 |
Requires: python3-libipa_hbac
|
|
|
403b09 |
Requires: python3-qrcode-core >= 5.0.0
|
|
|
403b09 |
Requires: python3-pyasn1
|
|
|
403b09 |
Requires: python3-dateutil
|
|
|
403b09 |
Requires: python3-yubico >= 1.2.3
|
|
|
403b09 |
Requires: python3-sss-murmur
|
|
|
403b09 |
Requires: python3-dbus
|
|
|
403b09 |
Requires: python3-setuptools
|
|
|
403b09 |
Requires: python3-six
|
|
|
403b09 |
Requires: python3-jwcrypto
|
|
|
403b09 |
Requires: python3-cffi
|
|
|
403b09 |
Requires: python3-pyldap >= 2.4.15
|
|
|
403b09 |
Requires: python3-custodia
|
|
|
403b09 |
Requires: python3-requests
|
|
|
403b09 |
Requires: python3-dns >= 1.11.1
|
|
|
403b09 |
Requires: python3-netifaces >= 0.10.4
|
|
|
403b09 |
Requires: python3-pyusb
|
|
|
403b09 |
|
|
|
403b09 |
%description -n python3-ipalib
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
If you are using IPA with Python 3, you need to install this package.
|
|
|
403b09 |
|
|
|
403b09 |
%endif # with_python3
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%package common
|
|
|
403b09 |
Summary: Common files used by IPA
|
|
|
403b09 |
Group: System Environment/Libraries
|
|
|
403b09 |
BuildArch: noarch
|
|
|
403b09 |
Conflicts: %{name}-python < 4.2.91
|
|
|
403b09 |
|
|
|
403b09 |
Provides: %{alt_name}-common = %{version}
|
|
|
403b09 |
Conflicts: %{alt_name}-common
|
|
|
403b09 |
Obsoletes: %{alt_name}-common < %{version}
|
|
|
403b09 |
|
|
|
403b09 |
Conflicts: %{alt_name}-python < %{version}
|
|
|
e3ffab |
|
|
|
403b09 |
%description common
|
|
|
403b09 |
IPA is an integrated solution to provide centrally managed Identity (users,
|
|
|
403b09 |
hosts, services), Authentication (SSO, 2FA), and Authorization
|
|
|
403b09 |
(host access control, SELinux user roles, services). The solution provides
|
|
|
403b09 |
features for further integration with Linux based clients (SUDO, automount)
|
|
|
403b09 |
and integration with Active Directory based infrastructures (Trusts).
|
|
|
403b09 |
If you are using IPA, you need to install this package.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
|
|
|
e3ffab |
# RHEL spec file only: DELETED: Do not build tests
|
|
|
e3ffab |
|
|
|
e3ffab |
|
|
|
99b6f7 |
%prep
|
|
|
99b6f7 |
# RHEL spec file only: START
|
|
|
99b6f7 |
# Update timestamps on the files touched by a patch, to avoid non-equal
|
|
|
99b6f7 |
# .pyc/.pyo files across the multilib peers within a build, where "Level"
|
|
|
99b6f7 |
# is the patch prefix option (e.g. -p1)
|
|
|
99b6f7 |
# Taken from specfile for sssd and python-simplejson
|
|
|
99b6f7 |
UpdateTimestamps() {
|
|
|
99b6f7 |
Level=$1
|
|
|
99b6f7 |
PatchFile=$2
|
|
|
99b6f7 |
|
|
|
99b6f7 |
# Locate the affected files:
|
|
|
99b6f7 |
for f in $(diffstat $Level -l $PatchFile); do
|
|
|
99b6f7 |
# Set the files to have the same timestamp as that of the patch:
|
|
|
99b6f7 |
touch -r $PatchFile $f
|
|
|
99b6f7 |
done
|
|
|
99b6f7 |
}
|
|
|
99b6f7 |
|
|
|
99b6f7 |
%setup -n freeipa-%{VERSION} -q
|
|
|
99b6f7 |
|
|
|
99b6f7 |
for p in %patches ; do
|
|
|
99b6f7 |
%__patch -p1 -i $p
|
|
|
99b6f7 |
UpdateTimestamps -p1 $p
|
|
|
99b6f7 |
done
|
|
|
e3ffab |
|
|
|
e3ffab |
# Red Hat's Identity Management branding
|
|
|
53a374 |
cp %SOURCE1 install/ui/images/header-logo.png
|
|
|
53a374 |
cp %SOURCE2 install/ui/images/login-screen-background.jpg
|
|
|
53a374 |
cp %SOURCE3 install/ui/images/login-screen-logo.png
|
|
|
53a374 |
cp %SOURCE4 install/ui/images/product-name.png
|
|
|
99b6f7 |
# RHEL spec file only: END
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%build
|
|
|
e3ffab |
# UI compilation segfaulted on some arches when the stack was lower (#1040576)
|
|
|
e3ffab |
export JAVA_STACK_SIZE="8m"
|
|
|
e3ffab |
|
|
|
9991ea |
export CFLAGS="%{optflags} $CFLAGS"
|
|
|
9991ea |
export LDFLAGS="%{__global_ldflags} $LDFLAGS"
|
|
|
e3ffab |
export SUPPORTED_PLATFORM=%{platform_module}
|
|
|
e3ffab |
|
|
|
99b6f7 |
# Force re-generate of platform support
|
|
|
e3ffab |
export IPA_VENDOR_VERSION_SUFFIX=-%{release}
|
|
|
e3ffab |
rm -f ipapython/version.py
|
|
|
e3ffab |
rm -f ipaplatform/services.py
|
|
|
e3ffab |
rm -f ipaplatform/tasks.py
|
|
|
e3ffab |
rm -f ipaplatform/paths.py
|
|
|
590d18 |
rm -f ipaplatform/constants.py
|
|
|
99b6f7 |
make version-update
|
|
|
403b09 |
cd client; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd ..
|
|
|
99b6f7 |
%if ! %{ONLY_CLIENT}
|
|
|
0201d8 |
# RHEL SPEC file only: START: Force re-generation of the makefiles
|
|
|
0201d8 |
find daemons -name Makefile.in |egrep -v '(libotp|lockout|otp-counter|lasttoken)'|xargs rm -f
|
|
|
0201d8 |
# RHEL SPEC file only: END: Force re-generation of the makefiles
|
|
|
99b6f7 |
cd daemons; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir} --with-openldap; cd ..
|
|
|
99b6f7 |
cd install; ../autogen.sh --prefix=%{_usr} --sysconfdir=%{_sysconfdir} --localstatedir=%{_localstatedir} --libdir=%{_libdir} --mandir=%{_mandir}; cd ..
|
|
|
99b6f7 |
%endif # ONLY_CLIENT
|
|
|
99b6f7 |
|
|
|
99b6f7 |
%if ! %{ONLY_CLIENT}
|
|
|
99b6f7 |
make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} all
|
|
|
99b6f7 |
%else
|
|
|
99b6f7 |
make IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} client
|
|
|
99b6f7 |
%endif # ONLY_CLIENT
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
403b09 |
%check
|
|
|
403b09 |
%if ! %{ONLY_CLIENT}
|
|
|
403b09 |
make %{?_smp_mflags} check VERBOSE=yes
|
|
|
403b09 |
%else
|
|
|
403b09 |
make %{?_smp_mflags} client-check VERBOSE=yes
|
|
|
403b09 |
%endif # ONLY_CLIENT
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%install
|
|
|
99b6f7 |
rm -rf %{buildroot}
|
|
|
e3ffab |
export SUPPORTED_PLATFORM=%{platform_module}
|
|
|
99b6f7 |
# Force re-generate of platform support
|
|
|
e3ffab |
export IPA_VENDOR_VERSION_SUFFIX=-%{release}
|
|
|
e3ffab |
rm -f ipapython/version.py
|
|
|
e3ffab |
rm -f ipaplatform/services.py
|
|
|
e3ffab |
rm -f ipaplatform/tasks.py
|
|
|
e3ffab |
rm -f ipaplatform/paths.py
|
|
|
590d18 |
rm -f ipaplatform/constants.py
|
|
|
e3ffab |
make version-update
|
|
|
99b6f7 |
%if ! %{ONLY_CLIENT}
|
|
|
99b6f7 |
make install DESTDIR=%{buildroot}
|
|
|
403b09 |
|
|
|
403b09 |
# RHEL spec file only: DELETED: Do not build tests
|
|
|
403b09 |
|
|
|
99b6f7 |
%else
|
|
|
99b6f7 |
make client-install DESTDIR=%{buildroot}
|
|
|
99b6f7 |
%endif # ONLY_CLIENT
|
|
|
99b6f7 |
|
|
|
403b09 |
%if 0%{?with_python3}
|
|
|
403b09 |
(cd ipalib && make PYTHON=%{__python3} IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} DESTDIR=%{buildroot} install)
|
|
|
403b09 |
(cd ipapython && make PYTHON=%{__python3} IPA_VERSION_IS_GIT_SNAPSHOT=no %{?_smp_mflags} DESTDIR=%{buildroot} install)
|
|
|
403b09 |
(cd ipaplatform && %{__python3} setup.py install --root %{buildroot})
|
|
|
403b09 |
(cd ipaclient && %{__python3} setup.py install --root %{buildroot})
|
|
|
403b09 |
%endif # with_python3
|
|
|
403b09 |
|
|
|
403b09 |
# Switch shebang of /usr/bin/ipa
|
|
|
403b09 |
# XXX: ipa cli is not stable enough for enabling py3 support, keep it in py2
|
|
|
403b09 |
# in any case
|
|
|
403b09 |
sed -i -e'1s/python\(3\|$\)/python2/' %{buildroot}%{_bindir}/ipa
|
|
|
403b09 |
|
|
|
403b09 |
%find_lang %{gettext_domain}
|
|
|
99b6f7 |
|
|
|
e3ffab |
mkdir -p %{buildroot}%{_usr}/share/ipa
|
|
|
e3ffab |
|
|
|
99b6f7 |
%if ! %{ONLY_CLIENT}
|
|
|
99b6f7 |
# Remove .la files from libtool - we don't want to package
|
|
|
99b6f7 |
# these files
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_pwd_extop.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_enrollment_extop.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_winsync.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_repl_version.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_uuid.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_modrdn.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_lockout.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_cldap.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_dns.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_sidgen.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_sidgen_task.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_extdom_extop.la
|
|
|
99b6f7 |
rm %{buildroot}/%{plugin_dir}/libipa_range_check.la
|
|
|
e3ffab |
rm %{buildroot}/%{plugin_dir}/libipa_otp_counter.la
|
|
|
e3ffab |
rm %{buildroot}/%{plugin_dir}/libipa_otp_lasttoken.la
|
|
|
590d18 |
rm %{buildroot}/%{plugin_dir}/libtopology.la
|
|
|
99b6f7 |
rm %{buildroot}/%{_libdir}/krb5/plugins/kdb/ipadb.la
|
|
|
99b6f7 |
rm %{buildroot}/%{_libdir}/samba/pdb/ipasam.la
|
|
|
99b6f7 |
|
|
|
99b6f7 |
# Some user-modifiable HTML files are provided. Move these to /etc
|
|
|
99b6f7 |
# and link back.
|
|
|
99b6f7 |
mkdir -p %{buildroot}/%{_sysconfdir}/ipa/html
|
|
|
99b6f7 |
mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysrestore
|
|
|
99b6f7 |
mkdir -p %{buildroot}/%{_localstatedir}/cache/ipa/sysupgrade
|
|
|
99b6f7 |
mkdir %{buildroot}%{_usr}/share/ipa/html/
|
|
|
99b6f7 |
ln -s ../../../..%{_sysconfdir}/ipa/html/ffconfig.js \
|
|
|
99b6f7 |
%{buildroot}%{_usr}/share/ipa/html/ffconfig.js
|
|
|
99b6f7 |
ln -s ../../../..%{_sysconfdir}/ipa/html/ffconfig_page.js \
|
|
|
99b6f7 |
%{buildroot}%{_usr}/share/ipa/html/ffconfig_page.js
|
|
|
99b6f7 |
ln -s ../../../..%{_sysconfdir}/ipa/html/ssbrowser.html \
|
|
|
99b6f7 |
%{buildroot}%{_usr}/share/ipa/html/ssbrowser.html
|
|
|
99b6f7 |
ln -s ../../../..%{_sysconfdir}/ipa/html/unauthorized.html \
|
|
|
99b6f7 |
%{buildroot}%{_usr}/share/ipa/html/unauthorized.html
|
|
|
99b6f7 |
ln -s ../../../..%{_sysconfdir}/ipa/html/browserconfig.html \
|
|
|
99b6f7 |
%{buildroot}%{_usr}/share/ipa/html/browserconfig.html
|
|
|
99b6f7 |
|
|
|
99b6f7 |
# So we can own our Apache configuration
|
|
|
99b6f7 |
mkdir -p %{buildroot}%{_sysconfdir}/httpd/conf.d/
|
|
|
99b6f7 |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa.conf
|
|
|
590d18 |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-kdc-proxy.conf
|
|
|
99b6f7 |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
|
|
|
99b6f7 |
/bin/touch %{buildroot}%{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
|
|
|
99b6f7 |
mkdir -p %{buildroot}%{_usr}/share/ipa/html/
|
|
|
99b6f7 |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/ca.crt
|
|
|
99b6f7 |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/kerberosauth.xpi
|
|
|
99b6f7 |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb.con
|
|
|
99b6f7 |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb.js
|
|
|
99b6f7 |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krb5.ini
|
|
|
99b6f7 |
/bin/touch %{buildroot}%{_usr}/share/ipa/html/krbrealm.con
|
|
|
99b6f7 |
mkdir -p %{buildroot}%{_initrddir}
|
|
|
99b6f7 |
mkdir %{buildroot}%{_sysconfdir}/sysconfig/
|
|
|
99b6f7 |
install -m 644 init/ipa_memcached.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa_memcached
|
|
|
590d18 |
install -m 644 init/ipa-dnskeysyncd.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa-dnskeysyncd
|
|
|
590d18 |
install -m 644 init/ipa-ods-exporter.conf %{buildroot}%{_sysconfdir}/sysconfig/ipa-ods-exporter
|
|
|
590d18 |
install -m 644 daemons/dnssec/ipa-ods-exporter.socket %{buildroot}%{_unitdir}/ipa-ods-exporter.socket
|
|
|
590d18 |
install -m 644 daemons/dnssec/ipa-ods-exporter.service %{buildroot}%{_unitdir}/ipa-ods-exporter.service
|
|
|
590d18 |
install -m 644 daemons/dnssec/ipa-dnskeysyncd.service %{buildroot}%{_unitdir}/ipa-dnskeysyncd.service
|
|
|
e3ffab |
|
|
|
e3ffab |
# dnssec daemons
|
|
|
e3ffab |
mkdir -p %{buildroot}%{_libexecdir}/ipa/
|
|
|
590d18 |
install daemons/dnssec/ipa-dnskeysyncd %{buildroot}%{_libexecdir}/ipa/ipa-dnskeysyncd
|
|
|
590d18 |
install daemons/dnssec/ipa-dnskeysync-replica %{buildroot}%{_libexecdir}/ipa/ipa-dnskeysync-replica
|
|
|
590d18 |
install daemons/dnssec/ipa-ods-exporter %{buildroot}%{_libexecdir}/ipa/ipa-ods-exporter
|
|
|
99b6f7 |
|
|
|
99b6f7 |
# Web UI plugin dir
|
|
|
99b6f7 |
mkdir -p %{buildroot}%{_usr}/share/ipa/ui/js/plugins
|
|
|
99b6f7 |
|
|
|
403b09 |
# DNSSEC config
|
|
|
403b09 |
mkdir -p %{buildroot}%{_sysconfdir}/ipa/dnssec
|
|
|
403b09 |
|
|
|
590d18 |
# KDC proxy config (Apache config sets KDCPROXY_CONFIG to load this file)
|
|
|
590d18 |
mkdir -p %{buildroot}%{_sysconfdir}/ipa/kdcproxy/
|
|
|
590d18 |
install -m 644 install/share/kdcproxy.conf %{buildroot}%{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf
|
|
|
590d18 |
|
|
|
99b6f7 |
# NOTE: systemd specific section
|
|
|
e3ffab |
mkdir -p %{buildroot}%{_tmpfilesdir}
|
|
|
e3ffab |
install -m 0644 init/systemd/ipa.conf.tmpfiles %{buildroot}%{_tmpfilesdir}/%{name}.conf
|
|
|
99b6f7 |
# END
|
|
|
99b6f7 |
|
|
|
99b6f7 |
mkdir -p %{buildroot}%{_localstatedir}/run/
|
|
|
99b6f7 |
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa_memcached/
|
|
|
99b6f7 |
install -d -m 0700 %{buildroot}%{_localstatedir}/run/ipa/
|
|
|
590d18 |
install -d -m 0700 %{buildroot}%{_localstatedir}/run/httpd/ipa
|
|
|
590d18 |
install -d -m 0700 %{buildroot}%{_localstatedir}/run/httpd/ipa/clientcaches
|
|
|
590d18 |
install -d -m 0700 %{buildroot}%{_localstatedir}/run/httpd/ipa/krbcache
|
|
|
99b6f7 |
|
|
|
99b6f7 |
mkdir -p %{buildroot}%{_libdir}/krb5/plugins/libkrb5
|
|
|
99b6f7 |
touch %{buildroot}%{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
|
|
|
99b6f7 |
|
|
|
99b6f7 |
# NOTE: systemd specific section
|
|
|
99b6f7 |
mkdir -p %{buildroot}%{_unitdir}
|
|
|
590d18 |
mkdir -p %{buildroot}%{etc_systemd_dir}
|
|
|
99b6f7 |
install -m 644 init/systemd/ipa.service %{buildroot}%{_unitdir}/ipa.service
|
|
|
99b6f7 |
install -m 644 init/systemd/ipa_memcached.service %{buildroot}%{_unitdir}/ipa_memcached.service
|
|
|
403b09 |
install -m 644 init/systemd/ipa-custodia.service %{buildroot}%{_unitdir}/ipa-custodia.service
|
|
|
99b6f7 |
# END
|
|
|
e3ffab |
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa/backup
|
|
|
99b6f7 |
%endif # ONLY_CLIENT
|
|
|
99b6f7 |
|
|
|
99b6f7 |
mkdir -p %{buildroot}%{_sysconfdir}/ipa/
|
|
|
99b6f7 |
/bin/touch %{buildroot}%{_sysconfdir}/ipa/default.conf
|
|
|
99b6f7 |
/bin/touch %{buildroot}%{_sysconfdir}/ipa/ca.crt
|
|
|
e3ffab |
mkdir -p %{buildroot}%{_sysconfdir}/ipa/nssdb
|
|
|
99b6f7 |
mkdir -p %{buildroot}/%{_localstatedir}/lib/ipa-client/sysrestore
|
|
|
99b6f7 |
mkdir -p %{buildroot}%{_sysconfdir}/bash_completion.d
|
|
|
99b6f7 |
install -pm 644 contrib/completion/ipa.bash_completion %{buildroot}%{_sysconfdir}/bash_completion.d/ipa
|
|
|
e3ffab |
|
|
|
e3ffab |
%if ! %{ONLY_CLIENT}
|
|
|
99b6f7 |
mkdir -p %{buildroot}%{_sysconfdir}/cron.d
|
|
|
99b6f7 |
|
|
|
99b6f7 |
(cd %{buildroot}/%{python_sitelib}/ipaserver && find . -type f | \
|
|
|
99b6f7 |
sed -e 's,\.py.*$,.*,g' | sort -u | \
|
|
|
99b6f7 |
sed -e 's,\./,%%{python_sitelib}/ipaserver/,g' ) >server-python.list
|
|
|
e3ffab |
|
|
|
e3ffab |
# RHEL spec file only: DELETED: Do not build tests
|
|
|
403b09 |
|
|
|
403b09 |
mkdir -p %{buildroot}%{_sysconfdir}/ipa/custodia
|
|
|
403b09 |
|
|
|
99b6f7 |
%endif # ONLY_CLIENT
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%clean
|
|
|
99b6f7 |
rm -rf %{buildroot}
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%if ! %{ONLY_CLIENT}
|
|
|
403b09 |
|
|
|
99b6f7 |
%post server
|
|
|
99b6f7 |
# NOTE: systemd specific section
|
|
|
99b6f7 |
/bin/systemctl --system daemon-reload 2>&1 || :
|
|
|
99b6f7 |
# END
|
|
|
99b6f7 |
if [ $1 -gt 1 ] ; then
|
|
|
99b6f7 |
/bin/systemctl condrestart certmonger.service 2>&1 || :
|
|
|
99b6f7 |
fi
|
|
|
403b09 |
/bin/systemctl reload-or-try-restart dbus
|
|
|
403b09 |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
99b6f7 |
|
|
|
99b6f7 |
|
|
|
403b09 |
%posttrans server
|
|
|
403b09 |
# don't execute upgrade and restart of IPA when server is not installed
|
|
|
e3ffab |
python2 -c "import sys; from ipaserver.install import installutils; sys.exit(0 if installutils.is_ipa_configured() else 1);" > /dev/null 2>&1
|
|
|
403b09 |
|
|
|
99b6f7 |
if [ $? -eq 0 ]; then
|
|
|
403b09 |
# This must be run in posttrans so that updates from previous
|
|
|
403b09 |
# execution that may no longer be shipped are not applied.
|
|
|
403b09 |
/usr/sbin/ipa-server-upgrade --quiet >/dev/null || :
|
|
|
403b09 |
|
|
|
403b09 |
# Restart IPA processes. This must be also run in postrans so that plugins
|
|
|
403b09 |
# and software is in consistent state
|
|
|
403b09 |
# NOTE: systemd specific section
|
|
|
403b09 |
|
|
|
e3ffab |
/bin/systemctl is-enabled ipa.service >/dev/null 2>&1
|
|
|
e3ffab |
if [ $? -eq 0 ]; then
|
|
|
e3ffab |
/bin/systemctl restart ipa.service >/dev/null 2>&1 || :
|
|
|
e3ffab |
fi
|
|
|
99b6f7 |
fi
|
|
|
99b6f7 |
# END
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%preun server
|
|
|
99b6f7 |
if [ $1 = 0 ]; then
|
|
|
99b6f7 |
# NOTE: systemd specific section
|
|
|
99b6f7 |
/bin/systemctl --quiet stop ipa.service || :
|
|
|
99b6f7 |
/bin/systemctl --quiet disable ipa.service || :
|
|
|
403b09 |
/bin/systemctl reload-or-try-restart dbus
|
|
|
403b09 |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
99b6f7 |
# END
|
|
|
99b6f7 |
fi
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%pre server
|
|
|
99b6f7 |
# Stop ipa_kpasswd if it exists before upgrading so we don't have a
|
|
|
99b6f7 |
# zombie process when we're done.
|
|
|
99b6f7 |
if [ -e /usr/sbin/ipa_kpasswd ]; then
|
|
|
99b6f7 |
# NOTE: systemd specific section
|
|
|
99b6f7 |
/bin/systemctl stop ipa_kpasswd.service >/dev/null 2>&1 || :
|
|
|
99b6f7 |
# END
|
|
|
99b6f7 |
fi
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%postun server-trust-ad
|
|
|
99b6f7 |
if [ "$1" -ge "1" ]; then
|
|
|
99b6f7 |
if [ "`readlink %{_sysconfdir}/alternatives/winbind_krb5_locator.so`" == "/dev/null" ]; then
|
|
|
99b6f7 |
%{_sbindir}/alternatives --set winbind_krb5_locator.so /dev/null
|
|
|
99b6f7 |
fi
|
|
|
99b6f7 |
fi
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%post server-trust-ad
|
|
|
99b6f7 |
%{_sbindir}/update-alternatives --install %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so \
|
|
|
99b6f7 |
winbind_krb5_locator.so /dev/null 90
|
|
|
590d18 |
/bin/systemctl reload-or-try-restart dbus
|
|
|
590d18 |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%posttrans server-trust-ad
|
|
|
e3ffab |
python2 -c "import sys; from ipaserver.install import installutils; sys.exit(0 if installutils.is_ipa_configured() else 1);" > /dev/null 2>&1
|
|
|
99b6f7 |
if [ $? -eq 0 ]; then
|
|
|
99b6f7 |
# NOTE: systemd specific section
|
|
|
99b6f7 |
/bin/systemctl try-restart httpd.service >/dev/null 2>&1 || :
