[ol6_latest_archive] ipa-server-trust-ad-3.0.0-25.el6.x86_64

Name:	ipa-server-trust-ad
Version:	3.0.0
Release:	25.el6
Architecture:	x86_64
Group:	System Environment/Base
Size:	263135
License:	GPLv3+
RPM:	ipa-server-trust-ad-3.0.0-25.el6.x86_64.rpm
Source RPM:	ipa-3.0.0-25.el6.src.rpm
Build Date:	Fri Feb 22 2013
Build Host:	ca-build44.us.oracle.com
Vendor:	Oracle America
URL:	http://www.freeipa.org/
Summary:	Virtual package to install packages required for Active Directory trusts
Description:	Cross-realm trusts with Active Directory in IPA require working Samba 4 installation. This package is provided for convenience to install all required dependencies at once.

Changelog (Show File list) (Show related packages)

Tue Jan 29 2013 Rob Crittenden <rcritten@redhat.com> - 3.0.0-25.el6

- Filter generated winbind dependencies so the right version of samba
  can be installed. (#905594)

Thu Jan 24 2013 Rob Crittenden <rcritten@redhat.com> - 3.0.0-24.el6

- Add certmonger condrestart to server post scriptlet (#903758)
- Make certmonger a (pre) Requires (#903758)
- Add selinux-policy to Requires(pre) to avoid post scriptlet AVCs
  (#903758)
- Set minimum version of pki-ca to 9.0.3-30 and add to Requires(pre)
  to pick up certmonger upgrade fix (#902474)
- Update anonymous access ACI to protect secret attributes (#902481)

Mon Jan 21 2013 Rob Crittenden <rcritten@redhat.com> - 3.0.0-23.el6

- Installer should not connect to 127.0.0.1. (#895561)
- Don't initialize NSS if we don't have to. (#878220)

Tue Jan 15 2013 Martin Kosek <mkosek@redhat.com> - 3.0.0-22.el6

- Set minimum version of bind-dyndb-ldap to 2.3-2 to pick up missing DNS
  zone SOA serial fix (#894131)
- Stopped named service crashed ipa-upgradeconfig program (#895298)
- ipa-replica-prepare crashed when manipulating DNS zone without SOA
  serial (#894143)
- Use new certmonger locking to prevent NSS database corruption during
  CA subsystem renewal (#883484)
- Set minimum selinux-policy to 3.7.19-193 to allow certmonger to talk
  to dbus in an rpm scriptlet. (related #883484)
- Set minimum vresion of certmonger to 0.61-3 for new locking scheme
  (related #883484)

Fri Jan 11 2013 Rob Crittenden <rcritten@redhat.com> - 3.0.0-21.el6

- Properly handle migrated uniqueMember attributes (#894090)
- ipa permission-find using valid targetgroup throws internal error (#893827)
- Fix migration of CRLs to new directory location (#893722)
- Installing IPA with a single realm component sometimes fails (#893187)

Tue Jan 08 2013 Rob Crittenden <rcritten@redhat.com> - 3.0.0-20.el6

- Set maxbersize to a large value to accomondate large CRLs during replica
  installation. (#888956)
- Set minimum version of pki-ca, pki-slient and pki-setup to 9.0.3-29 to
  pick up default CA validity period of 20 years. (#891980)

Wed Jan 02 2013 Martin Kosek <mkosek@redhat.com> - 3.0.0-19.el6

- Client installation crashes when Kerberos SRV record is not found (#889583)
- Fix typo in patch 0048 for CVE-2012-5484 (#878220)

Thu Dec 20 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-18.el6

- Cookie Expires date should be locale insensitive to avoid CLI errors (#888915)

Wed Dec 19 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-17.el6

- ipa delegation-find --group option returns internal error (#888524)
- Add missing Requires for python-crypto replacement (#878969)

Tue Dec 18 2012 Martin Kosek <mkosek@redhat.com> - 3.0.0-16.el6
```
- sssd is not enabled on client/server install (#888124)
```

Fri Dec 14 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-15.el6

- ipa-server-install --uninstall doesn't clear certmonger dirs, which leads
  to install failing