|
|
|
99b6f7 |
# END
|
|
|
99b6f7 |
fi
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%preun server-trust-ad
|
|
|
99b6f7 |
if [ $1 -eq 0 ]; then
|
|
|
99b6f7 |
%{_sbindir}/update-alternatives --remove winbind_krb5_locator.so /dev/null
|
|
|
590d18 |
/bin/systemctl reload-or-try-restart dbus
|
|
|
590d18 |
/bin/systemctl reload-or-try-restart oddjobd
|
|
|
99b6f7 |
fi
|
|
|
e3ffab |
|
|
|
99b6f7 |
%endif # ONLY_CLIENT
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%post client
|
|
|
99b6f7 |
if [ $1 -gt 1 ] ; then
|
|
|
99b6f7 |
# Has the client been configured?
|
|
|
99b6f7 |
restore=0
|
|
|
99b6f7 |
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
|
|
|
99b6f7 |
|
|
|
99b6f7 |
if [ -f '/etc/sssd/sssd.conf' -a $restore -ge 2 ]; then
|
|
|
99b6f7 |
if ! grep -E -q '/var/lib/sss/pubconf/krb5.include.d/' /etc/krb5.conf 2>/dev/null ; then
|
|
|
99b6f7 |
echo "includedir /var/lib/sss/pubconf/krb5.include.d/" > /etc/krb5.conf.ipanew
|
|
|
99b6f7 |
cat /etc/krb5.conf >> /etc/krb5.conf.ipanew
|
|
|
590d18 |
mv -Z /etc/krb5.conf.ipanew /etc/krb5.conf
|
|
|
99b6f7 |
fi
|
|
|
99b6f7 |
fi
|
|
|
e3ffab |
|
|
|
e3ffab |
if [ -f '/etc/sysconfig/ntpd' -a $restore -ge 2 ]; then
|
|
|
e3ffab |
if grep -E -q 'OPTIONS=.*-u ntp:ntp' /etc/sysconfig/ntpd 2>/dev/null; then
|
|
|
e3ffab |
sed -r '/OPTIONS=/ { s/\s+-u ntp:ntp\s+/ /; s/\s*-u ntp:ntp\s*// }' /etc/sysconfig/ntpd >/etc/sysconfig/ntpd.ipanew
|
|
|
590d18 |
mv -Z /etc/sysconfig/ntpd.ipanew /etc/sysconfig/ntpd
|
|
|
e3ffab |
|
|
|
e3ffab |
/bin/systemctl condrestart ntpd.service 2>&1 || :
|
|
|
e3ffab |
fi
|
|
|
e3ffab |
fi
|
|
|
e3ffab |
|
|
|
403b09 |
if [ $restore -ge 2 ]; then
|
|
|
403b09 |
python2 -c 'from ipapython.certdb import update_ipa_nssdb; update_ipa_nssdb()' >/var/log/ipaupgrade.log 2>&1
|
|
|
e3ffab |
fi
|
|
|
99b6f7 |
fi
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
403b09 |
%triggerin client -- openssh-server
|
|
|
99b6f7 |
# Has the client been configured?
|
|
|
99b6f7 |
restore=0
|
|
|
99b6f7 |
test -f '/var/lib/ipa-client/sysrestore/sysrestore.index' && restore=$(wc -l '/var/lib/ipa-client/sysrestore/sysrestore.index' | awk '{print $1}')
|
|
|
99b6f7 |
|
|
|
99b6f7 |
if [ -f '/etc/ssh/sshd_config' -a $restore -ge 2 ]; then
|
|
|
99b6f7 |
if grep -E -q '^(AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys|PubKeyAgent /usr/bin/sss_ssh_authorizedkeys %u)$' /etc/ssh/sshd_config 2>/dev/null; then
|
|
|
99b6f7 |
sed -r '
|
|
|
99b6f7 |
/^(AuthorizedKeysCommand(User|RunAs)|PubKeyAgentRunAs)[ \t]/ d
|
|
|
99b6f7 |
' /etc/ssh/sshd_config >/etc/ssh/sshd_config.ipanew
|
|
|
99b6f7 |
|
|
|
99b6f7 |
if /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandUser=nobody'; then
|
|
|
99b6f7 |
sed -ri '
|
|
|
99b6f7 |
s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
|
|
|
99b6f7 |
s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandUser nobody/
|
|
|
99b6f7 |
' /etc/ssh/sshd_config.ipanew
|
|
|
99b6f7 |
elif /usr/sbin/sshd -t -f /dev/null -o 'AuthorizedKeysCommand=/usr/bin/sss_ssh_authorizedkeys' -o 'AuthorizedKeysCommandRunAs=nobody'; then
|
|
|
99b6f7 |
sed -ri '
|
|
|
99b6f7 |
s/^PubKeyAgent (.+) %u$/AuthorizedKeysCommand \1/
|
|
|
99b6f7 |
s/^AuthorizedKeysCommand .*$/\0\nAuthorizedKeysCommandRunAs nobody/
|
|
|
99b6f7 |
' /etc/ssh/sshd_config.ipanew
|
|
|
99b6f7 |
elif /usr/sbin/sshd -t -f /dev/null -o 'PubKeyAgent=/usr/bin/sss_ssh_authorizedkeys %u' -o 'PubKeyAgentRunAs=nobody'; then
|
|
|
99b6f7 |
sed -ri '
|
|
|
99b6f7 |
s/^AuthorizedKeysCommand (.+)$/PubKeyAgent \1 %u/
|
|
|
99b6f7 |
s/^PubKeyAgent .*$/\0\nPubKeyAgentRunAs nobody/
|
|
|
99b6f7 |
' /etc/ssh/sshd_config.ipanew
|
|
|
99b6f7 |
fi
|
|
|
99b6f7 |
|
|
|
590d18 |
mv -Z /etc/ssh/sshd_config.ipanew /etc/ssh/sshd_config
|
|
|
99b6f7 |
chmod 600 /etc/ssh/sshd_config
|
|
|
99b6f7 |
|
|
|
99b6f7 |
/bin/systemctl condrestart sshd.service 2>&1 || :
|
|
|
99b6f7 |
fi
|
|
|
99b6f7 |
fi
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%if ! %{ONLY_CLIENT}
|
|
|
403b09 |
|
|
|
403b09 |
%files server
|
|
|
99b6f7 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
e3ffab |
%{_sbindir}/ipa-backup
|
|
|
e3ffab |
%{_sbindir}/ipa-restore
|
|
|
99b6f7 |
%{_sbindir}/ipa-ca-install
|
|
|
590d18 |
%{_sbindir}/ipa-kra-install
|
|
|
99b6f7 |
%{_sbindir}/ipa-server-install
|
|
|
99b6f7 |
%{_sbindir}/ipa-replica-conncheck
|
|
|
99b6f7 |
%{_sbindir}/ipa-replica-install
|
|
|
99b6f7 |
%{_sbindir}/ipa-replica-prepare
|
|
|
99b6f7 |
%{_sbindir}/ipa-replica-manage
|
|
|
99b6f7 |
%{_sbindir}/ipa-csreplica-manage
|
|
|
99b6f7 |
%{_sbindir}/ipa-server-certinstall
|
|
|
590d18 |
%{_sbindir}/ipa-server-upgrade
|
|
|
99b6f7 |
%{_sbindir}/ipa-ldap-updater
|
|
|
e3ffab |
%{_sbindir}/ipa-otptoken-import
|
|
|
99b6f7 |
%{_sbindir}/ipa-compat-manage
|
|
|
99b6f7 |
%{_sbindir}/ipa-nis-manage
|
|
|
99b6f7 |
%{_sbindir}/ipa-managed-entries
|
|
|
99b6f7 |
%{_sbindir}/ipactl
|
|
|
99b6f7 |
%{_sbindir}/ipa-upgradeconfig
|
|
|
99b6f7 |
%{_sbindir}/ipa-advise
|
|
|
e3ffab |
%{_sbindir}/ipa-cacert-manage
|
|
|
590d18 |
%{_sbindir}/ipa-winsync-migrate
|
|
|
e3ffab |
%{_libexecdir}/certmonger/dogtag-ipa-ca-renew-agent-submit
|
|
|
e3ffab |
%{_libexecdir}/certmonger/ipa-server-guard
|
|
|
99b6f7 |
%{_libexecdir}/ipa-otpd
|
|
|
e3ffab |
%dir %{_libexecdir}/ipa
|
|
|
590d18 |
%{_libexecdir}/ipa/ipa-dnskeysyncd
|
|
|
590d18 |
%{_libexecdir}/ipa/ipa-dnskeysync-replica
|
|
|
590d18 |
%{_libexecdir}/ipa/ipa-ods-exporter
|
|
|
590d18 |
%{_libexecdir}/ipa/ipa-httpd-kdcproxy
|
|
|
403b09 |
%{_libexecdir}/ipa/ipa-pki-retrieve-key
|
|
|
403b09 |
%dir %{_libexecdir}/ipa/oddjob
|
|
|
403b09 |
%attr(0755,root,root) %{_libexecdir}/ipa/oddjob/org.freeipa.server.conncheck
|
|
|
403b09 |
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freeipa.server.conf
|
|
|
403b09 |
%config(noreplace) %{_sysconfdir}/oddjobd.conf.d/ipa-server.conf
|
|
|
403b09 |
%dir %{_libexecdir}/ipa/certmonger
|
|
|
403b09 |
%attr(755,root,root) %{_libexecdir}/ipa/certmonger/*
|
|
|
99b6f7 |
# NOTE: systemd specific section
|
|
|
99b6f7 |
%attr(644,root,root) %{_unitdir}/ipa.service
|
|
|
99b6f7 |
%attr(644,root,root) %{_unitdir}/ipa-otpd.socket
|
|
|
99b6f7 |
%attr(644,root,root) %{_unitdir}/ipa-otpd@.service
|
|
|
590d18 |
%attr(644,root,root) %{_unitdir}/ipa-dnskeysyncd.service
|
|
|
590d18 |
%attr(644,root,root) %{_unitdir}/ipa-ods-exporter.socket
|
|
|
590d18 |
%attr(644,root,root) %{_unitdir}/ipa-ods-exporter.service
|
|
|
e3ffab |
# END
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_pwd_extop.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_enrollment_extop.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_winsync.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_repl_version.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_uuid.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_modrdn.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_lockout.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_cldap.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_dns.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_range_check.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_otp_counter.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_otp_lasttoken.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libtopology.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_sidgen.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_sidgen_task.so
|
|
|
403b09 |
%attr(755,root,root) %{plugin_dir}/libipa_extdom_extop.so
|
|
|
403b09 |
%attr(755,root,root) %{_libdir}/krb5/plugins/kdb/ipadb.so
|
|
|
403b09 |
%{_mandir}/man1/ipa-replica-conncheck.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-replica-install.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-replica-manage.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-csreplica-manage.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-replica-prepare.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-server-certinstall.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-server-install.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-server-upgrade.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-ca-install.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-kra-install.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-compat-manage.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-nis-manage.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-managed-entries.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-ldap-updater.1.gz
|
|
|
403b09 |
%{_mandir}/man8/ipactl.8.gz
|
|
|
403b09 |
%{_mandir}/man8/ipa-upgradeconfig.8.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-backup.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-restore.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-advise.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-otptoken-import.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-cacert-manage.1.gz
|
|
|
403b09 |
%{_mandir}/man1/ipa-winsync-migrate.1.gz
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%files -n python2-ipaserver -f server-python.list
|
|
|
403b09 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
403b09 |
%{python_sitelib}/freeipa-*.egg-info
|
|
|
99b6f7 |
%dir %{python_sitelib}/ipaserver
|
|
|
99b6f7 |
%dir %{python_sitelib}/ipaserver/install
|
|
|
99b6f7 |
%dir %{python_sitelib}/ipaserver/install/plugins
|
|
|
590d18 |
%dir %{python_sitelib}/ipaserver/install/server
|
|
|
99b6f7 |
%dir %{python_sitelib}/ipaserver/advise
|
|
|
99b6f7 |
%dir %{python_sitelib}/ipaserver/advise/plugins
|
|
|
99b6f7 |
%dir %{python_sitelib}/ipaserver/plugins
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%files server-common
|
|
|
403b09 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
403b09 |
%ghost %verify(not owner group) %dir %{_sharedstatedir}/kdcproxy
|
|
|
403b09 |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/kdcproxy
|
|
|
403b09 |
%config(noreplace) %{_sysconfdir}/sysconfig/ipa_memcached
|
|
|
403b09 |
%config(noreplace) %{_sysconfdir}/sysconfig/ipa-dnskeysyncd
|
|
|
403b09 |
%config(noreplace) %{_sysconfdir}/sysconfig/ipa-ods-exporter
|
|
|
403b09 |
%config(noreplace) %{_sysconfdir}/ipa/kdcproxy/kdcproxy.conf
|
|
|
403b09 |
%dir %attr(0700,apache,apache) %{_localstatedir}/run/ipa_memcached/
|
|
|
403b09 |
%dir %attr(0700,root,root) %{_localstatedir}/run/ipa/
|
|
|
403b09 |
%dir %attr(0700,apache,apache) %{_localstatedir}/run/httpd/ipa/
|
|
|
403b09 |
%dir %attr(0700,apache,apache) %{_localstatedir}/run/httpd/ipa/clientcaches/
|
|
|
403b09 |
%dir %attr(0700,apache,apache) %{_localstatedir}/run/httpd/ipa/krbcache/
|
|
|
403b09 |
# NOTE: systemd specific section
|
|
|
403b09 |
%{_tmpfilesdir}/%{name}.conf
|
|
|
403b09 |
%attr(644,root,root) %{_unitdir}/ipa_memcached.service
|
|
|
403b09 |
%attr(644,root,root) %{_unitdir}/ipa-custodia.service
|
|
|
403b09 |
%ghost %attr(644,root,root) %{etc_systemd_dir}/httpd.d/ipa.conf
|
|
|
403b09 |
# END
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa
|
|
|
99b6f7 |
%{_usr}/share/ipa/wsgi.py*
|
|
|
99b6f7 |
%{_usr}/share/ipa/copy-schema-to-ca.py*
|
|
|
99b6f7 |
%{_usr}/share/ipa/*.ldif
|
|
|
99b6f7 |
%{_usr}/share/ipa/*.uldif
|
|
|
99b6f7 |
%{_usr}/share/ipa/*.template
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/advise
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/advise/legacy
|
|
|
99b6f7 |
%{_usr}/share/ipa/advise/legacy/*.template
|
|
|
590d18 |
%dir %{_usr}/share/ipa/profiles
|
|
|
590d18 |
%{_usr}/share/ipa/profiles/*.cfg
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/ffextension
|
|
|
99b6f7 |
%{_usr}/share/ipa/ffextension/bootstrap.js
|
|
|
99b6f7 |
%{_usr}/share/ipa/ffextension/install.rdf
|
|
|
99b6f7 |
%{_usr}/share/ipa/ffextension/chrome.manifest
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/ffextension/chrome
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/ffextension/chrome/content
|
|
|
99b6f7 |
%{_usr}/share/ipa/ffextension/chrome/content/kerberosauth.js
|
|
|
99b6f7 |
%{_usr}/share/ipa/ffextension/chrome/content/kerberosauth_overlay.xul
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/ffextension/locale
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/ffextension/locale/en-US
|
|
|
99b6f7 |
%{_usr}/share/ipa/ffextension/locale/en-US/kerberosauth.properties
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/html
|
|
|
99b6f7 |
%{_usr}/share/ipa/html/ffconfig.js
|
|
|
99b6f7 |
%{_usr}/share/ipa/html/ffconfig_page.js
|
|
|
99b6f7 |
%{_usr}/share/ipa/html/ssbrowser.html
|
|
|
99b6f7 |
%{_usr}/share/ipa/html/browserconfig.html
|
|
|
99b6f7 |
%{_usr}/share/ipa/html/unauthorized.html
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/migration
|
|
|
99b6f7 |
%{_usr}/share/ipa/migration/error.html
|
|
|
99b6f7 |
%{_usr}/share/ipa/migration/index.html
|
|
|
99b6f7 |
%{_usr}/share/ipa/migration/invalid.html
|
|
|
99b6f7 |
%{_usr}/share/ipa/migration/migration.py*
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/ui
|
|
|
99b6f7 |
%{_usr}/share/ipa/ui/index.html
|
|
|
99b6f7 |
%{_usr}/share/ipa/ui/reset_password.html
|
|
|
e3ffab |
%{_usr}/share/ipa/ui/sync_otp.html
|
|
|
99b6f7 |
%{_usr}/share/ipa/ui/*.ico
|
|
|
99b6f7 |
%{_usr}/share/ipa/ui/*.css
|
|
|
99b6f7 |
%{_usr}/share/ipa/ui/*.js
|
|
|
e3ffab |
%dir %{_usr}/share/ipa/ui/css
|
|
|
e3ffab |
%{_usr}/share/ipa/ui/css/*.css
|
|
|
9991ea |
%dir %{_usr}/share/ipa/ui/js
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/ui/js/dojo
|
|
|
99b6f7 |
%{_usr}/share/ipa/ui/js/dojo/dojo.js
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/ui/js/libs
|
|
|
99b6f7 |
%{_usr}/share/ipa/ui/js/libs/*.js
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/ui/js/freeipa
|
|
|
99b6f7 |
%{_usr}/share/ipa/ui/js/freeipa/app.js
|
|
|
e3ffab |
%{_usr}/share/ipa/ui/js/freeipa/core.js
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/ui/js/plugins
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/ui/images
|
|
|
e3ffab |
%{_usr}/share/ipa/ui/images/*.jpg
|
|
|
99b6f7 |
%{_usr}/share/ipa/ui/images/*.png
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/wsgi
|
|
|
99b6f7 |
%{_usr}/share/ipa/wsgi/plugins.py*
|
|
|
99b6f7 |
%dir %{_sysconfdir}/ipa
|
|
|
99b6f7 |
%dir %{_sysconfdir}/ipa/html
|
|
|
99b6f7 |
%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig.js
|
|
|
99b6f7 |
%config(noreplace) %{_sysconfdir}/ipa/html/ffconfig_page.js
|
|
|
99b6f7 |
%config(noreplace) %{_sysconfdir}/ipa/html/ssbrowser.html
|
|
|
99b6f7 |
%config(noreplace) %{_sysconfdir}/ipa/html/unauthorized.html
|
|
|
99b6f7 |
%config(noreplace) %{_sysconfdir}/ipa/html/browserconfig.html
|
|
|
99b6f7 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-rewrite.conf
|
|
|
99b6f7 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa.conf
|
|
|
590d18 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-kdc-proxy.conf
|
|
|
99b6f7 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/httpd/conf.d/ipa-pki-proxy.conf
|
|
|
590d18 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/kdcproxy/ipa-kdc-proxy.conf
|
|
|
403b09 |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/dnssec
|
|
|
99b6f7 |
%{_usr}/share/ipa/ipa.conf
|
|
|
99b6f7 |
%{_usr}/share/ipa/ipa-rewrite.conf
|
|
|
99b6f7 |
%{_usr}/share/ipa/ipa-pki-proxy.conf
|
|
|
590d18 |
%{_usr}/share/ipa/kdcproxy.conf
|
|
|
99b6f7 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_usr}/share/ipa/html/ca.crt
|
|
|
99b6f7 |
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/kerberosauth.xpi
|
|
|
99b6f7 |
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.con
|
|
|
99b6f7 |
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb.js
|
|
|
99b6f7 |
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krb5.ini
|
|
|
99b6f7 |
%ghost %attr(0644,root,apache) %{_usr}/share/ipa/html/krbrealm.con
|
|
|
99b6f7 |
%dir %{_usr}/share/ipa/updates/
|
|
|
99b6f7 |
%{_usr}/share/ipa/updates/*
|
|
|
99b6f7 |
%dir %{_localstatedir}/lib/ipa
|
|
|
e3ffab |
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/backup
|
|
|
99b6f7 |
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
|
|
|
99b6f7 |
%attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysupgrade
|
|
|
99b6f7 |
%attr(755,root,root) %dir %{_localstatedir}/lib/ipa/pki-ca
|
|
|
99b6f7 |
%ghost %{_localstatedir}/lib/ipa/pki-ca/publish
|
|
|
e3ffab |
%ghost %{_localstatedir}/named/dyndb-ldap/ipa
|
|
|
403b09 |
%dir %attr(0700,root,root) %{_sysconfdir}/ipa/custodia
|
|
|
403b09 |
|
|
|
590d18 |
|
|
|
590d18 |
%files server-dns
|
|
|
403b09 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
590d18 |
%{_sbindir}/ipa-dns-install
|
|
|
590d18 |
%{_mandir}/man1/ipa-dns-install.1.gz
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%files server-trust-ad
|
|
|
403b09 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
99b6f7 |
%{_sbindir}/ipa-adtrust-install
|
|
|
99b6f7 |
%{_usr}/share/ipa/smb.conf.empty
|
|
|
99b6f7 |
%attr(755,root,root) %{_libdir}/samba/pdb/ipasam.so
|
|
|
99b6f7 |
%{_mandir}/man1/ipa-adtrust-install.1.gz
|
|
|
99b6f7 |
%ghost %{_libdir}/krb5/plugins/libkrb5/winbind_krb5_locator.so
|
|
|
590d18 |
%{_sysconfdir}/dbus-1/system.d/oddjob-ipa-trust.conf
|
|
|
590d18 |
%{_sysconfdir}/oddjobd.conf.d/oddjobd-ipa-trust.conf
|
|
|
403b09 |
%%attr(755,root,root) %{_libexecdir}/ipa/oddjob/com.redhat.idm.trust-fetch-domains
|
|
|
99b6f7 |
|
|
|
99b6f7 |
%endif # ONLY_CLIENT
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%files client
|
|
|
99b6f7 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
99b6f7 |
%{_sbindir}/ipa-client-install
|
|
|
99b6f7 |
%{_sbindir}/ipa-client-automount
|
|
|
e3ffab |
%{_sbindir}/ipa-certupdate
|
|
|
99b6f7 |
%{_sbindir}/ipa-getkeytab
|
|
|
99b6f7 |
%{_sbindir}/ipa-rmkeytab
|
|
|
99b6f7 |
%{_sbindir}/ipa-join
|
|
|
99b6f7 |
%{_mandir}/man1/ipa-getkeytab.1.gz
|
|
|
99b6f7 |
%{_mandir}/man1/ipa-rmkeytab.1.gz
|
|
|
99b6f7 |
%{_mandir}/man1/ipa-client-install.1.gz
|
|
|
99b6f7 |
%{_mandir}/man1/ipa-client-automount.1.gz
|
|
|
e3ffab |
%{_mandir}/man1/ipa-certupdate.1.gz
|
|
|
99b6f7 |
%{_mandir}/man1/ipa-join.1.gz
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%files -n python2-ipaclient
|
|
|
403b09 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
403b09 |
%dir %{python_sitelib}/ipaclient
|
|
|
403b09 |
%{python_sitelib}/ipaclient/*.py*
|
|
|
403b09 |
%{python_sitelib}/ipaclient/plugins/*.py*
|
|
|
403b09 |
%{python_sitelib}/ipaclient/remote_plugins/*.py*
|
|
|
403b09 |
%{python_sitelib}/ipaclient/remote_plugins/2_*/*.py*
|
|
|
403b09 |
%{python_sitelib}/ipaclient-*.egg-info
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%if 0%{?with_python3}
|
|
|
403b09 |
|
|
|
403b09 |
%files -n python3-ipaclient
|
|
|
403b09 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
403b09 |
%dir %{python3_sitelib}/ipaclient
|
|
|
403b09 |
%{python3_sitelib}/ipaclient/*.py
|
|
|
403b09 |
%{python3_sitelib}/ipaclient/__pycache__/*.py*
|
|
|
403b09 |
%{python3_sitelib}/ipaclient/plugins/*.py
|
|
|
403b09 |
%{python3_sitelib}/ipaclient/plugins/__pycache__/*.py*
|
|
|
403b09 |
%{python3_sitelib}/ipaclient/remote_plugins/*.py
|
|
|
403b09 |
%{python3_sitelib}/ipaclient/remote_plugins/__pycache__/*.py*
|
|
|
403b09 |
%{python3_sitelib}/ipaclient/remote_plugins/2_*/*.py
|
|
|
403b09 |
%{python3_sitelib}/ipaclient/remote_plugins/2_*/__pycache__/*.py*
|
|
|
403b09 |
%{python3_sitelib}/ipaclient-*.egg-info
|
|
|
403b09 |
|
|
|
403b09 |
%endif # with_python3
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%files client-common
|
|
|
403b09 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
403b09 |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/
|
|
|
403b09 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/default.conf
|
|
|
403b09 |
%ghost %attr(0644,root,apache) %config(noreplace) %{_sysconfdir}/ipa/ca.crt
|
|
|
403b09 |
%dir %attr(0755,root,root) %{_sysconfdir}/ipa/nssdb
|
|
|
403b09 |
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/cert8.db
|
|
|
403b09 |
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/key3.db
|
|
|
403b09 |
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/secmod.db
|
|
|
403b09 |
%ghost %config(noreplace) %{_sysconfdir}/ipa/nssdb/pwdfile.txt
|
|
|
403b09 |
%ghost %config(noreplace) %{_sysconfdir}/pki/ca-trust/source/ipa.p11-kit
|
|
|
403b09 |
%dir %{_usr}/share/ipa
|
|
|
403b09 |
%dir %{_localstatedir}/lib/ipa-client
|
|
|
403b09 |
%dir %{_localstatedir}/lib/ipa-client/sysrestore
|
|
|
99b6f7 |
%{_mandir}/man5/default.conf.5.gz
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
99b6f7 |
%files admintools
|
|
|
99b6f7 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
99b6f7 |
%{_bindir}/ipa
|
|
|
99b6f7 |
%config %{_sysconfdir}/bash_completion.d
|
|
|
99b6f7 |
%{_mandir}/man1/ipa.1.gz
|
|
|
99b6f7 |
|
|
|
403b09 |
|
|
|
403b09 |
%files python-compat
|
|
|
99b6f7 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
403b09 |
|
|
|
403b09 |
|
|
|
403b09 |
%files -n python2-ipalib
|
|
|
403b09 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
99b6f7 |
%dir %{python_sitelib}/ipapython
|
|
|
99b6f7 |
%{python_sitelib}/ipapython/*.py*
|
|
|
590d18 |
%dir %{python_sitelib}/ipapython/dnssec
|
|
|
590d18 |
%{python_sitelib}/ipapython/dnssec/*.py*
|
|
|
590d18 |
%dir %{python_sitelib}/ipapython/install
|
|
|
590d18 |
%{python_sitelib}/ipapython/install/*.py*
|
|
|
403b09 |
%dir %{python_sitelib}/ipapython/secrets
|
|
|
403b09 |
%{python_sitelib}/ipapython/secrets/*.py*
|
|
|
99b6f7 |
%dir %{python_sitelib}/ipalib
|
|
|
99b6f7 |
%{python_sitelib}/ipalib/*
|
|
|
e3ffab |
%dir %{python_sitelib}/ipaplatform
|
|
|
e3ffab |
%{python_sitelib}/ipaplatform/*
|
|
|
99b6f7 |
%{python_sitelib}/ipapython-*.egg-info
|
|
|
403b09 |
%{python_sitelib}/ipalib-*.egg-info
|
|
|
e3ffab |
%{python_sitelib}/ipaplatform-*.egg-info
|
|
|
db5969 |
|
|
|
a809a6 |
|
|
|
403b09 |
%files common -f %{gettext_domain}.lang
|
|
|
403b09 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
d3dad6 |
|
|
|
0843e2 |
|
|
|
403b09 |
%if 0%{?with_python3}
|
|
|
aa60fb |
|
|
|
403b09 |
%files -n python3-ipalib
|
|
|
403b09 |
%defattr(-,root,root,-)
|
|
|
403b09 |
%doc README Contributors.txt
|
|
|
403b09 |
%license COPYING
|
|
|
aa60fb |
|
|
|
403b09 |
%{python3_sitelib}/ipapython/
|
|
|
403b09 |
%{python3_sitelib}/ipalib/
|
|
|
403b09 |
%{python3_sitelib}/ipaplatform/
|
|
|
403b09 |
%{python3_sitelib}/ipapython-*.egg-info
|
|
|
403b09 |
%{python3_sitelib}/ipalib-*.egg-info
|
|
|
403b09 |
%{python3_sitelib}/ipaplatform-*.egg-info
|
|
|
aa60fb |
|
|
|
403b09 |
%endif # with_python3
|
|
|
aa60fb |
|
|
|
aa60fb |
|
|
|
403b09 |
# RHEL spec file only: DELETED: Do not build tests
|
|
|
aa60fb |
|
|
|
e0ab38 |
|
|
|
403b09 |
%changelog
|
|
|
53a374 |
* Fri Dec 16 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.1.1
|
|
|
53a374 |
- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services
|
|
|
53a374 |
by abusing password policy
|
|
|
53a374 |
- ipa-kdb: search for password policies globally
|
|
|
53a374 |
- Renamed patches 1011 and 1012 to 0146 and 0145, as they were merged upstream
|
|
|
53a374 |
|
|
|
53a374 |
* Mon Dec 12 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.1
|
|
|
53a374 |
- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services
|
|
|
53a374 |
by abusing password policy
|
|
|
53a374 |
- password policy: Add explicit default password policy for hosts and
|
|
|
53a374 |
services
|
|
|
53a374 |
- Resolves: #1395311 CVE-2016-9575 ipa: Insufficient permission check in
|
|
|
53a374 |
certprofile-mod
|
|
|
53a374 |
- certprofile-mod: correctly authorise config update
|
|
|
a46197 |
|
|
|
fef02c |
* Tue Nov 1 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14
|
|
|
fef02c |
- Resolves: #1378353 Replica install fails with old IPA master sometimes during
|
|
|
fef02c |
replication process
|
|
|
fef02c |
- spec file: bump minimal required version of 389-ds-base
|
|
|
fef02c |
- Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1
|
|
|
fef02c |
- Fix missing file that fails DL1 replica installation
|
|
|
fef02c |
- Resolves: #1387782 WebUI: Services are not displayed correctly after upgrade
|
|
|
fef02c |
- WebUI: services without canonical name are shown correctly
|
|
|
fef02c |
- Resolves: #1389709 Traceback seen in error_log when trustdomain-del is run
|
|
|
fef02c |
- trustdomain-del: fix the way how subdomain is searched
|
|
|
fef02c |
|
|
|
fef02c |
* Mon Oct 31 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-13
|
|
|
fef02c |
- Resolves: #1318616 CA fails to start after doing ipa-ca-install --external-ca
|
|
|
fef02c |
- Keep NSS trust flags of existing certificates
|
|
|
fef02c |
- Resolves: #1360813 ipa-server-certinstall does not update all certificate
|
|
|
fef02c |
stores and doesn't set proper trust permissions
|
|
|
fef02c |
- Add cert checks in ipa-server-certinstall
|
|
|
fef02c |
- Resolves: #1371479 cert-find --all does not show information about revocation
|
|
|
fef02c |
- cert: add revocation reason back to cert-find output
|
|
|
fef02c |
- Resolves: #1375133 WinSync users who have First.Last casing creates users who
|
|
|
fef02c |
can have their password set
|
|
|
fef02c |
- ipa passwd: use correct normalizer for user principals
|
|
|
fef02c |
- Resolves: #1377858 Users with 2FA tokens are not able to login to IPA servers
|
|
|
fef02c |
- Properly handle LDAP socket closures in ipa-otpd
|
|
|
fef02c |
- Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1
|
|
|
fef02c |
- Make httpd publish its CA certificate on DL1
|
|
|
21794d |
|
|
|
403b09 |
* Fri Sep 16 2016 Petr Vobornik <pvoborni@redhat.com> - 4.4.0-12
|
|
|
403b09 |
- Resolves: #1373910 IPA server upgrade fails with DNS timed out errors.
|
|
|
403b09 |
- Resolves: #1375269 ipa trust-fetch-domains throws internal error
|
|
|
403b09 |
|
|
|
403b09 |
* Tue Sep 13 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-11
|
|
|
403b09 |
- Resolves: #1373359 ipa-certupdate fails with "CA is not configured"
|
|
|
403b09 |
- Fix regression introduced in ipa-certupdate
|
|
|
403b09 |
|
|
|
403b09 |
* Wed Sep 7 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-10
|
|
|
403b09 |
- Resolves: #1355753 adding two way non transitive(external) trust displays
|
|
|
403b09 |
internal error on the console
|
|
|
403b09 |
- Always fetch forest info from root DCs when establishing two-way trust
|
|
|
403b09 |
- factor out `populate_remote_domain` method into module-level function
|
|
|
403b09 |
- Always fetch forest info from root DCs when establishing one-way trust
|
|
|
403b09 |
- Resolves: #1356101 Lightweight sub-CA certs are not tracked by certmonger
|
|
|
403b09 |
after `ipa-replica-install`
|
|
|
403b09 |
- Track lightweight CAs on replica installation
|
|
|
403b09 |
- Resolves: #1357488 ipa command stuck forever on higher versioned client with
|
|
|
403b09 |
lower versioned server
|
|
|
403b09 |
- compat: Save server's API version in for pre-schema servers
|
|
|
403b09 |
- compat: Fix ping command call
|
|
|
403b09 |
- schema cache: Store and check info for pre-schema servers
|
|
|
403b09 |
- Resolves: #1363905 man page for ipa-replica-manage has a typo in -c flag
|
|
|
403b09 |
- Fix man page ipa-replica-manage: remove duplicate -c option
|
|
|
403b09 |
from --no-lookup
|
|
|
403b09 |
- Resolves: #1367865 webui: cert_revoke should use --cacn to set correct CA
|
|
|
403b09 |
when revoking certificate
|
|
|
403b09 |
- cert: include CA name in cert command output
|
|
|
403b09 |
- WebUI add support for sub-CAs while revoking certificates
|
|
|
403b09 |
- Resolves: #1368424 Unable to view certificates issued by Sub CA in Web UI
|
|
|
403b09 |
- Add support for additional options taken from table facet
|
|
|
403b09 |
- WebUI: Fix showing certificates issued by sub-CA
|
|
|
403b09 |
- Resolves: #1368557 dnsrecord-add does not prompt for missing record parts
|
|
|
403b09 |
internactively
|
|
|
403b09 |
- dns: normalize record type read interactively in dnsrecord_add
|
|
|
403b09 |
- dns: prompt for missing record parts in CLI
|
|
|
403b09 |
- dns: fix crash in interactive mode against old servers
|
|
|
403b09 |
- Resolves: #1370519 Certificate revocation in service-del and host-del isn't
|
|
|
403b09 |
aware of Sub CAs
|
|
|
403b09 |
- cert: fix cert-find --certificate when the cert is not in LDAP
|
|
|
403b09 |
- Make host/service cert revocation aware of lightweight CAs
|
|
|
403b09 |
- Resolves: #1371901 Use OAEP padding with custodia
|
|
|
403b09 |
- Use RSA-OAEP instead of RSA PKCS#1 v1.5
|
|
|
403b09 |
- Resolves: #1371915 When establishing external two-way trust, forest root
|
|
|
403b09 |
Administrator account is used to fetch domain info
|
|
|
403b09 |
- do not use trusted forest name to construct domain admin principal
|
|
|
403b09 |
- Resolves: #1372597 Incorrect CA ACL evaluation of SAN DNS names in
|
|
|
403b09 |
certificate request
|
|
|
403b09 |
- Fix CA ACL Check on SubjectAltNames
|
|
|
403b09 |
- Resolves: #1373272 CLI always sends default command version
|
|
|
403b09 |
- cli: use full name when executing a command
|
|
|
403b09 |
- Resolves: #1373359 ipa-certupdate fails with "CA is not configured"
|
|
|
403b09 |
- Fix ipa-certupdate for CA-less installation
|
|
|
403b09 |
- Resolves: #1373540 client-install with IPv6 address fails on link-local
|
|
|
403b09 |
address (always)
|
|
|
403b09 |
- Fix parse errors with link-local addresses
|
|
|
403b09 |
|
|
|
403b09 |
* Fri Sep 2 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-9
|
|
|
403b09 |
- Resolves: #1081561 CA not start during ipa server install in pure IPv6 env
|
|
|
403b09 |
- Fix ipa-server-install in pure IPv6 environment
|
|
|
403b09 |
- Resolves: #1318169 Tree-root domains in a trusted AD forest aren't marked as
|
|
|
403b09 |
reachable via the forest root
|
|
|
403b09 |
- trust: make sure ID range is created for the child domain even if it exists
|
|
|
403b09 |
- ipa-kdb: simplify trusted domain parent search
|
|
|
403b09 |
- Resolves: #1335567 Update Warning in IdM Web UI API browser
|
|
|
403b09 |
- WebUI: add API browser is tech preview warning
|
|
|
403b09 |
- Resolves: #1348560 Mulitple domain Active Directory Trust conflict
|
|
|
403b09 |
- ipaserver/dcerpc: reformat to make the code closer to pep8
|
|
|
403b09 |
- trust: automatically resolve DNS trust conflicts for triangle trusts
|
|
|
403b09 |
- Resolves: #1351593 CVE-2016-5404 ipa: Insufficient privileges check in
|
|
|
403b09 |
certificate revocation
|
|
|
403b09 |
- cert-revoke: fix permission check bypass (CVE-2016-5404)
|
|
|
403b09 |
- Resolves: #1353936 custodia.conf and server.keys file is world-readable.
|
|
|
403b09 |
- Remove Custodia server keys from LDAP
|
|
|
403b09 |
- Secure permissions of Custodia server.keys
|
|
|
403b09 |
- Resolves: #1358752 ipa-ca-install fails on replica when IPA server is
|
|
|
403b09 |
converted from CA-less to CA-full
|
|
|
403b09 |
- custodia: include known CA certs in the PKCS#12 file for Dogtag
|
|
|
403b09 |
- custodia: force reconnect before retrieving CA certs from LDAP
|
|
|
403b09 |
- Resolves: #1362333 ipa vault container owner cannot add vault
|
|
|
403b09 |
- Fix: container owner should be able to add vault
|
|
|
403b09 |
- Resolves: #1365546 External trust with root domain is transitive
|
|
|
403b09 |
- trust: make sure external trust topology is correctly rendered
|
|
|
403b09 |
- Resolves: #1365572 IPA server broken after upgrade
|
|
|
403b09 |
- Require pki-core-10.3.3-7
|
|
|
403b09 |
- Resolves: #1367864 Server assumes latest version of command instead of
|
|
|
403b09 |
version 1 for old / 3rd party clients
|
|
|
403b09 |
- rpcserver: assume version 1 for unversioned command calls
|
|
|
403b09 |
- rpcserver: fix crash in XML-RPC system commands
|
|
|
403b09 |
- Resolves: #1367773 thin client ignores locale change
|
|
|
403b09 |
- schema cache: Fallback to 'en_us' when locale is not available
|
|
|
403b09 |
- Resolves: #1368754 ipa server uninstall fails with Python "Global Name error"
|
|
|
403b09 |
- Fail on topology disconnect/last role removal
|
|
|
403b09 |
- Resolves: #1368981 ipa otptoken-add --type=hotp --key creates wrong OTP
|
|
|
403b09 |
- otptoken, permission: Convert custom type parameters on server
|
|
|
403b09 |
- Resolves: #1369414 ipa server-del fails with Python stack trace
|
|
|
403b09 |
- Handled empty hostname in server-del command
|
|
|
403b09 |
- Resolves: #1369761 ipa-server must depend on a version of httpd that support
|
|
|
403b09 |
mod_proxy with UDS
|
|
|
403b09 |
- Require httpd 2.4.6-31 with mod_proxy Unix socket support
|
|
|
403b09 |
- Resolves: #1370512 Received ACIError instead of DuplicatedError in
|
|
|
403b09 |
stageuser_tests
|
|
|
403b09 |
- Raise DuplicatedEnrty error when user exists in delete_container
|
|
|
403b09 |
- Resolves: #1371479 cert-find --all does not show information about revocation
|
|
|
403b09 |
- cert: add missing param values to cert-find output
|
|
|
403b09 |
- Renamed patch 1011 to 0100, as it was merged upstream
|
|
|
403b09 |
|
|
|
403b09 |
* Wed Aug 17 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-8
|
|
|
403b09 |
- Resolves: #1298288 [RFE] Improve performance in large environments.
|
|
|
403b09 |
- cert: speed up cert-find
|
|
|
403b09 |
- Resolves: #1317379 [EXPERIMENTAL][RFE] Web UI: allow Smart Card
|
|
|
403b09 |
authentication
|
|
|
403b09 |
- service: add flag to allow S4U2Self
|
|
|
403b09 |
- Add 'trusted to auth as user' checkbox
|
|
|
403b09 |
- Added new authentication method
|
|
|
403b09 |
- Resolves: #1353881 ipa-replica-install suggests about
|
|
|
403b09 |
non-existent --force-ntpd option
|
|
|
403b09 |
- Don't show --force-ntpd option in replica install
|
|
|
403b09 |
- Resolves: #1354441 DNS forwarder check is too strict: unable to add
|
|
|
403b09 |
sub-domain to already-broken domain
|
|
|
403b09 |
- DNS: allow to add forward zone to already broken sub-domain
|
|
|
403b09 |
- Resolves: #1356146 performance regression in CLI help
|
|
|
403b09 |
- schema: Speed up schema cache
|
|
|
403b09 |
- frontend: Change doc, summary, topic and NO_CLI to class properties
|
|
|
403b09 |
- schema: Introduce schema cache format
|
|
|
403b09 |
- schema: Generate bits for help load them on request
|
|
|
403b09 |
- help: Do not create instances to get information about commands and topics
|
|
|
403b09 |
- schema cache: Do not reset ServerInfo dirty flag
|
|
|
403b09 |
- schema cache: Do not read fingerprint and format from cache
|
|
|
403b09 |
- Access data for help separately
|
|
|
403b09 |
- frontent: Add summary class property to CommandOverride
|
|
|
403b09 |
- schema cache: Read server info only once
|
|
|
403b09 |
- schema cache: Store API schema cache in memory
|
|
|
403b09 |
- client: Do not create instance just to check isinstance
|
|
|
403b09 |
- schema cache: Read schema instead of rewriting it when SchemaUpToDate
|
|
|
403b09 |
- Resolves: #1360769 ipa-server-certinstall couldnt unlock private key file
|
|
|
403b09 |
- server install: do not prompt for cert file PIN repeatedly
|
|
|
403b09 |
- Resolves: #1364113 ipa-password: ipa: ERROR: RuntimeError: Unable to create
|
|
|
403b09 |
cache directory: [Errno 13] Permission denied: '/home/test_user'
|
|
|
403b09 |
- schema: Speed up schema cache
|
|
|
403b09 |
- Resolves: #1366604 `cert-find` crashes on invalid certificate data
|
|
|
403b09 |
- cert: do not crash on invalid data in cert-find
|
|
|
403b09 |
- Resolves: #1366612 Middle replica uninstallation in line topology works
|
|
|
403b09 |
without '--ignore-topology-disconnect'
|
|
|
403b09 |
- Fail on topology disconnect/last role removal
|
|
|
403b09 |
- Resolves: #1366626 caacl-add-service: incorrect error message when service
|
|
|
403b09 |
does not exists
|
|
|
403b09 |
- Fix ipa-caalc-add-service error message
|
|
|
403b09 |
- Resolves: #1367022 The ipa-server-upgrade command failed when named-pkcs11
|
|
|
403b09 |
does not happen to run during dnf upgrade
|
|
|
403b09 |
- DNS server upgrade: do not fail when DNS server did not respond
|
|
|
403b09 |
- Resolves: #1367759 [RFE] [webui] warn admin if there is only one IPA server
|
|
|
403b09 |
with CA
|
|
|
403b09 |
- Add warning about only one existing CA server
|
|
|
403b09 |
- Set servers list as default facet in topology facet group
|
|
|
403b09 |
- Resolves: #1367773 thin client ignores locale change
|
|
|
403b09 |
- schema check: Check current client language against cached one
|
|
|
403b09 |
|
|
|
403b09 |
* Wed Aug 10 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-7
|
|
|
403b09 |
- Resolves: #1361119 UPN-based search for AD users does not match an entry in
|
|
|
403b09 |
slapi-nis map cache
|
|
|
403b09 |
- support multiple uid values in schema compatibility tree
|
|
|
403b09 |
|
|
|
403b09 |
* Wed Aug 10 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-6
|
|
|
403b09 |
- Resolves: #1309700 Process /usr/sbin/winbindd was killed by signal 6
|
|
|
403b09 |
- Revert "spec: add conflict with bind-chroot to freeipa-server-dns"
|
|
|
403b09 |
- Resolves: #1341249 Subsequent external CA installation fails
|
|
|
403b09 |
- install: fix external CA cert validation
|
|
|
403b09 |
- Resolves: #1353831 ipa-server-install fails in container because of
|
|
|
403b09 |
hostnamectl set-hostname
|
|
|
403b09 |
- server-install: Fix --hostname option to always override api.env values
|
|
|
403b09 |
- install: Call hostnamectl set-hostname only if --hostname option is used
|
|
|
403b09 |
- Resolves: #1356091 ipa-cacert-manage --help and man differ
|
|
|
403b09 |
- Improvements for the ipa-cacert-manage man and help
|
|
|
403b09 |
- Resolves: #1360631 ipa-backup is not keeping the
|
|
|
403b09 |
/etc/tmpfiles.d/dirsrv-<instance>.conf
|
|
|
403b09 |
- ipa-backup: backup /etc/tmpfiles.d/dirsrv-<instance>.conf
|
|
|
403b09 |
- Resolves: #1361047 ipa-replica-install --help usage line suggests the replica
|
|
|
403b09 |
file is needed
|
|
|
403b09 |
- Update ipa-replica-install documentation
|
|
|
403b09 |
- Resolves: #1361545 ipa-client-install starts rhel-domainname.service but does
|
|
|
403b09 |
not rpm-require it
|
|
|
403b09 |
- client: RPM require initscripts to get *-domainname.service
|
|
|
403b09 |
- Resolves: #1364197 caacl: error when instantiating rules with service
|
|
|
403b09 |
principals
|
|
|
403b09 |
- caacl: fix regression in rule instantiation
|
|
|
403b09 |
- Resolves: #1364310 ipa otptoken-add bytes object has no attribute confirm
|
|
|
403b09 |
- parameters: move the `confirm` kwarg to Param
|
|
|
403b09 |
- Resolves: #1364464 Topology graph: ca and domain adders shows question marks
|
|
|
403b09 |
instead of plus icon
|
|
|
403b09 |
- Fix unicode characters in ca and domain adders
|
|
|
403b09 |
- Resolves: #1365083 Incomplete output returned for command ipa vault-add
|
|
|
403b09 |
- client: add missing output params to client-side commands
|
|
|
403b09 |
- Resolves: #1365526 build fails during "make check"
|
|
|
403b09 |
- ipa-kdb: Fix unit test after packaging changes in krb5
|
|
|
403b09 |
|
|
|
403b09 |
* Fri Aug 5 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-5
|
|
|
403b09 |
- Resolves: #1353829 traceback message seen in ipaserver-uninstall.log file.
|
|
|
403b09 |
- Do not initialize API in ipa-client-automount uninstall
|
|
|
403b09 |
- Resolves: #1356899 com.redhat.idm.trust.fetch_domains need update after thin
|
|
|
403b09 |
client changes
|
|
|
403b09 |
- idrange: fix unassigned global variable
|
|
|
403b09 |
- Resolves: #1360792 Migrating users doesn't update krbCanonicalName
|
|
|
403b09 |
- re-set canonical principal name on migrated users
|
|
|
403b09 |
- Resolves: #1362012 ipa hbactest produces error about cannot concatenate 'str'
|
|
|
403b09 |
and 'bool' objects
|
|
|
403b09 |
- Fix ipa hbactest output
|
|
|
403b09 |
- Resolves: #1362260 ipa vault-mod no longer allows defining salt
|
|
|
403b09 |
- vault: add missing salt option to vault_mod
|
|
|
403b09 |
- Resolves: #1362312 ipa vault-retrieve internal error when using the wrong
|
|
|
403b09 |
public key
|
|
|
403b09 |
- vault: Catch correct exception in decrypt
|
|
|
403b09 |
- Resolves: #1362537 ipa-server-install fails to create symlink from
|
|
|
403b09 |
/etc/ipa/kdcproxy/ to /etc/httpd/conf.d/
|
|
|
403b09 |
- Correct path to HTTPD's systemd service directory
|
|
|
403b09 |
- Resolves: #1363756 Increase length of passwords generated by installer
|
|
|
403b09 |
- Increase default length of auto generated passwords
|
|
|
403b09 |
|
|
|
403b09 |
* Fri Jul 29 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-4
|
|
|
403b09 |
- Resolves: #1117306 [RFE] Allow multiple Principals per host entry (Kerberos
|
|
|
403b09 |
aliases)
|
|
|
403b09 |
- harden the check for trust namespace overlap in new principals
|
|
|
403b09 |
- Resolves: #1351142 CLI is not using session cookies for communication with
|
|
|
403b09 |
IPA API
|
|
|
403b09 |
- Fix session cookies
|
|
|
403b09 |
- Resolves: #1353888 Fix the help for ipa otp and other topics
|
|
|
403b09 |
- help: Add dnsserver commands to help topic 'dns'
|
|
|
403b09 |
- Resolves: #1354406 host-del updatedns options complains about missing ptr
|
|
|
403b09 |
record for host
|
|
|
403b09 |
- Host-del: fix behavior of --updatedns and PTR records
|
|
|
403b09 |
- Resolves: #1355718 ipa-replica-manage man page example output differs actual
|
|
|
403b09 |
command output
|
|
|
403b09 |
- Minor fix in ipa-replica-manage MAN page
|
|
|
403b09 |
- Resolves: #1358229 Traceback message should be fixed, seen while editing
|
|
|
403b09 |
winsync migrated user information in Default trust view.
|
|
|
403b09 |
- baseldap: Fix MidairCollision instantiation during entry modification
|
|
|
403b09 |
- Resolves: #1358849 CA replica install logs to wrong log file
|
|
|
403b09 |
- unite log file name of ipa-ca-install
|
|
|
403b09 |
- Resolves: #1359130 ipa-server-install command fails to install IPA server.
|
|
|
403b09 |
- DNS Locations: fix update-system-records unpacking error
|
|
|
403b09 |
- Resolves: #1359237 AVC on dirsrv config caused by IPA installer
|
|
|
403b09 |
- Use copy when replacing files to keep SELinux context
|
|
|
403b09 |
- Resolves: #1359692 ipa-client-install join fail with traceback against
|
|
|
403b09 |
RHEL-6.8 ipa-server
|
|
|
403b09 |
- compat: fix ping call
|
|
|
403b09 |
- Resolves: #1359738 ipa-replica-install --domain=<IPA primary domain> option
|
|
|
403b09 |
does not work
|
|
|
403b09 |
- replica-install: Fix --domain
|
|
|
403b09 |
- Resolves: #1360778 Vault commands are available in CLI even when the server
|
|
|
403b09 |
does not support them
|
|
|
403b09 |
- Revert "Enable vault-* commands on client"
|
|
|
403b09 |
- client: fix hiding of commands which lack server support
|
|
|
403b09 |
- Related: #1281704 Rebase to softhsm 2.1.0
|
|
|
403b09 |
- Remove the workaround for softhsm bug #1293340
|
|
|
403b09 |
- Related: #1298288 [RFE] Improve performance in large environments.
|
|
|
403b09 |
- Create indexes for krbCanonicalName attribute
|
|
|
403b09 |
|
|
|
403b09 |
* Fri Jul 22 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-3
|
|
|
403b09 |
- Resolves: #1296140 Remove redhat-access-plugin-ipa support
|
|
|
403b09 |
- Obsolete and conflict redhat-access-plugin-ipa
|
|
|
403b09 |
- Resolves: #1351119 Multiple issues while uninstalling ipa-server
|
|
|
403b09 |
- server uninstall fails to remove krb principals
|
|
|
403b09 |
- Resolves: #1351758 ipa commands not showing expected error messages
|
|
|
403b09 |
- frontend: copy command arguments to output params on client
|
|
|
403b09 |
- Show full error message for selinuxusermap-add-hostgroup
|
|
|
403b09 |
- Resolves: #1352883 Traceback on adding default automember group and hostgroup
|
|
|
403b09 |
set
|
|
|
403b09 |
- allow 'value' output param in commands without primary key
|
|
|
403b09 |
- Resolves: #1353888 Fix the help for ipa otp and other topics
|
|
|
403b09 |
- schema: Fix subtopic -> topic mapping
|
|
|
403b09 |
- Resolves: #1354348 ipa trustconfig-show throws internal error.
|
|
|
403b09 |
- allow 'value' output param in commands without primary key
|
|
|
403b09 |
- Resolves: #1354381 ipa trust-add with raw option gives internal error.
|
|
|
403b09 |
- trust-add: handle `--all/--raw` options properly
|
|
|
403b09 |
- Resolves: #1354493 Replica install fails with old IPA master
|
|
|
403b09 |
- DNS install: Ensure that DNS servers container exists
|
|
|
403b09 |
- Resolves: #1354628 ipa hostgroup-add-member does not return error message
|
|
|
403b09 |
when adding itself as member
|
|
|
403b09 |
- frontend: copy command arguments to output params on client
|
|
|
403b09 |
- Resolves: #1355856 ipa otptoken-add --type=totp gives internal error
|
|
|
403b09 |
- messages: specify message type for ResultFormattingError
|
|
|
403b09 |
- Resolves: #1356063 "ipa radiusproxy-add" command needs to prompt to enter
|
|
|
403b09 |
secret key
|
|
|
403b09 |
- expose `--secret` option in radiusproxy-* commands
|
|
|
403b09 |
- prevent search for RADIUS proxy servers by secret
|
|
|
403b09 |
- Resolves: #1356099 Bug in the ipapwd plugin
|
|
|
403b09 |
- Heap corruption in ipapwd plugin
|
|
|
403b09 |
- Resolves: #1356899 com.redhat.idm.trust.fetch_domains need update after thin
|
|
|
403b09 |
client changes
|
|
|
403b09 |
- Use server API in com.redhat.idm.trust-fetch-domains oddjob helper
|
|
|
403b09 |
- Resolves: #1356964 Renaming a user removes all of his principal aliases
|
|
|
403b09 |
- Preserve user principal aliases during rename operation
|
|
|
403b09 |
|
|
|
403b09 |
* Fri Jul 15 2016 Petr Vobornik <pvoborni@redhat.com> - 4.4.0-2.1
|
|
|
403b09 |
- Resolves: #1274524 [RFE] Qualify up to 60 IdM replicas
|
|
|
403b09 |
- Resolves: #1320838 [RFE] Support IdM Client in a DNS domain controlled by AD
|
|
|
403b09 |
- Related: #1356134 'kinit -E' does not work for IPA user
|
|
|
403b09 |
|
|
|
403b09 |
* Thu Jul 14 2016 Petr Vobornik <pvoborni@redhat.com> - 4.4.0-2
|
|
|
403b09 |
- Resolves: #1356102 Server uninstall does not stop tracking lightweight sub-CA
|
|
|
403b09 |
with certmonger
|
|
|
403b09 |
- uninstall: untrack lightweight CA certs
|
|
|
403b09 |
- Resolves: #1351807 ipa-nis-manage config.get_dn missing
|
|
|
403b09 |
- ipa-nis-manage: Use server API to retrieve plugin status
|
|
|
403b09 |
- Resolves: #1353452 ipa-compat-manage command failed,
|
|
|
403b09 |
exception: NotImplementedError: config.get_dn()
|
|
|
403b09 |
- ipa-compat-manage: use server API to retrieve plugin status
|
|
|
403b09 |
- Resolves: #1353899 ipa-advise: object of type 'type' has no len()
|
|
|
403b09 |
- ipa-advise: correct handling of plugin namespace iteration
|
|
|
403b09 |
- Resolves: #1356134 'kinit -E' does not work for IPA user
|
|
|
403b09 |
- kdb: check for local realm in enterprise principals
|
|
|
403b09 |
- Resolves: #1353072 ipa unknown command vault-add
|
|
|
403b09 |
- Enable vault-* commands on client
|
|
|
403b09 |
- vault-add: set the default vault type on the client side if none was given
|
|
|
403b09 |
- Resolves: #1353995 Default CA can be used without a CA ACL
|
|
|
403b09 |
- caacl: expand plugin documentation
|
|
|
403b09 |
- Resolves: #1356144 host-find should not print SSH keys by default, only
|
|
|
403b09 |
SSH fingerprints
|
|
|
403b09 |
- host-find: do not show SSH key by default
|
|
|
403b09 |
- Resolves: #1353506 ipa migrate-ds command fails for IPA in RHEL 7.3
|
|
|
403b09 |
- Removed unused method parameter from migrate-ds
|
|
|
403b09 |
|
|
|
403b09 |
* Fri Jul 1 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-1
|
|
|
403b09 |
- Resolves: #747612 [RFE] IPA should support and manage DNS sites
|
|
|
403b09 |
- Resolves: #826790 Disabling password expiration (--maxlife=0 and --minlife=0)
|
|
|
403b09 |
in the default global_policy in IPA sets user's password expiration
|
|
|
403b09 |
(krbPasswordExpiration) to be 90 days
|
|
|
403b09 |
- Resolves: #896699 ipa-replica-manage -H does not delete DNS SRV records
|
|
|
403b09 |
- Resolves: #1084018 [RFE] Add IdM user password change support for legacy
|
|
|
403b09 |
client compat tree
|
|
|
403b09 |
- Resolves: #1117306 [RFE] Allow multiple Principals per host entry (Kerberos
|
|
|
403b09 |
aliases)
|
|
|
403b09 |
- Fix incorrect check for principal type when evaluating CA ACLs
|
|
|
403b09 |
- Resolves: #1146860 [RFE] Offer OTP generation for host enrollment in the UI
|
|
|
403b09 |
- Resolves: #1238190 ipasam unable to lookup group in directory yet manual
|
|
|
403b09 |
search works
|
|
|
403b09 |
- Resolves: #1250110 search by users which don't have read rights for all attrs
|
|
|
403b09 |
in search_attributes fails
|
|
|
403b09 |
- Resolves: #1263764 Show Certificate displays in useless format
|
|
|
403b09 |
- Resolves: #1272491 [WebUI] Certificate action dropdown does not display all
|
|
|
403b09 |
the options after adding new certificate
|
|
|
403b09 |
- Resolves: #1292141 Rebase to FreeIPA 4.4+
|
|
|
403b09 |
- Rebase to 4.4.0
|
|
|
403b09 |
- Resolves: #1294503 IPA fails to issue 3rd party certs
|
|
|
403b09 |
- Resolves: #1298242 [RFE] API compatibility - compatibility of clients
|
|
|
403b09 |
- Resolves: #1298848 [RFE] Centralized topology management
|
|
|
403b09 |
- Resolves: #1298966 [RFE] Extend Smart Card support
|
|
|
403b09 |
- Resolves: #1315146 Multiple clients cannot join domain simultaneously:
|
|
|
403b09 |
/var/run/httpd/ipa/clientcaches race condition?
|
|
|
403b09 |
- Resolves: #1318903 ipa server install failing when SUBCA signs the cert
|
|
|
403b09 |
- Resolves: #1319003 ipa-winsync-migrate: Traceback should be fixed with proper
|
|
|
403b09 |
console output
|
|
|
403b09 |
- Resolves: #1324055 IPA always qualify requests for admin
|
|
|
403b09 |
- Resolves: #1328552 [RFE] Allow users to authenticate with alternative names
|
|
|
403b09 |
- Resolves: #1334582 Inconsistent UI and CLI options for removing certificate
|
|
|
403b09 |
hold
|
|
|
403b09 |
- Resolves: #1346321 Exclude o=ipaca subtree from Retro Changelog (syncrepl)
|
|
|
403b09 |
- Resolves: #1349281 Fix `Conflicts` with ipa-python
|
|
|
403b09 |
- Resolves: #1350695 execution of copy-schema script fails
|
|
|
403b09 |
- Resolves: #1351118 upgrade failed for RHEL-7.3 from RHEL-7.2.z
|
|
|
403b09 |
- Resolves: #1351153 AVC seen on Replica during ipa-server upgrade test
|
|
|
403b09 |
execution to 7.3
|
|
|
403b09 |
- Resolves: #1351276 ipa-server-install with dns cannot resolve itself to
|
|
|
403b09 |
create ipa-ca entry
|
|
|
403b09 |
- Related: #1343422 [RFE] Add GssapiImpersonate option
|
|
|
403b09 |
|
|
|
403b09 |
* Wed Jun 22 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-0.2.alpha1
|
|
|
403b09 |
- Resolves: #1348948 IPA server install fails with build
|
|
|
403b09 |
ipa-server-4.4.0-0.el7.1.alpha1
|
|
|
403b09 |
- Revert "Increased mod_wsgi socket-timeout"
|
|
|
403b09 |
|
|
|
403b09 |
* Wed Jun 22 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-0.1.alpha1
|
|
|
403b09 |
- Resolves: #712109 "krbExtraData not allowed" is logged in DS error log while
|
|
|
403b09 |
setting password for default sudo binddn.
|
|
|
403b09 |
- Resolves: #747612 [RFE] IPA should support and manage DNS sites
|
|
|
403b09 |
- Resolves: #768316 [RFE] ipa-getkeytab should auto-detect the ipa server name
|
|
|
403b09 |
- Resolves: #825391 [RFE] Replica installation should provide a means for
|
|
|
403b09 |
inheriting nssldap security access settings
|
|
|
403b09 |
- Resolves: #921497 Incorrect *.py[co] files placement
|
|
|
403b09 |
- Resolves: #1029640 RHEL7 IPA to add DNA Plugin config for dnaRemote support
|
|
|
403b09 |
- Resolves: #1029905 389 DS cache sizes not replicated to IPA replicas
|
|
|
403b09 |
- Resolves: #1196958 IPA replica installation failing with high number of users
|
|
|
403b09 |
(160000).
|
|
|
403b09 |
- Resolves: #1219402 IPA suggests to uninstall a client when the user needs to
|
|
|
403b09 |
uninstall a replica
|
|
|
403b09 |
- Resolves: #1224057 [RFE] TGS authorization decisions in KDC based on
|
|
|
403b09 |
Authentication Indicator
|
|
|
403b09 |
- Resolves: #1234222 [WebUI] UI error message is not appropriate for "Kerberos
|
|
|
403b09 |
principal expiration"
|
|
|
403b09 |
- Resolves: #1234223 [WebUI] General invalid password error message appearing
|
|
|
403b09 |
for "Locked user"
|
|
|
403b09 |
- Resolves: #1254267 ipa-server-install failure applying ldap updates with
|
|
|
403b09 |
limits exceeded
|
|
|
403b09 |
- Resolves: #1258626 realmdomains-mod --add-domain command throwing error when
|
|
|
403b09 |
doamin already is in forwardzone.
|
|
|
403b09 |
- Resolves: #1259020 ipa-server-adtrust-install doesn't allow
|
|
|
403b09 |
NetBIOS-name=EXAMPLE-TEST.COM (dash character)
|
|
|
403b09 |
- Resolves: #1260993 DNSSEC signing enablement on dnszone should throw error
|
|
|
403b09 |
message when DNSSEC master not installed
|
|
|
403b09 |
- Resolves: #1262747 dnssec options missing in ipa-dns-install man page
|
|
|
403b09 |
- Resolves: #1265900 Fail installation immediately after dirsrv fails to
|
|
|
403b09 |
install using ipa-server-install
|
|
|
403b09 |
- Resolves: #1265915 idoverrideuser-find fails if any SID anchor is not
|
|
|
403b09 |
resolvable anymore
|
|
|
403b09 |
- Resolves: #1268027 ipa-dnskeysync-replica crash with backtrace -
|
|
|
403b09 |
LimitsExceeded: limits exceeded for this query
|
|
|
403b09 |
- Resolves: #1269089 Certificate of managed-by host/service fails to resubmit
|
|
|
403b09 |
- Resolves: #1269200 ipa-server crashing while trying to preserve admin user
|
|
|
403b09 |
- Resolves: #1271321 Reduce ioblocktimeout and idletimeout defaults
|
|
|
403b09 |
- Resolves: #1271579 Automember rule expressions disappear from tables on
|
|
|
403b09 |
single expression delete
|
|
|
403b09 |
- Resolves: #1275816 Incomplete ports for IPA ad-trust
|
|
|
403b09 |
- Resolves: #1276351 [RFE] Remove
|
|
|
403b09 |
/usr/share/ipa/updates/50-lockout-policy.update file from IPA releases
|
|
|
403b09 |
- Resolves: #1277109 Add tool tips for Revert, Refresh, Undo, and Undo All in
|
|
|
403b09 |
the IPA UI
|
|
|
403b09 |
- Resolves: #1278426 Better error message needed for invalid ca-signing-algo
|
|
|
403b09 |
option
|
|
|
403b09 |
- Resolves: #1279932 ipa-client-install --request-cert needs workaround in
|
|
|
403b09 |
anaconda chroot
|
|
|
403b09 |
- Resolves: #1282521 Creating a user w/o private group fails when doing so in
|
|
|
403b09 |
WebUI
|
|
|
403b09 |
- Resolves: #1283879 ipa-winsync-migrate: Traceback message should be replaced
|
|
|
403b09 |
by "IPA is not configured on this system"
|
|
|
403b09 |
- Resolves: #1285071 ipa-kra-install fails on replica looking for admin cert
|
|
|
403b09 |
file
|
|
|
403b09 |
- Resolves: #1287194 [RFE] Support of UPN for trusted domains
|
|
|
403b09 |
- Resolves: #1288967 Normalize Manager entry in ipa user-add
|
|
|
403b09 |
- Resolves: #1289487 Priority field missing in Password Policy detail tab
|
|
|
403b09 |
- Resolves: #1291140 ipa client should configure kpasswd_server directive in
|
|
|
403b09 |
krb5.conf
|
|
|
403b09 |
- Resolves: #1292141 Rebase to FreeIPA 4.4+
|
|
|
403b09 |
- Rebase to 4.4.0.alpha1
|
|
|
403b09 |
- Resolves: #1298848 [RFE] Centralized topology management
|
|
|
403b09 |
- Resolves: #1300576 Browser setup page includes instructions for Internet
|
|
|
403b09 |
Explorer
|
|
|
403b09 |
- Resolves: #1301586 ipa host-del --updatedns should remove related dns
|
|
|
403b09 |
entries.
|
|
|
403b09 |
- Resolves: #1304618 Residual Files After IPA Server Uninstall
|
|
|
403b09 |
- Resolves: #1305144 ipa-python does not require its dependencies
|
|
|
403b09 |
- Resolves: #1309700 Process /usr/sbin/winbindd was killed by signal 6
|
|
|
403b09 |
- Resolves: #1313798 Console output post ipa-winsync-migrate command should be
|
|
|
403b09 |
corrected.
|
|
|
403b09 |
- Resolves: #1314786 [RFE] External Trust with Active Directory domain
|
|
|
403b09 |
- Resolves: #1319023 Include description for 'status' option in man page for
|
|
|
403b09 |
ipactl command.
|
|
|
403b09 |
- Resolves: #1319912 ipa-server-install does not completely change hostname and
|
|
|
403b09 |
named-pkcs11 fails
|
|
|
403b09 |
- Resolves: #1320891 IPA Error 3009: Validation error: Invalid 'ptrrecord':
|
|
|
403b09 |
Reverse zone in-addr.arpa. requires exactly 4 IP address compnents, 5 given
|
|
|
403b09 |
- Resolves: #1327207 ipa cert-revoke --help doesn't provide enough info on
|
|
|
403b09 |
revocation reasons
|
|
|
403b09 |
- Resolves: #1328549 "ipa-kra-install" command reports incorrect message when
|
|
|
403b09 |
it is executed on server already installed with KRA.
|
|
|
403b09 |
- Resolves: #1329209 ipa-nis-manage enable: change service name from 'portmap'
|
|
|
403b09 |
to 'rpcbind'
|
|
|
403b09 |
- Resolves: #1329275 ipa-nis-manage command should include status option
|
|
|
403b09 |
- Resolves: #1330843 'man ipa' should be updated with latest commands
|
|
|
403b09 |
- Resolves: #1333755 ipa cert-request causes internal server error while
|
|
|
403b09 |
requesting certificate
|
|
|
403b09 |
- Resolves: #1337484 EOF is not handled for ipa-client-install command
|
|
|
403b09 |
- Resolves: #1338031 Insufficient 'write' privilege on some attributes for the
|
|
|
403b09 |
members of the role which has "User Administrators" privilege.
|
|
|
403b09 |
- Resolves: #1343142 IPA DNS should do better verification of DNS zones
|
|
|
403b09 |
- Resolves: #1347928 Frontpage exposes runtime error with no cookies enabled in
|
|
|
403b09 |
browser
|
|
|
403b09 |
|
|
|
403b09 |
* Wed May 25 2016 Jan Cholasta <jcholast@redhat.com> - 4.3.1-0.201605241723GIT1b427d3.1
|
|
|
403b09 |
- Resolves: #1339483 ipa-server-install fails with ERROR pkinit_cert_files
|
|
|
403b09 |
- Fix incorrect rebase of patch 1001
|
|
|
403b09 |
|
|
|
403b09 |
* Tue May 24 2016 Jan Cholasta <jcholast@redhat.com> - 4.3.1-0.201605241723GIT1b427d3
|
|
|
403b09 |
- Resolves: #1339233 CA installed on replica is always marked as renewal master
|
|
|
403b09 |
- Related: #1292141 Rebase to FreeIPA 4.4+
|
|
|
403b09 |
- Rebase to 4.3.1.201605241723GIT1b427d3
|
|
|
403b09 |
|
|
|
403b09 |
* Tue May 24 2016 Jan Cholasta <jcholast@redhat.com> - 4.3.1-0.201605191449GITf8edf37.1
|
|
|
403b09 |
- Resolves: #1332809 ipa-server-4.2.0-15.el7_2.6.1.x86_64 fails to install
|
|
|
403b09 |
because of missing dependencies
|
|
|
403b09 |
- Rebuild with krb5-1.14.1
|
|
|
403b09 |
|
|
|
403b09 |
* Fri May 20 2016 Jan Cholasta <jcholast@redhat.com> - 4.3.1-0.201605191449GITf8edf37
|
|
|
403b09 |
- Resolves: #837369 [RFE] Switch to client promotion to replica model
|
|
|
403b09 |
- Resolves: #1199516 [RFE] Move replication topology to the shared tree
|
|
|
403b09 |
- Resolves: #1206588 [RFE] Visualize FreeIPA server replication topology
|
|
|
403b09 |
- Resolves: #1211602 Hide ipa-server-install KDC master password option (-P)
|
|
|
403b09 |
- Resolves: #1212713 ipa-csreplica-manage: it could be nice to have also
|
|
|
403b09 |
list-ruv / clean-ruv / abort-clean-ruv for o=ipaca backend
|
|
|
403b09 |
- Resolves: #1267206 ipa-server-install uninstall should warn if no
|
|
|
403b09 |
installation found
|
|
|
403b09 |
- Resolves: #1295865 The Domain option is not correctly set in idmapd.conf when
|
|
|
403b09 |
ipa-client-automount is executed.
|
|
|
403b09 |
- Resolves: #1327092 URI details missing and OCSP-URI details are incorrectly
|
|
|
403b09 |
displayed when certificate generated using IPA on RHEL 7.2up2.
|
|
|
403b09 |
- Resolves: #1332809 ipa-server-4.2.0-15.el7_2.6.1.x86_64 fails to install
|
|
|
403b09 |
because of missing dependencies
|
|
|
403b09 |
- Related: #1292141 Rebase to FreeIPA 4.4+
|
|
|
403b09 |
- Rebase to 4.3.1.201605191449GITf8edf37
|
|
|
e0ab38 |
|
|
|
403b09 |
* Mon Apr 18 2016 Jan Cholasta <jcholast@redhat.com> - 4.2.0-16
|
|
|
403b09 |
- Resolves: #1277696 IPA certificate auto renewal fail with "Invalid
|
|
|
403b09 |
Credential"
|
|
|
403b09 |
- cert renewal: make renewal of ipaCert atomic
|
|
|
403b09 |
- Resolves: #1278330 installer options are not validated at the beginning of
|
|
|
403b09 |
installation
|
|
|
403b09 |
- install: fix command line option validation
|
|
|
403b09 |
- Resolves: #1282845 sshd_config change on ipa-client-install can prevent sshd
|
|
|
403b09 |
from starting up
|
|
|
403b09 |
- client install: do not corrupt OpenSSH config with Match sections
|
|
|
403b09 |
- Resolves: #1282935 ipa upgrade causes vault internal error
|
|
|
403b09 |
- install: export KRA agent PEM file in ipa-kra-install
|
|
|
403b09 |
- Resolves: #1283429 Default CA ACL rule is not created during
|
|
|
403b09 |
ipa-replica-install
|
|
|
403b09 |
- TLS and Dogtag HTTPS request logging improvements
|
|
|
403b09 |
- Avoid race condition caused by profile delete and recreate
|
|
|
403b09 |
- Do not erroneously reinit NSS in Dogtag interface
|
|
|
403b09 |
- Add profiles and default CA ACL on migration
|
|
|
403b09 |
- disconnect ldap2 backend after adding default CA ACL profiles
|
|
|
403b09 |
- do not disconnect when using existing connection to check default CA ACLs
|
|
|
403b09 |
- Resolves: #1283430 ipa-kra-install: fails to apply updates
|
|
|
403b09 |
- suppress errors arising from adding existing LDAP entries during KRA
|
|
|
403b09 |
install
|
|
|
403b09 |
- Resolves: #1283748 Caching of ipaconfig does not work in framework
|
|
|
403b09 |
- fix caching in get_ipa_config
|
|
|
403b09 |
- Resolves: #1283943 IPA DNS Zone/DNS Forward Zone details missing after
|
|
|
403b09 |
upgrade from RHEL 7.0 to RHEL 7.2
|
|
|
403b09 |
- upgrade: fix migration of old dns forward zones
|
|
|
403b09 |
- Fix upgrade of forwardzones when zone is in realmdomains
|
|
|
403b09 |
- Resolves: #1284413 ipa-cacert-manage renew fails on nonexistent ldap
|
|
|
403b09 |
connection
|
|
|
403b09 |
- ipa-cacert-renew: Fix connection to ldap.
|
|
|
403b09 |
- Resolves: #1284414 ipa-otptoken-import fails on nonexistent ldap connection
|
|
|
403b09 |
- ipa-otptoken-import: Fix connection to ldap.
|
|
|
403b09 |
- Resolves: #1286635 IPA server upgrade fails from RHEL 7.0 to RHEL 7.2 using
|
|
|
e0ab38 |
"yum update ipa* sssd"
|
|
|
e0ab38 |
- Set minimal required version for openssl
|
|
|
403b09 |
- Resolves: #1286781 ipa-nis-manage does not update ldap with all NIS maps
|
|
|
e0ab38 |
- Upgrade: Fix upgrade of NIS Server configuration
|
|
|
403b09 |
- Resolves: #1289311 umask setting causes named-pkcs11 issue with directory
|
|
|
e0ab38 |
permissions on /var/lib/ipa/dnssec
|
|
|
e0ab38 |
- DNS: fix file permissions
|
|
|
e0ab38 |
- Explicitly call chmod on newly created directories
|
|
|
e0ab38 |
- Fix: replace mkdir with chmod
|
|
|
403b09 |
- Resolves: #1290142 Broken 7.2.0 to 7.2.z upgrade - flawed version comparison
|
|
|
e0ab38 |
- Fix version comparison
|
|
|
e0ab38 |
- use FFI call to rpmvercmp function for version comparison
|
|
|
403b09 |
- Resolves: #1292595 In IPA-AD trust environment some secondary IPA based Posix
|
|
|
403b09 |
groups are missing
|
|
|
403b09 |
- ipa-kdb: map_groups() consider all results
|
|
|
403b09 |
- Resolves: #1293870 User should be notified for wrong password in password
|
|
|
403b09 |
reset page
|
|
|
403b09 |
- Fixed login error message box in LoginScreen page
|
|
|
403b09 |
- Resolves: #1296196 Sysrestore did not restore state if a key is specified in
|
|
|
e0ab38 |
mixed case
|
|
|
e0ab38 |
- Allow to used mixed case for sysrestore
|
|
|
403b09 |
- Resolves: #1296214 DNSSEC key purging is not handled properly
|
|
|
e0ab38 |
- DNSSEC: Improve error reporting from ipa-ods-exporter
|
|
|
e0ab38 |
- DNSSEC: Make sure that current state in OpenDNSSEC matches key state in
|
|
|
e0ab38 |
LDAP
|
|
|
e0ab38 |
- DNSSEC: Make sure that current key state in LDAP matches key state in BIND
|
|
|
e0ab38 |
- DNSSEC: remove obsolete TODO note
|
|
|
e0ab38 |
- DNSSEC: add debug mode to ldapkeydb.py
|
|
|
e0ab38 |
- DNSSEC: logging improvements in ipa-ods-exporter
|
|
|
e0ab38 |
- DNSSEC: remove keys purged by OpenDNSSEC from master HSM from LDAP
|
|
|
e0ab38 |
- DNSSEC: ipa-dnskeysyncd: Skip zones with old DNSSEC metadata in LDAP
|
|
|
e0ab38 |
- DNSSEC: ipa-ods-exporter: add ldap-cleanup command
|
|
|
e0ab38 |
- DNSSEC: ipa-dnskeysyncd: call ods-signer ldap-cleanup on zone removal
|
|
|
e0ab38 |
- DNSSEC: Log debug messages at log level DEBUG
|
|
|
403b09 |
- Resolves: #1296216 ipa-server-upgrade fails if certmonger is not running
|
|
|
e0ab38 |
- prevent crash of CA-less server upgrade due to absent certmonger
|
|
|
403b09 |
- always start certmonger during IPA server configuration upgrade
|
|
|
403b09 |
- Resolves: #1297811 The ipa -e skip_version_check=1 still issues
|
|
|
e0ab38 |
incompatibility error when called against RHEL 6 server
|
|
|
e0ab38 |
- ipalib: assume version 2.0 when skip_version_check is enabled
|
|
|
403b09 |
- Resolves: #1298289 install fails when locale is "fr_FR.UTF-8"
|
|
|
403b09 |
- Do not decode HTTP reason phrase from Dogtag
|
|
|
403b09 |
- Resolves: #1300252 shared certificateProfiles container is missing on a
|
|
|
403b09 |
freshly installed RHEL7.2 system
|
|
|
403b09 |
- upgrade: unconditional import of certificate profiles into LDAP
|
|
|
403b09 |
- Resolves: #1301674 --setup-dns and other options is forgotten for using an
|
|
|
403b09 |
external PKI
|
|
|
403b09 |
- installer: Propagate option values from components instead of copying them.
|
|
|
403b09 |
- installer: Fix logic of reading option values from cache.
|
|
|
403b09 |
- Resolves: #1301687 issues with migration from RHEL 6 self-signed to RHEL 7 CA
|
|
|
403b09 |
IPA setup
|
|
|
403b09 |
- ipa-ca-install: print more specific errors when CA is already installed
|
|
|
403b09 |
- cert renewal: import all external CA certs on IPA CA cert renewal
|
|
|
403b09 |
- CA install: explicitly set dogtag_version to 10
|
|
|
403b09 |
- fix standalone installation of externally signed CA on IPA master
|
|
|
403b09 |
- replica install: validate DS and HTTP server certificates
|
|
|
403b09 |
- replica install: improvements in the handling of CA-related IPA config
|
|
|
403b09 |
entries
|
|
|
403b09 |
- Resolves: #1301901 [RFE] compat tree: show AD members of IPA groups
|
|
|
403b09 |
- slapi-nis: update configuration to allow external members of IPA groups
|
|
|
403b09 |
- Resolves: #1305533 ipa trust-add succeded but after that ipa trust-find
|
|
|
403b09 |
returns "0 trusts matched"
|
|
|
403b09 |
- upgrade: fix config of sidgen and extdom plugins
|
|
|
403b09 |
- trusts: use ipaNTTrustPartner attribute to detect trust entries
|
|
|
403b09 |
- Warn user if trust is broken
|
|
|
403b09 |
- fix upgrade: wait for proper DS socket after DS restart
|
|
|
403b09 |
- Insure the admin_conn is disconnected on stop
|
|
|
403b09 |
- Fix connections to DS during installation
|
|
|
403b09 |
- Fix broken trust warnings
|
|
|
403b09 |
- Resolves: #1321092 Installers fail when there are multiple versions of the
|
|
|
403b09 |
same certificate
|
|
|
403b09 |
- certdb: never use the -r option of certutil
|
|
|
403b09 |
- Related: #1317381 Crash during IPA upgrade due to slapd
|
|
|
403b09 |
- spec file: update minimum required version of slapi-nis
|
|
|
403b09 |
- Related: #1322691 CVE-2015-5370 CVE-2016-2110 CVE-2016-2111 CVE-2016-2112
|
|
|
403b09 |
CVE-2016-2113 CVE-2016-2114 CVE-2016-2115 CVE-2016-2118 samba: various flaws
|
|
|
403b09 |
[rhel-7.3]
|
|
|
403b09 |
- Rebuild against newer Samba version
|
|
|
8eb28c |
|
|
|
590d18 |
* Tue Oct 13 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15
|
|
|
590d18 |
- Resolves: #1252556 Missing CLI param and ACL for vault service operations
|
|
|
590d18 |
- vault: fix private service vault creation
|
|
|
590d18 |
|
|
|
590d18 |
* Mon Oct 12 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-14
|
|
|
590d18 |
- Resolves: #1262996 ipa vault internal error on replica without KRA
|
|
|
590d18 |
- upgrade: make sure ldap2 is connected in export_kra_agent_pem
|
|
|
590d18 |
- Resolves: #1270608 IPA upgrade fails for server with CA cert signed by
|
|
|
590d18 |
external CA
|
|
|
590d18 |
- schema: do not derive ipaVaultPublicKey from ipaPublicKey
|
|
|
590d18 |
|
|
|
590d18 |
* Thu Oct 8 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-13
|
|
|
590d18 |
- Resolves: #1217009 OTP sync in UI does not work for TOTP tokens
|
|
|
590d18 |
- Fix an integer underflow bug in libotp
|
|
|
590d18 |
- Resolves: #1262996 ipa vault internal error on replica without KRA
|
|
|
590d18 |
- install: always export KRA agent PEM file
|
|
|
590d18 |
- vault: select a server with KRA for vault operations
|
|
|
590d18 |
- Resolves: #1269777 IPA restore overwrites /etc/passwd and /etc/group files
|
|
|
590d18 |
- do not overwrite files with local users/groups when restoring authconfig
|
|
|
590d18 |
- Renamed patch 1011 to 0138, as it was merged upstream
|
|
|
590d18 |
|
|
|
590d18 |
* Wed Sep 23 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-12
|
|
|
590d18 |
- Resolves: #1204205 [RFE] ID Views: Automated migration tool from Winsync to
|
|
|
590d18 |
Trusts
|
|
|
590d18 |
- winsync-migrate: Convert entity names to posix friendly strings
|
|
|
590d18 |
- winsync-migrate: Properly handle collisions in the names of external groups
|
|
|
590d18 |
- Resolves: #1261074 Adjust Firefox configuration to new extension signing
|
|
|
590d18 |
policy
|
|
|
590d18 |
- webui: use manual Firefox configuration for Firefox >= 40
|
|
|
590d18 |
- Resolves: #1263337 IPA Restore failed with installed KRA
|
|
|
590d18 |
- ipa-backup: Add mechanism to store empty directory structure
|
|
|
590d18 |
- Resolves: #1264793 CVE-2015-5284 ipa: ipa-kra-install includes certificate
|
|
|
590d18 |
and private key in world readable file [rhel-7.2]
|
|
|
590d18 |
- install: fix KRA agent PEM file permissions
|
|
|
590d18 |
- Resolves: #1265086 Mark IdM API Browser as experimental
|
|
|
590d18 |
- WebUI: add API browser is experimental warning
|
|
|
590d18 |
- Resolves: #1265277 Fix kdcproxy user creation
|
|
|
590d18 |
- install: create kdcproxy user during server install
|
|
|
590d18 |
- platform: add option to create home directory when adding user
|
|
|
590d18 |
- install: fix kdcproxy user home directory
|
|
|
590d18 |
- Resolves: #1265559 GSS failure after ipa-restore
|
|
|
590d18 |
- destroy httpd ccache after stopping the service
|
|
|
590d18 |
|
|
|
590d18 |
* Thu Sep 17 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-11
|
|
|
590d18 |
- Resolves: #1258965 ipa vault: set owner of vault container
|
|
|
590d18 |
- baseldap: make subtree deletion optional in LDAPDelete
|
|
|
590d18 |
- vault: add vault container commands
|
|
|
590d18 |
- vault: set owner to current user on container creation
|
|
|
590d18 |
- vault: update access control
|
|
|
590d18 |
- vault: add permissions and administrator privilege
|
|
|
590d18 |
- install: support KRA update
|
|
|
590d18 |
- Resolves: #1261586 ipa config-mod addattr fails for ipauserobjectclasses
|
|
|
590d18 |
- config: allow user/host attributes with tagging options
|
|
|
590d18 |
- Resolves: #1262315 Unable to establish winsync replication
|
|
|
590d18 |
- winsync: Add inetUser objectclass to the passsync sysaccount
|
|
|
590d18 |
|
|
|
590d18 |
* Wed Sep 16 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-10
|
|
|
590d18 |
- Resolves: #1260663 crash of ipa-dnskeysync-replica component during
|
|
|
590d18 |
ipa-restore
|
|
|
590d18 |
- IPA Restore: allows to specify files that should be removed
|
|
|
590d18 |
- Resolves: #1261806 Installing ipa-server package breaks httpd
|
|
|
590d18 |
- Handle timeout error in ipa-httpd-kdcproxy
|
|
|
590d18 |
- Resolves: #1262322 Failed to backup CS.cfg message in upgrade.
|
|
|
590d18 |
- Server Upgrade: backup CS.cfg when dogtag is turned off
|
|
|
590d18 |
|
|
|
590d18 |
* Wed Sep 9 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-9
|
|
|
590d18 |
- Resolves: #1257074 The KRA agent cert is stored in a PEM file that is not
|
|
|
590d18 |
tracked
|
|
|
590d18 |
- cert renewal: Include KRA users in Dogtag LDAP update
|
|
|
590d18 |
- cert renewal: Automatically update KRA agent PEM file
|
|
|
590d18 |
- Resolves: #1257163 renaming certificatte profile with --rename option leads
|
|
|
590d18 |
to integrity issues
|
|
|
590d18 |
- certprofile: remove 'rename' option
|
|
|
590d18 |
- Resolves: #1257968 kinit stop working after ipa-restore
|
|
|
590d18 |
- Backup: back up the hosts file
|
|
|
590d18 |
- Resolves: #1258926 Remove 'DNSSEC is experimental' warnings
|
|
|
590d18 |
- DNSSEC: remove "DNSSEC is experimental" warnings
|
|
|
590d18 |
- Resolves: #1258929 Uninstallation of IPA leaves extra entry in /etc/hosts
|
|
|
590d18 |
- Installer: do not modify /etc/hosts before user agreement
|
|
|
590d18 |
- Resolves: #1258944 DNSSEC daemons may deadlock when processing more than 1
|
|
|
590d18 |
zone
|
|
|
590d18 |
- DNSSEC: backup and restore opendnssec zone list file
|
|
|
590d18 |
- DNSSEC: remove ccache and keytab of ipa-ods-exporter
|
|
|
590d18 |
- DNSSEC: prevent ipa-ods-exporter from looping after service auto-restart
|
|
|
590d18 |
- DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interaction
|
|
|
590d18 |
- DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC
|
|
|
590d18 |
key master
|
|
|
590d18 |
- DNSSEC: Fix key metadata export
|
|
|
590d18 |
- DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5.
|
|
|
590d18 |
- Resolves: #1258964 revert to use ldapi to add kra agent in KRA install
|
|
|
590d18 |
- Using LDAPI to setup CA and KRA agents.
|
|
|
590d18 |
- Resolves: #1259848 server closes connection and refuses commands after
|
|
|
590d18 |
deleting user that is still logged in
|
|
|
590d18 |
- ldap: Make ldap2 connection management thread-safe again
|
|
|
590d18 |
- Resolves: #1259996 AttributeError: 'NameSpace' object has no attribute
|
|
|
590d18 |
'ra_certprofile' while ipa-ca-install
|
|
|
590d18 |
- load RA backend plugins during standalone CA install on CA-less IPA master
|
|
|
590d18 |
|
|
|
590d18 |
* Wed Aug 26 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-8
|
|
|
590d18 |
- Resolves: #1254689 Storing big file as a secret in vault raises traceback
|
|
|
590d18 |
- vault: Limit size of data stored in vault
|
|
|
590d18 |
- Resolves: #1255880 ipactl status should distinguish between different
|
|
|
590d18 |
pki-tomcat services
|
|
|
590d18 |
- ipactl: Do not start/stop/restart single service multiple times
|
|
|
590d18 |
|
|
|
590d18 |
* Wed Aug 26 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-7
|
|
|
590d18 |
- Resolves: #1256840 [webui] majority of required fields is no longer marked as
|
|
|
590d18 |
required
|
|
|
590d18 |
- fix missing information in object metadata
|
|
|
590d18 |
- Resolves: #1256842 [webui] no option to choose trust type when creating a
|
|
|
590d18 |
trust
|
|
|
590d18 |
- webui: add option to establish bidirectional trust
|
|
|
590d18 |
- Resolves: #1256853 Clear text passwords in KRA install log
|
|
|
590d18 |
- Removed clear text passwords from KRA install log.
|
|
|
590d18 |
- Resolves: #1257072 The "Standard Vault" MUST not be the default and must be
|
|
|
590d18 |
discouraged
|
|
|
590d18 |
- vault: change default vault type to symmetric
|
|
|
590d18 |
- Resolves: #1257163 renaming certificatte profile with --rename option leads
|
|
|
590d18 |
to integrity issues
|
|
|
590d18 |
- certprofile: prevent rename (modrdn)
|
|
|
590d18 |
|
|
|
590d18 |
* Wed Aug 26 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-6
|
|
|
590d18 |
- Resolves: #1249226 IPA dnssec-validation not working for AD dnsforwardzone
|
|
|
590d18 |
- DNSSEC: fix forward zone forwarders checks
|
|
|
590d18 |
- Resolves: #1250190 idrange is not added for sub domain
|
|
|
590d18 |
- trusts: format Kerberos principal properly when fetching trust topology
|
|
|
590d18 |
- Resolves: #1252334 User life cycle: missing ability to provision a stage user
|
|
|
590d18 |
from a preserved user
|
|
|
590d18 |
- Add user-stage command
|
|
|
590d18 |
- Resolves: #1252863 After applying RHBA-2015-1554 errata, IPA service fails to
|
|
|
590d18 |
start.
|
|
|
590d18 |
- spec file: Add Requires(post) on selinux-policy
|
|
|
590d18 |
- Resolves: #1254304 Changing vault encryption attributes
|
|
|
590d18 |
- Change internal rsa_(public|private)_key variable names
|
|
|
590d18 |
- Added support for changing vault encryption.
|
|
|
590d18 |
- Resolves: #1256715 Executing user-del --preserve twice removes the user
|
|
|
590d18 |
pernamently
|
|
|
590d18 |
- improve the usability of `ipa user-del --preserve` command
|
|
|
590d18 |
|
|
|
590d18 |
* Wed Aug 19 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-5
|
|
|
590d18 |
- Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities
|
|
|
590d18 |
- user-undel: Fix error messages.
|
|
|
590d18 |
- Resolves: #1200694 [RFE] Support for multiple cert profiles
|
|
|
590d18 |
- Prohibit deletion of predefined profiles
|
|
|
590d18 |
- Resolves: #1232819 testing ipa-restore on fresh system install fails
|
|
|
590d18 |
- Backup/resore authentication control configuration
|
|
|
590d18 |
- Resolves: #1243331 pkispawn fails when migrating to 4.2 server from 3.0
|
|
|
590d18 |
server
|
|
|
590d18 |
- Require Dogtag PKI >= 10.2.6
|
|
|
590d18 |
- Resolves: #1245225 Asymmetric vault drops traceback when the key is not
|
|
|
590d18 |
proper
|
|
|
590d18 |
- Asymmetric vault: validate public key in client
|
|
|
590d18 |
- Resolves: #1248399 Missing DNSSEC related files in backup
|
|
|
590d18 |
- fix typo in BasePathNamespace member pointing to ods exporter config
|
|
|
590d18 |
- ipa-backup: archive DNSSEC zone file and kasp.db
|
|
|
590d18 |
- Resolves: #1248405 PassSync should be disabled after ipa-winsync-migrate is
|
|
|
590d18 |
finished
|
|
|
590d18 |
- winsync-migrate: Add warning about passsync
|
|
|
590d18 |
- winsync-migrate: Expand the man page
|
|
|
590d18 |
- Resolves: #1248524 User can't find any hosts using "ipa host-find $HOSTNAME"
|
|
|
590d18 |
- adjust search so that it works for non-admin users
|
|
|
590d18 |
- Resolves: #1250093 ipa certprofile-import accepts invalid config
|
|
|
590d18 |
- Require Dogtag PKI >= 10.2.6
|
|
|
590d18 |
- Resolves: #1250107 IPA framework should not allow modifying trust on AD trust
|
|
|
590d18 |
agents
|
|
|
590d18 |
- trusts: Detect missing Samba instance
|
|
|
590d18 |
- Resolves: #1250111 User lifecycle - preserved users can be assigned
|
|
|
590d18 |
membership
|
|
|
590d18 |
- ULC: Prevent preserved users from being assigned membership
|
|
|
590d18 |
- Resolves: #1250145 Add permission for user to bypass caacl enforcement
|
|
|
590d18 |
- Add permission for bypassing CA ACL enforcement
|
|
|
590d18 |
- Resolves: #1250190 idrange is not added for sub domain
|
|
|
590d18 |
- idranges: raise an error when local IPA ID range is being modified
|
|
|
590d18 |
- trusts: harden trust-fetch-domains oddjobd-based script
|
|
|
590d18 |
- Resolves: #1250928 Man page for ipa-server-install is out of sync
|
|
|
590d18 |
- install: Fix server and replica install options
|
|
|
590d18 |
- Resolves: #1251225 IPA default CAACL does not allow cert-request for services
|
|
|
590d18 |
after upgrade
|
|
|
590d18 |
- Fix default CA ACL added during upgrade
|
|
|
590d18 |
- Resolves: #1251561 ipa vault-add Unknown option: ipavaultpublickey
|
|
|
590d18 |
- validate mutually exclusive options in vault-add
|
|
|
590d18 |
- Resolves: #1251579 ipa vault-add --user should set container owner equal to
|
|
|
590d18 |
user on first run
|
|
|
590d18 |
- Fixed vault container ownership.
|
|
|
590d18 |
- Resolves: #1252517 cert-request rejects request with correct
|
|
|
590d18 |
krb5PrincipalName SAN
|
|
|
590d18 |
- Fix KRB5PrincipalName / UPN SAN comparison
|
|
|
590d18 |
- Resolves: #1252555 ipa vault-find doesn't work for services
|
|
|
590d18 |
- vault: Add container information to vault command results
|
|
|
590d18 |
- Add flag to list all service and user vaults
|
|
|
590d18 |
- Resolves: #1252556 Missing CLI param and ACL for vault service operations
|
|
|
590d18 |
- Added CLI param and ACL for vault service operations.
|
|
|
590d18 |
- Resolves: #1252557 certprofile: improve profile format documentation
|
|
|
590d18 |
- certprofile-import: improve profile format documentation
|
|
|
590d18 |
- certprofile: add profile format explanation
|
|
|
590d18 |
- Resolves: #1253443 ipa vault-add creates vault with invalid type
|
|
|
590d18 |
- vault: validate vault type
|
|
|
590d18 |
- Resolves: #1253480 ipa vault-add-owner does not fail when adding an existing
|
|
|
590d18 |
owner
|
|
|
590d18 |
- baseldap: Allow overriding member param label in LDAPModMember
|
|
|
590d18 |
- vault: Fix param labels in output of vault owner commands
|
|
|
590d18 |
- Resolves: #1253511 ipa vault-find does not use criteria
|
|
|
590d18 |
- vault: Fix vault-find with criteria
|
|
|
590d18 |
- Resolves: #1254038 ipa-replica-install pk12util error returns exit status 10
|
|
|
590d18 |
- install: Fix replica install with custom certificates
|
|
|
590d18 |
- Resolves: #1254262 ipa-dnskeysync-replica crash cannot contact kdc
|
|
|
590d18 |
- improve the handling of krb5-related errors in dnssec daemons
|
|
|
590d18 |
- Resolves: #1254412 when dirsrv is off ,upgrade from 7.1 to 7.2 fails with
|
|
|
590d18 |
starting CA and named-pkcs11.service
|
|
|
590d18 |
- Server Upgrade: Start DS before CA is started.
|
|
|
590d18 |
- Resolves: #1254637 Add ACI and permission for managing user userCertificate
|
|
|
590d18 |
attribute
|
|
|
590d18 |
- add permission: System: Manage User Certificates
|
|
|
590d18 |
- Resolves: #1254641 Remove CSR allowed-extensions restriction
|
|
|
590d18 |
- cert-request: remove allowed extensions check
|
|
|
590d18 |
- Resolves: #1254693 vault --service does not normalize service principal
|
|
|
590d18 |
- vault: normalize service principal in service vault operations
|
|
|
590d18 |
- Resolves: #1254785 ipa-client-install does not properly handle dual stacked
|
|
|
590d18 |
hosts
|
|
|
590d18 |
- client: Add support for multiple IP addresses during installation.
|
|
|
590d18 |
- Add dependency to SSSD 1.13.1
|
|
|
590d18 |
- client: Add description of --ip-address and --all-ip-addresses to man page
|
|
|
590d18 |
|
|
|
590d18 |
* Tue Aug 11 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-4
|
|
|
590d18 |
- Resolves: #1072383 [RFE] Provide ability to map CAC identity certificates to
|
|
|
590d18 |
users in IdM
|
|
|
590d18 |
- store certificates issued for user entries as
|
|
|
590d18 |
- user-show: add --out option to save certificates to file
|
|
|
590d18 |
- Resolves: #1145748 [RFE] IPA running with One Way Trust
|
|
|
590d18 |
- Fix upgrade of sidgen and extdom plugins
|
|
|
590d18 |
- Resolves: #1195339 ipa-client-install changes the label on various files
|
|
|
590d18 |
which causes SELinux denials
|
|
|
590d18 |
- Use 'mv -Z' in specfile to restore SELinux context
|
|
|
590d18 |
- Resolves: #1198796 Text in UI should describe differing LDAP vs Krb behavior
|
|
|
590d18 |
for combinations of "User authentication types"
|
|
|
590d18 |
- webui: add LDAP vs Kerberos behavior description to user auth
|
|
|
590d18 |
- Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities
|
|
|
590d18 |
- ULC: Fix stageused-add --from-delete command
|
|
|
590d18 |
- Resolves: #1200694 [RFE] Support for multiple cert profiles
|
|
|
590d18 |
- certprofile-import: do not require profileId in profile data
|
|
|
590d18 |
- Give more info on virtual command access denial
|
|
|
590d18 |
- Allow SAN extension for cert-request self-service
|
|
|
590d18 |
- Add profile for DNP3 / IEC 62351-8 certificates
|
|
|
590d18 |
- Work around python-nss bug on unrecognised OIDs
|
|
|
590d18 |
- Resolves: #1204501 [RFE] Add Password Vault (KRA) functionality
|
|
|
590d18 |
- Validate vault's file parameters
|
|
|
590d18 |
- Fixed missing KRA agent cert on replica.
|
|
|
590d18 |
- Resolves: #1225866 display browser config options that apply to the browser.
|
|
|
590d18 |
- webui: add Kerberos configuration instructions for Chrome
|
|
|
590d18 |
- Remove ico files from Makefile
|
|
|
590d18 |
- Resolves: #1246342 Unapply idview raises internal error
|
|
|
590d18 |
- idviews: Check for the Default Trust View only if applying the view
|
|
|
590d18 |
- Resolves: #1248102 [webui] regression - incorrect/no failed auth messages
|
|
|
590d18 |
- webui: fix regressions failed auth messages
|
|
|
590d18 |
- Resolves: #1248396 Internal error in DomainValidator.__search_in_dc
|
|
|
590d18 |
- dcerpc: Fix UnboundLocalError for ccache_name
|
|
|
590d18 |
- Resolves: #1249455 ipa trust-add failed CIFS server configuration does not
|
|
|
590d18 |
allow access to \\pipe\lsarpc
|
|
|
590d18 |
- Fix selector of protocol for LSA RPC binding string
|
|
|
590d18 |
- dcerpc: Simplify generation of LSA-RPC binding strings
|
|
|
590d18 |
- Resolves: #1250192 Error in ipa trust-fecth-domains
|
|
|
590d18 |
- Fix incorrect type comparison in trust-fetch-domains
|
|
|
590d18 |
- Resolves: #1251553 Winsync setup fails with unexpected error
|
|
|
590d18 |
- replication: Fix incorrect exception invocation
|
|
|
590d18 |
- Resolves: #1251854 ipa aci plugin is not parsing aci's correctly.
|
|
|
590d18 |
- ACI plugin: correctly parse bind rules enclosed in
|
|
|
590d18 |
- Resolves: #1252414 Trust agent install does not detect available replicas to
|
|
|
590d18 |
add to master
|
|
|
590d18 |
- adtrust-install: Correctly determine 4.2 FreeIPA servers
|
|
|
590d18 |
|
|
|
590d18 |
* Fri Jul 24 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-3
|
|
|
590d18 |
- Resolves: #1170770 [AD TRUST]IPA should detect inconsistent realm domains
|
|
|
590d18 |
that conflicts with AD DC
|
|
|
590d18 |
- trusts: Check for AD root domain among our trusted domains
|
|
|
590d18 |
- Resolves: #1195339 ipa-client-install changes the label on various files
|
|
|
590d18 |
which causes SELinux denials
|
|
|
590d18 |
- sysrestore: copy files instead of moving them to avoind SELinux issues
|
|
|
590d18 |
- Resolves: #1196656 [ipa-client][rhel71] enable debugging for spawned
|
|
|
590d18 |
commands / ntpd -qgc $tmpfile hangs
|
|
|
590d18 |
- enable debugging of ntpd during client installation
|
|
|
590d18 |
- Resolves: #1205264 Migration UI Does Not Work When Anonymous Bind is Disabled
|
|
|
590d18 |
- migration: Use api.env variables.
|
|
|
590d18 |
- Resolves: #1212719 abort-clean-ruv subcommand should allow
|
|
|
590d18 |
replica-certifyall: no
|
|
|
590d18 |
- Allow value 'no' for replica-certify-all attr in abort-clean-ruv subcommand
|
|
|
590d18 |
- Resolves: #1216935 ipa trust-add shows ipa: ERROR: an internal error has
|
|
|
590d18 |
occurred
|
|
|
590d18 |
- dcerpc: Expand explanation for WERR_ACCESS_DENIED
|
|
|
590d18 |
- dcerpc: Fix UnboundLocalError for ccache_name
|
|
|
590d18 |
- Resolves: #1222778 idoverride group-del can delete user and user-del can
|
|
|
590d18 |
delete group
|
|
|
590d18 |
- dcerpc: Add get_trusted_domain_object_type method
|
|
|
590d18 |
- idviews: Restrict anchor to name and name to anchor conversions
|
|
|
590d18 |
- idviews: Enforce objectclass check in idoverride*-del
|
|
|
590d18 |
- Resolves: #1234919 Be able to request certificates without certmonger service
|
|
|
590d18 |
running
|
|
|
590d18 |
- cermonger: Use private unix socket when DBus SystemBus is not available.
|
|
|
590d18 |
- ipa-client-install: Do not (re)start certmonger and DBus daemons.
|
|
|
590d18 |
- Resolves: #1240939 Please add dependency on bind-pkcs11
|
|
|
590d18 |
- Create server-dns sub-package.
|
|
|
590d18 |
- ipaplatform: Add constants submodule
|
|
|
590d18 |
- DNS: check if DNS package is installed
|
|
|
590d18 |
- Resolves: #1242914 Bump minimal selinux-policy and add booleans to allow
|
|
|
590d18 |
calling out oddjobd-activated services
|
|
|
590d18 |
- selinux: enable httpd_run_ipa to allow communicating with oddjobd services
|
|
|
590d18 |
- Resolves: #1243261 non-admin users cannot search hbac rules
|
|
|
590d18 |
- fix hbac rule search for non-admin users
|
|
|
590d18 |
- fix selinuxusermap search for non-admin users
|
|
|
590d18 |
- Resolves: #1243652 Client has missing dependency on memcache
|
|
|
590d18 |
- do not import memcache on client
|
|
|
590d18 |
- Resolves: #1243835 [webui] user change password dialog does not work
|
|
|
590d18 |
- webui: fix user reset password dialog
|
|
|
590d18 |
- Resolves: #1244802 spec: selinux denial during kdcproxy user creation
|
|
|
590d18 |
- Fix selinux denial during kdcproxy user creation
|
|
|
590d18 |
- Resolves: #1246132 trust-fetch-domains: Do not chown keytab to the sssd user
|
|
|
590d18 |
- oddjob: avoid chown keytab to sssd if sssd user does not exist
|
|
|
590d18 |
- Resolves: #1246136 Adding a privilege to a permission avoids validation
|
|
|
590d18 |
- Validate adding privilege to a permission
|
|
|
590d18 |
- Resolves: #1246141 DNS Administrators cannot search in zones
|
|
|
590d18 |
- DNS: Consolidate DNS RR types in API and schema
|
|
|
590d18 |
- Resolves: #1246143 User plugin - user-find doesn't work properly with manager
|
|
|
590d18 |
option
|
|
|
590d18 |
- fix broken search for users by their manager
|
|
|
590d18 |
|
|
|
590d18 |
* Wed Jul 15 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-2
|
|
|
590d18 |
- Resolves: #1131907 [ipa-client-install] cannot write certificate file
|
|
|
590d18 |
'/etc/ipa/ca.crt.new': must be string or buffer, not None
|
|
|
590d18 |
- Resolves: #1195775 unsaved changes dialog internally inconsistent
|
|
|
590d18 |
- Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities
|
|
|
590d18 |
- Stageusedr-activate: show username instead of DN
|
|
|
590d18 |
- Resolves: #1200694 [RFE] Support for multiple cert profiles
|
|
|
590d18 |
- Prevent to rename certprofile profile id
|
|
|
590d18 |
- Resolves: #1222047 IPA to AD Trust: IPA ERROR 4016: Remote Retrieve Error
|
|
|
590d18 |
- Resolves: #1224769 copy-schema-to-ca.py does not overwrites schema files
|
|
|
590d18 |
- copy-schema-to-ca: allow to overwrite schema files
|
|
|
590d18 |
- Resolves: #1241941 kdc component installation of IPA failed
|
|
|
590d18 |
- spec file: Update minimum required version of krb5
|
|
|
590d18 |
- Resolves: #1242036 Replica install fails to update DNS records
|
|
|
590d18 |
- Fix DNS records installation for replicas
|
|
|
590d18 |
- Resolves: #1242884 Upgrade to 4.2.0 fails when enabling kdc proxy
|
|
|
590d18 |
- Start dirsrv for kdcproxy upgrade
|
|
|
590d18 |
|
|
|
590d18 |
* Thu Jul 9 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-1
|
|
|
590d18 |
- Resolves: #846033 [RFE] Documentation for JSONRPC IPA API
|
|
|
590d18 |
- Resolves: #989091 Ability to manage IdM/IPA directly from a standard LDAP
|
|
|
590d18 |
client
|
|
|
590d18 |
- Resolves: #1072383 [RFE] Provide ability to map CAC identity certificates to
|
|
|
590d18 |
users in IdM
|
|
|
590d18 |
- Resolves: #1115294 [RFE] Add support for DNSSEC
|
|
|
590d18 |
- Resolves: #1145748 [RFE] IPA running with One Way Trust
|
|
|
590d18 |
- Resolves: #1199520 [RFE] Introduce single upgrade tool - ipa-server-upgrade
|
|
|
590d18 |
- Resolves: #1199530 [RFE] Provide user lifecycle managment capabilities
|
|
|
590d18 |
- Resolves: #1200694 [RFE] Support for multiple cert profiles
|
|
|
590d18 |
- Resolves: #1200728 [RFE] Replicate PKI Profile information
|
|
|
590d18 |
- Resolves: #1200735 [RFE] Allow issuing certificates for user accounts
|
|
|
590d18 |
- Resolves: #1204054 SSSD database is not cleared between installs and
|
|
|
590d18 |
uninstalls of ipa
|
|
|
590d18 |
- Resolves: #1204205 [RFE] ID Views: Automated migration tool from Winsync to
|
|
|
590d18 |
Trusts
|
|
|
590d18 |
- Resolves: #1204501 [RFE] Add Password Vault (KRA) functionality
|
|
|
590d18 |
- Resolves: #1204504 [RFE] Add access control so hosts can create their own
|
|
|
590d18 |
services
|
|
|
590d18 |
- Resolves: #1206534 [RFE] Offer Kerberos over HTTP (kdcproxy) by default
|
|
|
590d18 |
- Resolves: #1206613 [RFE] Configure IPA to be a trust agent by default
|
|
|
590d18 |
- Resolves: #1209476 package ipa-client does not require package dbus-python
|
|
|
590d18 |
- Resolves: #1211589 [RFE] Add option to skip the verify_client_version
|
|
|
590d18 |
- Resolves: #1211608 [RFE] Generic support for unknown DNS RR types (RFC 3597)
|
|
|
590d18 |
- Resolves: #1215735 ipa-replica-prepare automatically adds a DNS zone
|
|
|
590d18 |
- Resolves: #1217010 OTP Manager field is not exposed in the UI
|
|
|
590d18 |
- Resolves: #1222475 krb5kdc : segfault at 0 ip 00007fa9f64d82bb sp
|
|
|
590d18 |
00007fffd68b2340 error 6 in libc-2.17.so
|
|
|
590d18 |
- Related: #1204809 Rebase ipa to 4.2
|
|
|
590d18 |
- Update to upstream 4.2.0
|
|
|
590d18 |
- Move /etc/ipa/kdcproxy to the server subpackage
|
|
|
590d18 |
|
|
|
590d18 |
* Tue Jun 23 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-0.2.alpha1
|
|
|
590d18 |
- Resolves: #1228671 pkispawn fails in ipa-ca-install and ipa-kra-install
|
|
|
590d18 |
- Related: #1204809 Rebase ipa to 4.2
|
|
|
590d18 |
- Fix minimum version of slapi-nis
|
|
|
590d18 |
- Require python-sss and python-sss-murmur (provided by sssd-1.13.0)
|
|
|
590d18 |
|
|
|
590d18 |
* Mon Jun 22 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-0.1.alpha1
|
|
|
590d18 |
- Resolves: #805188 [RFE] "ipa migrate-ds" ldapsearches with scope=1
|
|
|
590d18 |
- Resolves: #1019272 With 20000+ users, adding a user to a group intermittently
|
|
|
590d18 |
throws Internal server error
|
|
|
590d18 |
- Resolves: #1035494 Unable to add Kerberos principal via kadmin.local
|
|
|
590d18 |
- Resolves: #1045153 ipa-managed-entries --list -p <badpassword> still requires
|
|
|
590d18 |
DM password
|
|
|
590d18 |
- Resolves: #1125950 ipa-server-install --uinstall doesn't remove port 7389
|
|
|
590d18 |
from ldap_port_t
|
|
|
590d18 |
- Resolves: #1132540 [RFE] Expose service delegation rules in UI and CLI
|
|
|
590d18 |
- Resolves: #1145584 ipaserver/install/cainstance.py creates pkiuser not
|
|
|
590d18 |
matching uidgid
|
|
|
590d18 |
- Resolves: #1176036 IDM client registration failure in a high load environment
|
|
|
590d18 |
- Resolves: #1183116 Remove Requires: subscription-manager
|
|
|
590d18 |
- Resolves: #1186054 permission-add does not prompt to enter --right option in
|
|
|
590d18 |
interactive mode
|
|
|
590d18 |
- Resolves: #1187524 Replication agreement with replica not disabled when
|
|
|
590d18 |
ipa-restore done without IPA installed
|
|
|
590d18 |
- Resolves: #1188195 Fax number not displayed for user-show when kinit'ed as
|
|
|
590d18 |
normal user.
|
|
|
590d18 |
- Resolves: #1189034 "an internal error has occurred" during ipa host-del
|
|
|
590d18 |
--updatedns
|
|
|
590d18 |
- Resolves: #1193554 ipa-client-automount: failing with error LDAP server
|
|
|
590d18 |
returned UNWILLING_TO_PERFORM. This likely means that minssf is enabled.
|
|
|
590d18 |
- Resolves: #1193759 IPA extdom plugin fails when encountering large groups
|
|
|
590d18 |
- Resolves: #1194312 [ipa-python] ipalib.errors.LDAPError: failed to decode
|
|
|
590d18 |
certificate: (SEC_ERROR_INVALID_ARGS) security library: invalid arguments.
|
|
|
590d18 |
- Resolves: #1194633 Default trust view can be deleted in lower case
|
|
|
590d18 |
- Resolves: #1196455 ipa-server-install step [8/27]: starting certificate
|
|
|
590d18 |
server instance - confusing CA staus message on TLS error
|
|
|
590d18 |
- Resolves: #1198263 Limit deadlocks between DS plugin DNA and slapi-nis
|
|
|
590d18 |
- Resolves: #1199527 [RFE] Use datepicker component for datetime fields
|
|
|
590d18 |
- Resolves: #1200867 [RFE] Make OTP validation window configurable
|
|
|
590d18 |
- Resolves: #1200883 [RFE] Switch apache to use mod_auth_gssapi
|
|
|
590d18 |
- Resolves: #1202998 CVE-2015-1827 ipa: memory corruption when using
|
|
|
590d18 |
get_user_grouplist() [rhel-7.2]
|
|
|
590d18 |
- Resolves: #1204637 slow group operations
|
|
|
590d18 |
- Resolves: #1204642 migrate-ds: slow add o users to default group
|
|
|
590d18 |
- Resolves: #1208461 IPA CA master server update stuck on checking getStatus
|
|
|
590d18 |
via https
|
|
|
590d18 |
- Resolves: #1211602 Hide ipa-server-install KDC master password option (-P)
|
|
|
590d18 |
- Resolves: #1211708 ipa-client-install gets stuck during NTP sync
|
|
|
590d18 |
- Resolves: #1215197 ipa-client-install ignores --ntp-server option during time
|
|
|
590d18 |
sync
|
|
|
590d18 |
- Resolves: #1215200 ipa-client-install configures IPA server as NTP source
|
|
|
590d18 |
even if IPA server has not ntpd configured
|
|
|
590d18 |
- Resolves: #1217009 OTP sync in UI does not work for TOTP tokens
|
|
|
590d18 |
- Related: #1204809 Rebase ipa to 4.2
|
|
|
590d18 |
- Update to upstream 4.2.0.alpha1
|
|
|
ba521e |
|
|
|
0201d8 |
* Thu Mar 19 2015 Jan Cholasta <jcholast@redhat.com> - 4.1.0-18.3
|
|
|
0201d8 |
- [ipa-python] ipalib.errors.LDAPError: failed to decode certificate:
|
|
|
0201d8 |
(SEC_ERROR_INVALID_ARGS) security library: invalid arguments. (#1194312)
|
|
|
0201d8 |
|
|
|
0201d8 |
* Wed Mar 18 2015 Alexander Bokovoy <abokovoy@redhat.com> - 4.1.0-18.2
|
|
|
0201d8 |
- IPA extdom plugin fails when encountering large groups (#1193759)
|
|
|
0201d8 |
- CVE-2015-0283 ipa: slapi-nis: infinite loop in getgrnam_r() and getgrgid_r()
|
|
|
590d18 |
(#1202998)
|
|
|
0201d8 |
|
|
|
0201d8 |
* Thu Mar 5 2015 Jan Cholasta <jcholast@redhat.com> - 4.1.0-18.1
|
|
|
0201d8 |
- "an internal error has occurred" during ipa host-del --updatedns (#1198431)
|
|
|
0201d8 |
- Renamed patch 1013 to 0114, as it was merged upstream
|
|
|
0201d8 |
- Fax number not displayed for user-show when kinit'ed as normal user.
|
|
|
0201d8 |
(#1198430)
|
|
|
0201d8 |
- Replication agreement with replica not disabled when ipa-restore done without
|
|
|
0201d8 |
IPA installed (#1199060)
|
|
|
0201d8 |
- Limit deadlocks between DS plugin DNA and slapi-nis (#1199128)
|
|
|
0201d8 |
|
|
|
0201d8 |
* Thu Jan 29 2015 Martin Kosek <mkosek@redhat.com> - 4.1.0-18
|
|
|
e3ffab |
- Fix ipa-pwd-extop global configuration caching (#1187342)
|
|
|
e3ffab |
- group-detach does not add correct objectclasses (#1187540)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Tue Jan 27 2015 Jan Cholasta <jcholast@redhat.com> - 4.1.0-17
|
|
|
e3ffab |
- Wrong directories created on full restore (#1186398)
|
|
|
e3ffab |
- ipa-restore crashes if replica is unreachable (#1186396)
|
|
|
e3ffab |
- idoverrideuser-add option --sshpubkey does not work (#1185410)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Wed Jan 21 2015 Jan Cholasta <jcholast@redhat.com> - 4.1.0-16
|
|
|
e3ffab |
- PassSync does not sync passwords due to missing ACIs (#1181093)
|
|
|
e3ffab |
- ipa-replica-manage list does not list synced domain (#1181010)
|
|
|
e3ffab |
- Do not assume certmonger is running in httpinstance (#1181767)
|
|
|
e3ffab |
- ipa-replica-manage disconnect fails without password (#1183279)
|
|
|
e3ffab |
- Put LDIF files to their original location in ipa-restore (#1175277)
|
|
|
e3ffab |
- DUA profile not available anonymously (#1184149)
|
|
|
e3ffab |
- IPA replica missing data after master upgraded (#1176995)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Wed Jan 14 2015 Jan Cholasta <jcholast@redhat.com> - 4.1.0-15
|
|
|
e3ffab |
- Re-add accidentally removed patches for #1170695 and #1164896
|
|
|
e3ffab |
|
|
|
e3ffab |
* Wed Jan 14 2015 Jan Cholasta <jcholast@redhat.com> - 4.1.0-14
|
|
|
e3ffab |
- IPA Replicate creation fails with error "Update failed! Status: [10 Total
|
|
|
e3ffab |
update abortedLDAP error: Referral]" (#1166265)
|
|
|
e3ffab |
- running ipa-server-install --setup-dns results in a crash (#1072502)
|
|
|
e3ffab |
- DNS zones are not migrated into forward zones if 4.0+ replica is added
|
|
|
e3ffab |
(#1175384)
|
|
|
e3ffab |
- gid is overridden by uid in default trust view (#1168904)
|
|
|
e3ffab |
- When migrating warn user if compat is enabled (#1177133)
|
|
|
e3ffab |
- Clean up debug log for trust-add (#1168376)
|
|
|
e3ffab |
- No error message thrown on restore(full kind) on replica from full backup
|
|
|
e3ffab |
taken on master (#1175287)
|
|
|
e3ffab |
- ipa-restore proceed even IPA not configured (#1175326)
|
|
|
e3ffab |
- Data replication not working as expected after data restore from full backup
|
|
|
e3ffab |
(#1175277)
|
|
|
e3ffab |
- IPA externally signed CA cert expiration warning missing from log (#1178128)
|
|
|
e3ffab |
- ipa-upgradeconfig fails in CA-less installs (#1181767)
|
|
|
e3ffab |
- IPA certs fail to autorenew simultaneouly (#1173207)
|
|
|
e3ffab |
- More validation required on ipa-restore's options (#1176034)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Wed Dec 17 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-13
|
|
|
e3ffab |
- Expand the token auth/sync windows (#919228)
|
|
|
e3ffab |
- Access is not rejected for disabled domain (#1172598)
|
|
|
e3ffab |
- krb5kdc crash in ldap_pvt_search (#1170695)
|
|
|
e3ffab |
- RHEL7.1 IPA server httpd avc denials after upgrade (#1164896)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Wed Dec 10 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-12
|
|
|
e3ffab |
- RHEL7.1 ipa-cacert-manage renewed certificate from MS ADCS not compatible
|
|
|
e3ffab |
(#1169591)
|
|
|
e3ffab |
- CLI doesn't show SSHFP records with SHA256 added via nsupdate (regression)
|
|
|
e3ffab |
(#1172578)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Tue Dec 9 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-11
|
|
|
e3ffab |
- Throw zonemgr error message before installation proceeds (#1163849)
|
|
|
e3ffab |
- Winsync: Setup is broken due to incorrect import of certificate (#1169867)
|
|
|
e3ffab |
- Enable last token deletion when password auth type is configured (#919228)
|
|
|
e3ffab |
- ipa-otp-lasttoken loads all user's tokens on every mod/del (#1166641)
|
|
|
e3ffab |
- add --hosts and --hostgroup options to allow/retrieve keytab methods
|
|
|
e3ffab |
(#1007367)
|
|
|
e3ffab |
- Extend host-show to add the view attribute in set of default attributes
|
|
|
e3ffab |
(#1168916)
|
|
|
e3ffab |
- Prefer TCP connections to UDP in krb5 clients (#919228)
|
|
|
e3ffab |
- [WebUI] Not able to unprovisioning service in IPA 4.1 (#1168214)
|
|
|
e3ffab |
- webui: increase notification duration (#1171089)
|
|
|
e3ffab |
- RHEL7.1 ipa automatic CA cert renewal stuck in submitting state (#1166931)
|
|
|
e3ffab |
- RHEL7.1 ipa-cacert-manage cannot change external to self-signed ca cert
|
|
|
e3ffab |
(#1170003)
|
|
|
e3ffab |
- Improve validation of --instance and --backend options in ipa-restore
|
|
|
e3ffab |
(#951581)
|
|
|
e3ffab |
- RHEL7.1 ipa replica unable to replicate to rhel6 master (#1167964)
|
|
|
e3ffab |
- Disable TLS 1.2 in nss.conf until mod_nss supports it (#1156466)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Wed Nov 26 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-10
|
|
|
e3ffab |
- Use NSS protocol range API to set available TLS protocols (#1156466)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Tue Nov 25 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-9
|
|
|
e3ffab |
- schema update on RHEL-6.6 using latest copy-schema-to-ca.py from RHEL-7.1
|
|
|
e3ffab |
build fails (#1167196)
|
|
|
e3ffab |
- Investigate & fix Coverity defects in IPA DS/KDC plugins (#1160756)
|
|
|
e3ffab |
- "ipa trust-add ... " cmd says : (Trust status: Established and verified)
|
|
|
e3ffab |
while in the logs we see "WERR_ACCESS_DENIED" during verification step.
|
|
|
e3ffab |
(#1144121)
|
|
|
e3ffab |
- POODLE: force using safe ciphers (non-SSLv3) in IPA client and server
|
|
|
e3ffab |
(#1156466)
|
|
|
e3ffab |
- Add support/hooks for a one-time password system like SecureID in IPA
|
|
|
e3ffab |
(#919228)
|
|
|
e3ffab |
- Tracebacks with latest build for --zonemgr cli option (#1167270)
|
|
|
e3ffab |
- ID Views: Support migration from the sync solution to the trust solution
|
|
|
e3ffab |
(#891984)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Mon Nov 24 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-8
|
|
|
e3ffab |
- Improve otptoken help messages (#919228)
|
|
|
e3ffab |
- Ensure users exist when assigning tokens to them (#919228)
|
|
|
e3ffab |
- Enable QR code display by default in otptoken-add (#919228)
|
|
|
e3ffab |
- Show warning instead of error if CA did not start (#1158410)
|
|
|
e3ffab |
- CVE-2014-7850 freeipa: XSS flaw can be used to escalate privileges (#1165774)
|
|
|
e3ffab |
- Traceback when adding zone with long name (#1164859)
|
|
|
e3ffab |
- Backup & Restore mechanism (#951581)
|
|
|
e3ffab |
- ignoring user attributes in migrate-ds does not work if uppercase characters
|
|
|
e3ffab |
are returned by ldap (#1159816)
|
|
|
e3ffab |
- Allow ipa-getkeytab to optionally fetch existing keys (#1007367)
|
|
|
e3ffab |
- Failure when installing on dual stacked system with external ca (#1128380)
|
|
|
e3ffab |
- ipa-server should keep backup of CS.cfg (#1059135)
|
|
|
e3ffab |
- Tracebacks with latest build for --zonemgr cli option (#1167270)
|
|
|
e3ffab |
- webui: use domain name instead of domain SID in idrange adder dialog
|
|
|
e3ffab |
(#891984)
|
|
|
e3ffab |
- webui: normalize idview tab labels (#891984)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Wed Nov 19 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-7
|
|
|
e3ffab |
- ipa-csreplica-manage connect fails (#1157735)
|
|
|
e3ffab |
- error message which is not understandable when IDNA2003 characters are
|
|
|
e3ffab |
present in --zonemgr (#1163849)
|
|
|
e3ffab |
- Fix warning message should not contain CLI commands (#1114013)
|
|
|
e3ffab |
- Renewing the CA signing certificate does not extend its validity period end
|
|
|
e3ffab |
(#1163498)
|
|
|
e3ffab |
- RHEL7.1 ipa-server-install --uninstall Could not set SELinux booleans for
|
|
|
e3ffab |
httpd (#1159330)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Thu Nov 13 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-6
|
|
|
e3ffab |
- Fix: DNS installer adds invalid zonemgr email (#1056202)
|
|
|
e3ffab |
- ipaplatform: Use the dirsrv service, not target (#951581)
|
|
|
e3ffab |
- Fix: DNS policy upgrade raises asertion error (#1161128)
|
|
|
e3ffab |
- Fix upgrade referint plugin (#1161128)
|
|
|
e3ffab |
- Upgrade: fix trusts objectclass violationi (#1161128)
|
|
|
e3ffab |
- group-add doesn't accept gid parameter (#1149124)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Tue Nov 11 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-5
|
|
|
e3ffab |
- Update slapi-nis dependency to pull 0.54-2 (#891984)
|
|
|
e3ffab |
- ipa-restore: Don't crash if AD trust is not installed (#951581)
|
|
|
e3ffab |
- Prohibit setting --rid-base for ranges of ipa-trust-ad-posix type (#1138791)
|
|
|
e3ffab |
- Trust setting not restored for CA cert with ipa-restore command (#1159011)
|
|
|
e3ffab |
- ipa-server-install fails when restarting named (#1162340)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Thu Nov 06 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-4
|
|
|
e3ffab |
- Update Requires on pki-ca to 10.1.2-4 (#1129558)
|
|
|
e3ffab |
- build: increase java stack size for all arches
|
|
|
e3ffab |
- Add ipaSshPubkey and gidNumber to the ACI to read ID user overrides (#891984)
|
|
|
e3ffab |
- Fix dns zonemgr validation regression (#1056202)
|
|
|
e3ffab |
- Handle profile changes in dogtag-ipa-ca-renew-agent (#886645)
|
|
|
e3ffab |
- Do not wait for new CA certificate to appear in LDAP in ipa-certupdate
|
|
|
e3ffab |
(#886645)
|
|
|
e3ffab |
- Add bind-dyndb-ldap working dir to IPA specfile
|
|
|
e3ffab |
- Fail if certmonger can't see new CA certificate in LDAP in ipa-cacert-manage
|
|
|
e3ffab |
(#886645)
|
|
|
e3ffab |
- Investigate & fix Coverity defects in IPA DS/KDC plugins (#1160756)
|
|
|
e3ffab |
- Deadlock in schema compat plugin (#1161131)
|
|
|
e3ffab |
- ipactl stop should stop dirsrv last (#1161129)
|
|
|
e3ffab |
- Upgrade 3.3.5 to 4.1 failed (#1161128)
|
|
|
e3ffab |
- CVE-2014-7828 freeipa: password not required when OTP in use (#1160877)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Wed Oct 22 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-3
|
|
|
e3ffab |
- Do not check if port 8443 is available in step 2 of external CA install
|
|
|
e3ffab |
(#1129481)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Wed Oct 22 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-2
|
|
|
e3ffab |
- Update Requires on selinux-policy to 3.13.1-4
|
|
|
e3ffab |
|
|
|
e3ffab |
* Tue Oct 21 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-1
|
|
|
e3ffab |
- Update to upstream 4.1.0 (#1109726)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Mon Sep 29 2014 Jan Cholasta <jcholast@redhat.com> - 4.1.0-0.1.alpha1
|
|
|
e3ffab |
- Update to upstream 4.1.0 Alpha 1 (#1109726)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Fri Sep 26 2014 Petr Vobornik <pvoborni@redhat.com> - 4.0.3-3
|
|
|
e3ffab |
- Add redhat-access-plugin-ipa dependency
|
|
|
e3ffab |
|
|
|
e3ffab |
* Thu Sep 25 2014 Jan Cholasta <jcholast@redhat.com> - 4.0.3-2
|
|
|
e3ffab |
- Re-enable otptoken_yubikey plugin
|
|
|
e3ffab |
|
|
|
e3ffab |
* Mon Sep 15 2014 Jan Cholasta <jcholast@redhat.com> - 4.0.3-1
|
|
|
e3ffab |
- Update to upstream 4.0.3 (#1109726)
|
|
|
e3ffab |
|
|
|
e3ffab |
* Thu Aug 14 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-29
|
|
|
031d60 |
- Server installation fails using external signed certificates with
|
|
|
e3ffab |
"IndexError: list index out of range" (#1111320)
|
|
|
031d60 |
- Add rhino to BuildRequires to fix Web UI build error
|
|
|
10ca37 |
|
|
|
9991ea |
* Tue Apr 1 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-28
|
|
|
9991ea |
- ipa-client-automount fails with incompatibility error when installed against
|
|
|
9991ea |
older IPA server (#1083108)
|
|
|
9991ea |
|
|
|
9991ea |
* Wed Mar 26 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-27
|
|
|
9991ea |
- Proxy PKI URI /ca/ee/ca/profileSubmit to enable replication with future
|
|
|
9991ea |
PKI versions (#1080865)
|
|
|
9991ea |
|
|
|
9991ea |
* Tue Mar 25 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-26
|
|
|
9991ea |
- When IdM server trusts multiple AD forests, IPA client returns invalid group
|
|
|
9991ea |
membership info (#1079498)
|
|
|
9991ea |
|
|
|
9991ea |
* Thu Mar 13 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-25
|
|
|
9991ea |
- Deletion of active subdomain range should not be allowed (#1075615)
|
|
|
9991ea |
|
|
|
9991ea |
* Thu Mar 13 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-24
|
|
|
9991ea |
- PKI database is ugraded during replica installation (#1075118)
|
|
|
9991ea |
|
|
|
9991ea |
* Wed Mar 12 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-23
|
|
|
9991ea |
- Unable to add trust successfully with --trust-secret (#1075704)
|
|
|
9991ea |
|
|
|
9991ea |
* Wed Mar 12 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-22
|
|
|
9991ea |
- ipa-replica-install never checks for 7389 port (#1075165)
|
|
|
9991ea |
- Non-terminated string may be passed to LDAP search (#1075091)
|
|
|
9991ea |
- ipa-sam may fail to translate group SID into GID (#1073829)
|
|
|
9991ea |
- Excessive LDAP calls by ipa-sam during Samba FS operations (#1075132)
|
|
|
9991ea |
|
|
|
9991ea |
* Thu Mar 6 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-21
|
|
|
9991ea |
- Do not fetch a principal two times, remove potential memory leak (#1070924)
|
|
|
9991ea |
|
|
|
9991ea |
* Wed Mar 5 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-20
|
|
|
9991ea |
- trustdomain-find with pkey-only fails (#1068611)
|
|
|
9991ea |
- Invalid credential cache in trust-add (#1069182)
|
|
|
9991ea |
- ipa-replica-install prints unexpected error (#1069722)
|
|
|
9991ea |
- Too big font in input fields in details facet in Firefox (#1069720)
|
|
|
9991ea |
- trust-add for POSIX AD does not fetch trustdomains (#1070925)
|
|
|
9991ea |
- Misleading trust-add error message in some cases (#1070926)
|
|
|
9991ea |
- Access is not rejected for disabled domain (#1070924)
|
|
|
9991ea |
|
|
|
9991ea |
* Wed Feb 26 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-19
|
|
|
9991ea |
- Remove ipa-backup and ipa-restore functionality from RHEL (#1003933)
|
|
|
9991ea |
|
|
|
9991ea |
* Wed Feb 12 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-18
|
|
|
9991ea |
- Display server name in ipa command's verbose mode (#1061703)
|
|
|
9991ea |
- Remove sourcehostcategory from default HBAC rule (#1061187)
|
|
|
9991ea |
- dnszone-add cannot add classless PTR zones (#1058688)
|
|
|
9991ea |
- Move ipa-otpd socket directory to /var/run/krb5kdc (#1063850)
|
|
|
9991ea |
|
|
|
9991ea |
* Tue Feb 4 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-17
|
|
|
9991ea |
- Lockout plugin crashed during ipa-server-install (#912725)
|
|
|
9991ea |
|
|
|
9991ea |
* Fri Jan 31 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-16
|
|
|
9991ea |
- Fallback to global policy in ipa lockout plugin (#912725)
|
|
|
9991ea |
- Migration does not add users to default group (#903232)
|
|
|
9991ea |
|
|
|
9991ea |
* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 3.3.3-15
|
|
|
9991ea |
- Mass rebuild 2014-01-24
|
|
|
9991ea |
|
|
|
9991ea |
* Thu Jan 23 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-14
|
|
|
9991ea |
- Fix NetBIOS name generation in CLDAP plugin (#1030517)
|
|
|
9991ea |
|
|
|
9991ea |
* Mon Jan 20 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-13
|
|
|
9991ea |
- Do not add krbPwdPolicyReference for new accounts, hardcode it (#1045218)
|
|
|
9991ea |
- Increase default timeout for IPA services (#1033273)
|
|
|
9991ea |
- Error while running trustdomain-find (#1054376)
|
|
|
9991ea |
- group-show lists SID instead of name for external groups (#1054391)
|
|
|
9991ea |
- Fix IPA server NetBIOS name in samba configuration (#1030517)
|
|
|
9991ea |
- dnsrecord-mod produces missing API version warning (#1054869)
|
|
|
9991ea |
- Hide trust-resolve command as internal (#1052860)
|
|
|
9991ea |
- Add Trust domain Web UI (#1054870)
|
|
|
9991ea |
- ipasam cannot delete multiple child trusted domains (#1056120)
|
|
|
9991ea |
|
|
|
9991ea |
* Wed Jan 15 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-12
|
|
|
9991ea |
- Missing objectclasses when empty password passed to host-add (#1052979)
|
|
|
9991ea |
- sudoOrder missing in sudoers (#1052983)
|
|
|
9991ea |
- Missing examples in sudorule help (#1049464)
|
|
|
9991ea |
- Client automount does not uninstall when fstore is empty (#910899)
|
|
|
9991ea |
- Error not clear for invalid realm given to trust-fetch-domains (#1052981)
|
|
|
9991ea |
- trust-fetch-domains does not add idrange for subdomains found (#1049926)
|
|
|
9991ea |
- Add option to show if an AD subdomain is enabled/disabled (#1052973)
|
|
|
9991ea |
- ipa-adtrust-install still failed with long NetBIOS names (#1030517)
|
|
|
9991ea |
- Error not clear for invalid relam given to trustdomain-find (#1049455)
|
|
|
9991ea |
- renewed client cert not recognized during IPA CA renewal (#1033273)
|
|
|
9991ea |
|
|
|
9991ea |
* Fri Jan 10 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-11
|
|
|
9991ea |
- hbactest does not work for external users (#848531)
|
|
|
9991ea |
|
|
|
9991ea |
* Wed Jan 08 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-10
|
|
|
9991ea |
- PKI service restart after CA renewal failed (#1040018)
|
|
|
9991ea |
|
|
|
9991ea |
* Mon Jan 06 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-9
|
|
|
9991ea |
- Move ipa-tests package to separate srpm (#1032668)
|
|
|
9991ea |
|
|
|
9991ea |
* Fri Jan 3 2014 Martin Kosek <mkosek@redhat.com> - 3.3.3-8
|
|
|
9991ea |
- Fix status trust-add command status message (#910453)
|
|
|
9991ea |
- NetBIOS was not trimmed at 15 characters (#1030517)
|
|
|
9991ea |
- Harden CA subsystem certificate renewal on CA clones (#1040018)
|
|
|
9991ea |
|
|
|
9991ea |
* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 3.3.3-7
|
|
|
9991ea |
- Mass rebuild 2013-12-27
|
|
|
9991ea |
|
|
|
9991ea |
* Mon Dec 2 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-6
|
|
|
9991ea |
- Remove "Listen 443 http" hack from deployed nss.conf (#1029046)
|
|
|
9991ea |
- Re-adding existing trust fails (#1033216)
|
|
|
9991ea |
- IPA uninstall exits with a samba error (#1033075)
|
|
|
9991ea |
- Added RELRO hardening on /usr/libexec/ipa-otpd (#1026260)
|
|
|
9991ea |
- Fixed ownership of /usr/share/ipa/ui/js (#1026260)
|
|
|
9991ea |
- ipa-tests: support external names for hosts (#1032668)
|
|
|
9991ea |
- ipa-client-install fail due fail to obtain host TGT (#1029354)
|
|
|
9991ea |
|
|
|
99b6f7 |
* Fri Nov 22 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-5
|
|
|
99b6f7 |
- Trust add tries to add same value of --base-id for sub domain,
|
|
|
99b6f7 |
causing an error (#1033068)
|
|
|
99b6f7 |
- Improved error reporting for adding trust case (#1029856)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Nov 13 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-4
|
|
|
99b6f7 |
- Winsync agreement cannot be created (#1023085)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Nov 6 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-3
|
|
|
99b6f7 |
- Installer did not detect different server and IPA domain (#1026845)
|
|
|
99b6f7 |
- Allow kernel keyring CCACHE when supported (#1026861)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Nov 5 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-2
|
|
|
99b6f7 |
- ipa-server-install crashes when AD subpackage is not installed (#1026434)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Nov 1 2013 Martin Kosek <mkosek@redhat.com> - 3.3.3-1
|
|
|
99b6f7 |
- Update to upstream 3.3.3 (#991064)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Oct 29 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-5
|
|
|
99b6f7 |
- Temporarily move ipa-backup and ipa-restore functionality
|
|
|
99b6f7 |
back to make them available in public Beta (#1003933)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Oct 29 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-4
|
|
|
99b6f7 |
- Server install failure during client enrollment shouldn't
|
|
|
99b6f7 |
roll back (#1023086)
|
|
|
99b6f7 |
- nsds5ReplicaStripAttrs are not set on agreements (#1023085)
|
|
|
99b6f7 |
- ipa-server conflicts with mod_ssl (#1018172)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Oct 16 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-3
|
|
|
99b6f7 |
- Reinstalling ipa server hangs when configuring certificate
|
|
|
99b6f7 |
server (#1018804)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Oct 11 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-2
|
|
|
99b6f7 |
- Deprecate --serial-autoincrement option (#1016645)
|
|
|
99b6f7 |
- CA installation always failed on replica (#1005446)
|
|
|
99b6f7 |
- Re-initializing a winsync connection exited with error (#994980)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Oct 4 2013 Martin Kosek <mkosek@redhat.com> - 3.3.2-1
|
|
|
99b6f7 |
- Update to upstream 3.3.2 (#991064)
|
|
|
99b6f7 |
- Add delegation info to MS-PAC (#915799)
|
|
|
99b6f7 |
- Warn about incompatibility with AD when IPA realm and domain
|
|
|
99b6f7 |
differs (#1009044)
|
|
|
99b6f7 |
- Allow PKCS#12 files with empty password in install tools (#1002639)
|
|
|
99b6f7 |
- Privilege "SELinux User Map Administrators" did not list
|
|
|
99b6f7 |
permissions (#997085)
|
|
|
99b6f7 |
- SSH key upload broken when client joins an older server (#1009024)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Sep 23 2013 Martin Kosek <mkosek@redhat.com> - 3.3.1-5
|
|
|
99b6f7 |
- Remove dependency on python-paramiko (#1002884)
|
|
|
99b6f7 |
- Broken redirection when deleting last entry of DNS resource
|
|
|
99b6f7 |
record (#1006360)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Sep 10 2013 Martin Kosek <mkosek@redhat.com> - 3.3.1-4
|
|
|
99b6f7 |
- Remove ipa-backup and ipa-restore functionality from RHEL (#1003933)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Sep 9 2013 Martin Kosek <mkosek@redhat.com> - 3.3.1-3
|
|
|
99b6f7 |
- Replica installation fails for RHEL 6.4 master (#1004680)
|
|
|
99b6f7 |
- Server uninstallation crashes if DS is not available (#998069)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Sep 5 2013 Martin Kosek <mkosek@redhat.com> - 3.3.1-2
|
|
|
99b6f7 |
- Unable to remove replica by ipa-replica-manage (#1001662)
|
|
|
99b6f7 |
- Before uninstalling a server, warn about active replicas (#998069)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Aug 29 2013 Rob Crittenden <rcritten@redhat.com> - 3.3.1-1
|
|
|
99b6f7 |
- Update to upstream 3.3.1 (#991064)
|
|
|
99b6f7 |
- Update minimum version of bind-dyndb-ldap to 3.5
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Aug 20 2013 Rob Crittenden <rcritten@redhat.com> - 3.3.0-7
|
|
|
99b6f7 |
- Fix replica installation failing on certificate subject (#983075)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Aug 13 2013 Martin Kosek <mkosek@redhat.com> - 3.3.0-6
|
|
|
99b6f7 |
- Allow ipa-tests to work with older version (1.7.7) of python-paramiko
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Aug 13 2013 Martin Kosek <mkosek@redhat.com> - 3.3.0-5
|
|
|
99b6f7 |
- Prevent multilib failures in *.pyo and *.pyc files
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Aug 12 2013 Martin Kosek <mkosek@redhat.com> - 3.3.0-4
|
|
|
99b6f7 |
- ipa-server-install fails if --subject parameter is other than default
|
|
|
99b6f7 |
realm (#983075)
|
|
|
99b6f7 |
- do not allow configuring bind-dyndb-ldap without persistent search (#967876)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Aug 12 2013 Martin Kosek <mkosek@redhat.com> - 3.3.0-3
|
|
|
99b6f7 |
- diffstat was missing as a build dependency causing multilib problems
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Aug 8 2013 Martin Kosek <mkosek@redhat.com> - 3.3.0-2
|
|
|
99b6f7 |
- Remove ipa-server-selinux obsoletes as upgrades from version prior to
|
|
|
99b6f7 |
3.3.0 are not allowed
|
|
|
99b6f7 |
- Wrap server-trust-ad subpackage description better
|
|
|
9991ea |
- Add (noreplace) flag for %%{_sysconfdir}/tmpfiles.d/ipa.conf
|
|
|
99b6f7 |
- Change permissions on default_encoding_utf8.so to fix ipa-python Provides
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Aug 8 2013 Martin Kosek <mkosek@redhat.com> - 3.3.0-1
|
|
|
99b6f7 |
- Update to upstream 3.3.0 (#991064)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Aug 8 2013 Martin Kosek <mkosek@redhat.com> - 3.3.0-0.2.beta2
|
|
|
99b6f7 |
- Require slapi-nis 0.47.7 delivering a core feature of 3.3.0 release
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Aug 7 2013 Martin Kosek <mkosek@redhat.com> - 3.3.0-0.1.beta2
|
|
|
99b6f7 |
- Update to upstream 3.3.0 Beta 2 (#991064)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jul 18 2013 Martin Kosek <mkosek@redhat.com> - 3.2.2-1
|
|
|
99b6f7 |
- Update to upstream 3.2.2
|
|
|
99b6f7 |
- Drop ipa-server-selinux subpackage
|
|
|
99b6f7 |
- Drop redundant directory /var/cache/ipa/sessions
|
|
|
99b6f7 |
- Do not create /var/lib/ipa/pki-ca/publish, retain reference as ghost
|
|
|
99b6f7 |
- Run ipa-upgradeconfig and server restart in posttrans to avoid inconsistency
|
|
|
99b6f7 |
issues when there are still old parts of software (like entitlements plugin)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Jun 14 2013 Martin Kosek <mkosek@redhat.com> - 3.2.1-1
|
|
|
99b6f7 |
- Update to upstream 3.2.1
|
|
|
99b6f7 |
- Drop dogtag-pki-server-theme requires, it won't be build for RHEL-7.0
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue May 14 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-2
|
|
|
99b6f7 |
- Add OTP patches
|
|
|
99b6f7 |
- Add patch to set KRB5CCNAME for 389-ds-base
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri May 10 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-1
|
|
|
99b6f7 |
- Update to upstream 3.2.0 GA
|
|
|
99b6f7 |
- ipa-client-install fails if /etc/ipa does not exist (#961483)
|
|
|
99b6f7 |
- Certificate status is not visible in Service and Host page (#956718)
|
|
|
99b6f7 |
- ipa-client-install removes needed options from ldap.conf (#953991)
|
|
|
99b6f7 |
- Handle socket.gethostbyaddr() exceptions when verifying hostnames (#953957)
|
|
|
99b6f7 |
- Add triggerin scriptlet to support OpenSSH 6.2 (#953617)
|
|
|
99b6f7 |
- Require nss 3.14.3-12.0 to address certutil certificate import
|
|
|
99b6f7 |
errors (#953485)
|
|
|
99b6f7 |
- Require pki-ca 10.0.2-3 to pull in fix for sslget and mixed IPv4/6
|
|
|
99b6f7 |
environments. (#953464)
|
|
|
99b6f7 |
- ipa-client-install removes 'sss' from /etc/nsswitch.conf (#953453)
|
|
|
99b6f7 |
- ipa-server-install --uninstall doesn't stop dirsrv instances (#953432)
|
|
|
99b6f7 |
- Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON behavior for
|
|
|
99b6f7 |
socket based connections (#960222)
|
|
|
99b6f7 |
- Require libsss_nss_idmap-python
|
|
|
99b6f7 |
- Add Conflicts on nss-pam-ldapd < 0.8.4. The mapping from uniqueMember to
|
|
|
99b6f7 |
member is now done automatically and having it in the config file raises
|
|
|
99b6f7 |
an error.
|
|
|
99b6f7 |
- Add backup and restore tools, directory.
|
|
|
99b6f7 |
- require at least systemd 38 which provides the journal (we no longer
|
|
|
99b6f7 |
need to require syslog.target)
|
|
|
99b6f7 |
- Update Requires on policycoreutils to 2.1.14-37
|
|
|
99b6f7 |
- Update Requires on selinux-policy to 3.12.1-42
|
|
|
99b6f7 |
- Update Requires on 389-ds-base to 1.3.1.0
|
|
|
99b6f7 |
- Remove a Requires for java-atk-wrapper
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Apr 23 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-0.4.beta1
|
|
|
99b6f7 |
- Remove release from krb5-server in strict sub-package to allow for rebuilds.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Apr 22 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-0.3.beta1
|
|
|
99b6f7 |
- Add a Requires for java-atk-wrapper until we can determine which package
|
|
|
99b6f7 |
should be pulling it in, dogtag or tomcat.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Apr 16 2013 Rob Crittenden <rcritten@redhat.com> - 3.2.0-0.2.beta1
|
|
|
99b6f7 |
- Update to upstream 3.2.0 Beta 1
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Apr 2 2013 Martin Kosek <mkosek@redhat.com> - 3.2.0-0.1.pre1
|
|
|
99b6f7 |
- Update to upstream 3.2.0 Prerelease 1
|
|
|
99b6f7 |
- Use upstream reference spec file as a base for Fedora spec file
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Sat Mar 30 2013 Kevin Fenzi <kevin@scrye.com> 3.1.2-4
|
|
|
99b6f7 |
- Rebuild for broken deps
|
|
|
99b6f7 |
- Fix 389-ds-base strict dep to be 1.3.0.5 and krb5-server 1.11.1
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Sat Feb 23 2013 Kevin Fenzi <kevin@scrye.com> - 3.1.2-3
|
|
|
99b6f7 |
- Rebuild for broken deps in rawhide
|
|
|
99b6f7 |
- Fix 389-ds-base strict dep to be 1.3.0.3
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1.2-2
|
|
|
99b6f7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Jan 23 2013 Rob Crittenden <rcritten@redhat.com> - 3.1.2-1
|
|
|
99b6f7 |
- Update to upstream 3.1.2
|
|
|
99b6f7 |
- CVE-2012-4546: Incorrect CRLs publishing
|
|
|
99b6f7 |
- CVE-2012-5484: MITM Attack during Join process
|
|
|
99b6f7 |
- CVE-2013-0199: Cross-Realm Trust key leak
|
|
|
99b6f7 |
- Updated strict dependencies to 389-ds-base = 1.3.0.2 and
|
|
|
99b6f7 |
pki-ca = 10.0.1
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Dec 20 2012 Martin Kosek <mkosek@redhat.com> - 3.1.0-2
|
|
|
99b6f7 |
- Remove redundat Requires versions that are already in Fedora 17
|
|
|
99b6f7 |
- Replace python-crypto Requires with m2crypto
|
|
|
99b6f7 |
- Add missing Requires(post) for client and server-trust-ad subpackages
|
|
|
99b6f7 |
- Restart httpd service when server-trust-ad subpackage is installed
|
|
|
99b6f7 |
- Bump selinux-policy Requires to pick up PKI/LDAP port labeling fixes
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Dec 10 2012 Rob Crittenden <rcritten@redhat.com> - 3.1.0-1
|
|
|
99b6f7 |
- Updated to upstream 3.1.0 GA
|
|
|
99b6f7 |
- Set minimum for sssd to 1.9.2
|
|
|
99b6f7 |
- Set minimum for pki-ca to 10.0.0-1
|
|
|
99b6f7 |
- Set minimum for 389-ds-base to 1.3.0
|
|
|
99b6f7 |
- Set minimum for selinux-policy to 3.11.1-60
|
|
|
99b6f7 |
- Remove unneeded dogtag package requires
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Oct 23 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-3
|
|
|
99b6f7 |
- Update Requires on krb5-server to 1.11
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Oct 12 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-2
|
|
|
99b6f7 |
- Configure CA replication to use TLS instead of SSL
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Oct 12 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-1
|
|
|
99b6f7 |
- Updated to upstream 3.0.0 GA
|
|
|
99b6f7 |
- Set minimum for samba to 4.0.0-153.
|
|
|
99b6f7 |
- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
|
|
|
99b6f7 |
plugin to /dev/null since they cannot be used when trusts are configured
|
|
|
99b6f7 |
- Restrict krb5-server to 1.10.
|
|
|
99b6f7 |
- Update BR for 389-ds-base to 1.3.0
|
|
|
99b6f7 |
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
|
|
|
99b6f7 |
- Add Requires on zip for generating FF browser extension
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Oct 5 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.10
|
|
|
99b6f7 |
- Updated to upstream 3.0.0 rc 2
|
|
|
99b6f7 |
- Include new FF configuration extension
|
|
|
99b6f7 |
- Set minimum Requires of selinux-policy to 3.11.1-33
|
|
|
99b6f7 |
- Set minimum Requires dogtag to 10.0.0-0.43.b1
|
|
|
99b6f7 |
- Add new optional strict sub-package to allow users to limit other
|
|
|
99b6f7 |
package upgrades.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Oct 2 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-0.9
|
|
|
99b6f7 |
- Require samba packages instead of obsoleted samba4 packages
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Sep 21 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.8
|
|
|
99b6f7 |
- Updated to upstream 3.0.0 rc 1
|
|
|
99b6f7 |
- Update BR for 389-ds-base to 1.2.11.14
|
|
|
99b6f7 |
- Update BR for krb5 to 1.10
|
|
|
99b6f7 |
- Update BR for samba4-devel to 4.0.0-139 (rc1)
|
|
|
99b6f7 |
- Add BR for python-polib
|
|
|
99b6f7 |
- Update BR and Requires on sssd to 1.9.0
|
|
|
99b6f7 |
- Update Requires on policycoreutils to 2.1.12-5
|
|
|
99b6f7 |
- Update Requires on 389-ds-base to 1.2.11.14
|
|
|
99b6f7 |
- Update Requires on selinux-policy to 3.11.1-21
|
|
|
99b6f7 |
- Update Requires on dogtag to 10.0.0-0.33.a1
|
|
|
99b6f7 |
- Update Requires on certmonger to 0.60
|
|
|
99b6f7 |
- Update Requires on tomcat to 7.0.29
|
|
|
99b6f7 |
- Update minimum version of bind to 9.9.1-10.P3
|
|
|
99b6f7 |
- Update minimum version of bind-dyndb-ldap to 1.1.0-0.16.rc1
|
|
|
99b6f7 |
- Remove Requires on authconfig from python sub-package
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Sep 5 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.7
|
|
|
99b6f7 |
- Rebuild against samba4 beta8
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Aug 31 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.6
|
|
|
99b6f7 |
- Rebuild against samba4 beta7
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Aug 22 2012 Alexander Bokovoy <abokovoy@redhat.com> - 3.0.0-0.5
|
|
|
99b6f7 |
- Adopt to samba4 beta6 (libsecurity -> libsamba-security)
|
|
|
99b6f7 |
- Add dependency to samba4-winbind
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Aug 17 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.4
|
|
|
99b6f7 |
- Updated to upstream 3.0.0 beta 2
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Aug 6 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-0.3
|
|
|
99b6f7 |
- Updated to current upstream state of 3.0.0 beta 2 development
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Jul 23 2012 Alexander Bokovoy <abokovy@redhat.com> - 3.0.0-0.2
|
|
|
99b6f7 |
- Rebuild against samba4 beta4
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Jul 2 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-0.1
|
|
|
99b6f7 |
- Updated to upstream 3.0.0 beta 1
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu May 3 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-1
|
|
|
99b6f7 |
- Updated to upstream 2.2.0 GA
|
|
|
99b6f7 |
- Update minimum n-v-r of certmonger to 0.53
|
|
|
99b6f7 |
- Update minimum n-v-r of slapi-nis to 0.40
|
|
|
99b6f7 |
- Add Requires in client to oddjob-mkhomedir and python-krbV
|
|
|
99b6f7 |
- Update minimum selinux-policy to 3.10.0-110
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Mar 19 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.2
|
|
|
99b6f7 |
- Update to upstream 2.2.0 beta 1 (2.1.90.rc1)
|
|
|
99b6f7 |
- Set minimum n-v-r for pki-ca and pki-silent to 9.0.18.
|
|
|
99b6f7 |
- Add Conflicts on mod_ssl
|
|
|
99b6f7 |
- Update minimum n-v-r of 389-ds-base to 1.2.10.4
|
|
|
99b6f7 |
- Update minimum n-v-r of sssd to 1.8.0
|
|
|
99b6f7 |
- Update minimum n-v-r of slapi-nis to 0.38
|
|
|
99b6f7 |
- Update minimum n-v-r of pki-* to 9.0.18
|
|
|
99b6f7 |
- Update conflicts on bind-dyndb-ldap to < 1.1.0-0.9.b1
|
|
|
99b6f7 |
- Update conflicts on bind to < 9.9.0-1
|
|
|
99b6f7 |
- Drop requires on krb5-server-ldap
|
|
|
99b6f7 |
- Add patch to remove escaping arguments to pkisilent
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Feb 06 2012 Rob Crittenden <rcritten@redhat.com> - 2.1.90-0.1
|
|
|
99b6f7 |
- Update to upstream 2.2.0 alpha 1 (2.1.90.pre1)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Feb 01 2012 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.4-5
|
|
|
99b6f7 |
- Force to use 389-ds 1.2.10-0.8.a7 or above
|
|
|
99b6f7 |
- Improve upgrade script to handle systemd 389-ds change
|
|
|
99b6f7 |
- Fix freeipa to work with python-ldap 2.4.6
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Jan 11 2012 Martin Kosek <mkosek@redhat.com> - 2.1.4-4
|
|
|
99b6f7 |
- Fix ipa-replica-install crashes
|
|
|
99b6f7 |
- Fix ipa-server-install and ipa-dns-install logging
|
|
|
99b6f7 |
- Set minimum version of pki-ca to 9.0.17 to fix sslget problem
|
|
|
99b6f7 |
caused by FEDORA-2011-17400 update (#771357)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Dec 21 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.4-3
|
|
|
99b6f7 |
- Allow Web-based migration to work with tightened SE Linux policy (#769440)
|
|
|
99b6f7 |
- Rebuild slapi plugins against re-enterant version of libldap
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Sun Dec 11 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.4-2
|
|
|
99b6f7 |
- Allow longer dirsrv startup with systemd:
|
|
|
99b6f7 |
- IPAdmin class will wait until dirsrv instance is available up to 10 seconds
|
|
|
99b6f7 |
- Helps with restarts during upgrade for ipa-ldap-updater
|
|
|
99b6f7 |
- Fix pylint warnings from F16 and Rawhide
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Dec 6 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.4-1
|
|
|
99b6f7 |
- Update to upstream 2.1.4 (CVE-2011-3636)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Dec 5 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-8
|
|
|
99b6f7 |
- Update SELinux policy to allow ipa_kpasswd to connect ldap and
|
|
|
99b6f7 |
read /dev/urandom. (#759679)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Nov 30 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-7
|
|
|
99b6f7 |
- Fix wrong path in packaging freeipa-systemd-upgrade
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Nov 30 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-6
|
|
|
99b6f7 |
- Introduce upgrade script to recover existing configuration after systemd migration
|
|
|
99b6f7 |
as user has no means to recover FreeIPA from systemd migration
|
|
|
99b6f7 |
- Upgrade script:
|
|
|
99b6f7 |
- recovers symlinks in Dogtag instance install
|
|
|
99b6f7 |
- recovers systemd configuration for FreeIPA's directory server instances
|
|
|
99b6f7 |
- recovers freeipa.service
|
|
|
99b6f7 |
- migrates directory server and KDC configs to use proper keytabs for systemd services
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.3-5
|
|
|
99b6f7 |
- Rebuilt for glibc bug#747377
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Oct 19 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-4
|
|
|
e3ffab |
- clean up spec
|
|
|
99b6f7 |
- Depend on sssd >= 1.6.2 for better user experience
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Oct 18 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-3
|
|
|
99b6f7 |
- Fix Fedora package changelog after merging systemd changes
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Oct 18 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-2
|
|
|
99b6f7 |
- Fix postin scriplet for F-15/F-16
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Oct 18 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.3-1
|
|
|
99b6f7 |
- 2.1.3
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Oct 17 2011 Alexander Bokovoy <abokovoy@redhat.com> - 2.1.2-1
|
|
|
99b6f7 |
- Default to systemd for Fedora 16 and onwards
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Aug 16 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.0-1
|
|
|
99b6f7 |
- Update to upstream 2.1.0
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri May 6 2011 Simo Sorce <ssorce@redhat.com> - 2.0.1-2
|
|
|
99b6f7 |
- Fix bug #702633
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon May 2 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.1-1
|
|
|
99b6f7 |
- Update minimum selinux-policy to 3.9.16-18
|
|
|
99b6f7 |
- Update minimum pki-ca and pki-selinux to 9.0.7
|
|
|
99b6f7 |
- Update minimum 389-ds-base to 1.2.8.0-1
|
|
|
99b6f7 |
- Update to upstream 2.0.1
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Mar 24 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-1
|
|
|
99b6f7 |
- Update to upstream GA release
|
|
|
99b6f7 |
- Automatically apply updates when the package is upgraded
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Feb 25 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.4.rc2
|
|
|
99b6f7 |
- Update to upstream freeipa-2.0.0.rc2
|
|
|
99b6f7 |
- Set minimum version of python-nss to 0.11 to make sure IPv6 support is in
|
|
|
99b6f7 |
- Set minimum version of sssd to 1.5.1
|
|
|
99b6f7 |
- Patch to include SuiteSpotGroup when setting up 389-ds instances
|
|
|
99b6f7 |
- Move a lot of BuildRequires so this will build with ONLY_CLIENT enabled
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Feb 15 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.3.rc1
|
|
|
99b6f7 |
- Set the N-V-R so rc1 is an update to beta2.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Feb 14 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.1.rc1
|
|
|
99b6f7 |
- Set minimum version of sssd to 1.5.1
|
|
|
99b6f7 |
- Update to upstream freeipa-2.0.0.rc1
|
|
|
99b6f7 |
- Move server-only binaries from admintools subpackage to server
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.0-0.2.beta2
|
|
|
99b6f7 |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Feb 3 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.1.beta2
|
|
|
99b6f7 |
- Set min version of 389-ds-base to 1.2.8
|
|
|
99b6f7 |
- Set min version of mod_nss 1.0.8-10
|
|
|
99b6f7 |
- Set min version of selinux-policy to 3.9.7-27
|
|
|
99b6f7 |
- Add dogtag themes to Requires
|
|
|
99b6f7 |
- Update to upstream freeipa-2.0.0.pre2
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jan 27 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.2.beta.git80e87e7
|
|
|
99b6f7 |
- Remove unnecessary moving of v1 CA serial number file in post script
|
|
|
99b6f7 |
- Add Obsoletes for server-selinxu subpackage
|
|
|
99b6f7 |
- Using git snapshot 442d6ad30ce1156914e6245aa7502499e50ec0da
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Jan 26 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-0.1.beta.git80e87e7
|
|
|
99b6f7 |
- Prepare spec file for release
|
|
|
99b6f7 |
- Using git snapshot 80e87e75bd6ab56e3e20c49ece55bd4d52f1a503
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Jan 25 2011 Rob Crittenden <rcritten@redhat.com> - 1.99-41
|
|
|
99b6f7 |
- Re-arrange doc and defattr to clean up rpmlint warnings
|
|
|
99b6f7 |
- Remove conditionals on older releases
|
|
|
99b6f7 |
- Move some man pages into admintools subpackage
|
|
|
99b6f7 |
- Remove some explicit Requires in client that aren't needed
|
|
|
99b6f7 |
- Consistent use of buildroot vs RPM_BUILD_ROOT
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Jan 19 2011 Adam Young <ayoung@redhat.com> - 1.99-40
|
|
|
99b6f7 |
- Moved directory install/static to install/ui
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jan 13 2011 Simo Sorce <ssorce@redhat.com> - 1.99-39
|
|
|
99b6f7 |
- Remove dependency on nss_ldap/nss-pam-ldapd
|
|
|
99b6f7 |
- The official client is sssd and that's what we use by default.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jan 13 2011 Simo Sorce <ssorce@redhat.com> - 1.99-38
|
|
|
99b6f7 |
- Remove radius subpackages
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jan 13 2011 Rob Crittenden <rcritten@redhat.com> - 1.99-37
|
|
|
99b6f7 |
- Set minimum pki-ca and pki-silent versions to 9.0.0
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Jan 12 2011 Rob Crittenden <rcritten@redhat.com> - 1.99-36
|
|
|
99b6f7 |
- Drop BuildRequires on mozldap-devel
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Dec 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-35
|
|
|
99b6f7 |
- Add Requires on krb5-pkinit-openssl
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Dec 10 2010 Jr Aquino <jr.aquino@citrix.com> - 1.99-34
|
|
|
99b6f7 |
- Add ipa-host-net-manage script
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Dec 7 2010 Simo Sorce <ssorce@redhat.com> - 1.99-33
|
|
|
99b6f7 |
- Add ipa init script
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Nov 19 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-32
|
|
|
99b6f7 |
- Set minimum level of 389-ds-base to 1.2.7 for enhanced memberof plugin
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Nov 3 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-31
|
|
|
99b6f7 |
- remove ipa-fix-CVE-2008-3274
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Oct 6 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-30
|
|
|
99b6f7 |
- Remove duplicate %%files entries on share/ipa/static
|
|
|
99b6f7 |
- Add python default encoding shared library
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Sep 20 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-29
|
|
|
99b6f7 |
- Drop requires on python-configobj (not used any more)
|
|
|
99b6f7 |
- Drop ipa-ldap-updater message, upgrades are done differently now
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Sep 8 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-28
|
|
|
99b6f7 |
- Drop conflicts on mod_nss
|
|
|
99b6f7 |
- Require nss-pam-ldapd on F-14 or higher instead of nss_ldap (#606847)
|
|
|
99b6f7 |
- Drop a slew of conditionals on older Fedora releases (< 12)
|
|
|
99b6f7 |
- Add a few conditionals against RHEL 6
|
|
|
99b6f7 |
- Add Requires of nss-tools on ipa-client
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Aug 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-27
|
|
|
99b6f7 |
- Set minimum version of certmonger to 0.26 (to pck up #621670)
|
|
|
99b6f7 |
- Set minimum version of pki-silent to 1.3.4 (adds -key_algorithm)
|
|
|
99b6f7 |
- Set minimum version of pki-ca to 1.3.6
|
|
|
99b6f7 |
- Set minimum version of sssd to 1.2.1
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Aug 10 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-26
|
|
|
99b6f7 |
- Add BuildRequires for authconfig
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Jul 19 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-25
|
|
|
99b6f7 |
- Bump up minimum version of python-nss to pick up nss_is_initialize() API
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jun 24 2010 Adam Young <ayoung@redhat.com> - 1.99-24
|
|
|
99b6f7 |
- Removed python-asset based webui
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jun 24 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-23
|
|
|
99b6f7 |
- Change Requires from fedora-ds-base to 389-ds-base
|
|
|
99b6f7 |
- Set minimum level of 389-ds-base to 1.2.6 for the replication
|
|
|
99b6f7 |
version plugin.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Jun 1 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-22
|
|
|
99b6f7 |
- Drop Requires of python-krbV on ipa-client
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon May 17 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-21
|
|
|
99b6f7 |
- Load ipa_dogtag.pp in post install
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Apr 26 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-20
|
|
|
99b6f7 |
- Set minimum level of sssd to 1.1.1 to pull in required hbac fixes.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Mar 4 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-19
|
|
|
99b6f7 |
- No need to create /var/log/ipa_error.log since we aren't using
|
|
|
99b6f7 |
TurboGears any more.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Mar 1 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-18
|
|
|
99b6f7 |
- Fixed share/ipa/wsgi.py so .pyc, .pyo files are included
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Feb 24 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-17
|
|
|
99b6f7 |
- Added Require mod_wsgi, added share/ipa/wsgi.py
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Feb 11 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-16
|
|
|
99b6f7 |
- Require python-wehjit >= 0.2.2
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Feb 3 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-15
|
|
|
99b6f7 |
- Add sssd and certmonger as a Requires on ipa-client
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Jan 27 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-14
|
|
|
99b6f7 |
- Require python-wehjit >= 0.2.0
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Dec 4 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-13
|
|
|
99b6f7 |
- Add ipa-rmkeytab tool
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Dec 1 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-12
|
|
|
99b6f7 |
- Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1
|
|
|
99b6f7 |
Any type
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Nov 25 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-11
|
|
|
99b6f7 |
- Remove v1-style /etc/ipa/ipa.conf, replacing with /etc/ipa/default.conf
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Nov 13 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-10
|
|
|
99b6f7 |
- Add bash completion script and own /etc/bash_completion.d in case it
|
|
|
99b6f7 |
doesn't already exist
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Nov 3 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-9
|
|
|
99b6f7 |
- Remove ipa_webgui, its functions rolled into ipa_httpd
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Oct 12 2009 Jason Gerard DeRose <jderose@redhat.com> - 1.99-8
|
|
|
99b6f7 |
- Removed python-cherrypy from BuildRequires and Requires
|
|
|
99b6f7 |
- Added Requires python-assets, python-wehjit
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Aug 24 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-7
|
|
|
99b6f7 |
- Added httpd SELinux policy so CRLs can be read
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu May 21 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-6
|
|
|
99b6f7 |
- Move ipalib to ipa-python subpackage
|
|
|
99b6f7 |
- Bump minimum version of slapi-nis to 0.15
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed May 6 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-5
|
|
|
99b6f7 |
- Set 0.14 as minimum version for slapi-nis
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Apr 22 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-4
|
|
|
99b6f7 |
- Add Requires: python-nss to ipa-python sub-package
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Mar 5 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-3
|
|
|
99b6f7 |
- Remove the IPA DNA plugin, use the DS one
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Mar 4 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-2
|
|
|
99b6f7 |
- Build radius separately
|
|
|
99b6f7 |
- Fix a few minor issues
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Feb 3 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-1
|
|
|
99b6f7 |
- Replace TurboGears requirement with python-cherrypy
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.1-3
|
|
|
99b6f7 |
- rebuild with new openssl
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Dec 19 2008 Dan Walsh <dwalsh@redhat.com> - 1.2.1-2
|
|
|
99b6f7 |
- Fix SELinux code
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Dec 15 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-1
|
|
|
99b6f7 |
- Fix breakage caused by python-kerberos update to 1.1
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Dec 5 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-0
|
|
|
99b6f7 |
- New upstream release 1.2.1
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 1.2.0-4
|
|
|
99b6f7 |
- Rebuild for Python 2.6
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Nov 14 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-3
|
|
|
99b6f7 |
- Respin after the tarball has been re-released upstream
|
|
|
99b6f7 |
New hash is 506c9c92dcaf9f227cba5030e999f177
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Nov 13 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-2
|
|
|
99b6f7 |
- Conditionally restart also dirsrv and httpd when upgrading
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Oct 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.2.0-1
|
|
|
99b6f7 |
- Update to upstream version 1.2.0
|
|
|
99b6f7 |
- Set fedora-ds-base minimum version to 1.1.3 for winsync header
|
|
|
99b6f7 |
- Set the minimum version for SELinux policy
|
|
|
99b6f7 |
- Remove references to Fedora 7
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Jul 23 2008 Simo Sorce <ssorce@redhat.com> - 1.1.0-3
|
|
|
99b6f7 |
- Fix for CVE-2008-3274
|
|
|
99b6f7 |
- Fix segfault in ipa-kpasswd in case getifaddrs returns a NULL interface
|
|
|
99b6f7 |
- Add fix for bug #453185
|
|
|
99b6f7 |
- Rebuild against openldap libraries, mozldap ones do not work properly
|
|
|
99b6f7 |
- TurboGears is currently broken in rawhide. Added patch to not build
|
|
|
99b6f7 |
the UI locales and removed them from the ipa-server files section.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Jun 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-2
|
|
|
99b6f7 |
- Add call to /usr/sbin/upgradeconfig to post install
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Jun 11 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-1
|
|
|
99b6f7 |
- Update to upstream version 1.1.0
|
|
|
99b6f7 |
- Patch for indexing memberof attribute
|
|
|
99b6f7 |
- Patch for indexing uidnumber and gidnumber
|
|
|
99b6f7 |
- Patch to change DNA default values for replicas
|
|
|
99b6f7 |
- Patch to fix uninitialized variable in ipa-getkeytab
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri May 16 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-5
|
|
|
99b6f7 |
- Set fedora-ds-base minimum version to 1.1.0.1-4 and mod_nss minimum
|
|
|
99b6f7 |
version to 1.0.7-4 so we pick up the NSS fixes.
|
|
|
99b6f7 |
- Add selinux-policy-base(post) to Requires (446496)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Apr 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-4
|
|
|
99b6f7 |
- Add missing entry for /var/cache/ipa/kpasswd (444624)
|
|
|
99b6f7 |
- Added patch to fix permissions problems with the Apache NSS database.
|
|
|
99b6f7 |
- Added patch to fix problem with DNS querying where the query could be
|
|
|
99b6f7 |
returned as the answer.
|
|
|
99b6f7 |
- Fix spec error where patch1 was in the wrong section
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-3
|
|
|
99b6f7 |
- Added patch to fix problem reported by ldapmodify
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2
|
|
|
99b6f7 |
- Fix Requires for krb5-server that was missing for Fedora versions > 9
|
|
|
99b6f7 |
- Remove quotes around test for fedora version to package egg-info
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Apr 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
|
|
|
99b6f7 |
- Update to upstream version 1.0.0
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Mar 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-12
|
|
|
99b6f7 |
- Pull upstream changelog 722
|
|
|
99b6f7 |
- Add Conflicts mod_ssl (435360)
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Feb 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-11
|
|
|
99b6f7 |
- Pull upstream changelog 698
|
|
|
99b6f7 |
- Fix ownership of /var/log/ipa_error.log during install (435119)
|
|
|
99b6f7 |
- Add pwpolicy command and man page
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-10
|
|
|
99b6f7 |
- Pull upstream changelog 678
|
|
|
99b6f7 |
- Add new subpackage, ipa-server-selinux
|
|
|
99b6f7 |
- Add Requires: authconfig to ipa-python (bz #433747)
|
|
|
99b6f7 |
- Package i18n files
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Feb 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-9
|
|
|
99b6f7 |
- Pull upstream changelog 641
|
|
|
99b6f7 |
- Require minimum version of krb5-server on F-7 and F-8
|
|
|
99b6f7 |
- Package some new files
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> 0.99-8
|
|
|
99b6f7 |
- Marked with wrong license. IPA is GPLv2.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-7
|
|
|
99b6f7 |
- Ensure that /etc/ipa exists before moving user-modifiable html files there
|
|
|
99b6f7 |
- Put html files into /etc/ipa/html instead of /etc/ipa
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-6
|
|
|
99b6f7 |
- Pull upstream changelog 608 which renamed several files
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-5
|
|
|
99b6f7 |
- package the sessions dir /var/cache/ipa/sessions
|
|
|
99b6f7 |
- Pull upstream changelog 597
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-4
|
|
|
99b6f7 |
- Updated upstream pull (596) to fix bug in ipa_webgui that was causing the
|
|
|
99b6f7 |
UI to not start.
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-3
|
|
|
99b6f7 |
- Included LICENSE and README in all packages for documentation
|
|
|
99b6f7 |
- Move user-modifiable content to /etc/ipa and linked back to
|
|
|
99b6f7 |
/usr/share/ipa/html
|
|
|
99b6f7 |
- Changed some references to /usr to the {_usr} macro and /etc
|
|
|
99b6f7 |
to {_sysconfdir}
|
|
|
99b6f7 |
- Added popt-devel to BuildRequires for Fedora 8 and higher and
|
|
|
99b6f7 |
popt for Fedora 7
|
|
|
99b6f7 |
- Package the egg-info for Fedora 9 and higher for ipa-python
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Jan 22 2008 Rob Crittenden <rcritten@redhat.com> 0.99-2
|
|
|
99b6f7 |
- Added auto* BuildRequires
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Mon Jan 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-1
|
|
|
99b6f7 |
- Unified spec file
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-2
|
|
|
99b6f7 |
- Fixed License in specfile
|
|
|
99b6f7 |
- Include files from /usr/lib/python*/site-packages/ipaserver
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1
|
|
|
99b6f7 |
- Version bump for release
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Nov 21 2007 Karl MacMillan <kmacmill@mentalrootkit.com> - 0.5.0-1
|
|
|
99b6f7 |
- Preverse mode on ipa-keytab-util
|
|
|
99b6f7 |
- Version bump for relase and rpm name change
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Nov 15 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.1-2
|
|
|
99b6f7 |
- Broke invididual Requires and BuildRequires onto separate lines and
|
|
|
99b6f7 |
reordered them
|
|
|
99b6f7 |
- Added python-tgexpandingformwidget as a dependency
|
|
|
99b6f7 |
- Require at least fedora-ds-base 1.1
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Nov 1 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1
|
|
|
99b6f7 |
- Version bump for release
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Oct 31 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-6
|
|
|
99b6f7 |
- Add dep for freeipa-admintools and acl
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Oct 24 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-5
|
|
|
99b6f7 |
- Add dependency for python-krbV
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Oct 19 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-4
|
|
|
99b6f7 |
- Require mod_nss-1.0.7-2 for mod_proxy fixes
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Thu Oct 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-3
|
|
|
99b6f7 |
- Convert to autotools-based build
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Tue Sep 25 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Sep 7 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1
|
|
|
99b6f7 |
- Added support for libipa-dna-plugin
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Aug 10 2007 Karl MacMillan <kmacmill@redhat.com> - 0.2.0-1
|
|
|
99b6f7 |
- Added support for ipa_kpasswd and ipa_pwd_extop
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Sun Aug 5 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-3
|
|
|
99b6f7 |
- Abstracted client class to work directly or over RPC
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Wed Aug 1 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-2
|
|
|
99b6f7 |
- Add mod_auth_kerb and cyrus-sasl-gssapi to Requires
|
|
|
99b6f7 |
- Remove references to admin server in ipa-server-setupssl
|
|
|
99b6f7 |
- Generate a client certificate for the XML-RPC server to connect to LDAP with
|
|
|
99b6f7 |
- Create a keytab for Apache
|
|
|
99b6f7 |
- Create an ldif with a test user
|
|
|
99b6f7 |
- Provide a certmap.conf for doing SSL client authentication
|
|
|
99b6f7 |
|
|
|
99b6f7 |
* Fri Jul 27 2007 Karl MacMillan <kmacmill@redhat.com> - 0.1.0-1
|
|
|
99b6f7 |
- Initial rpm version
|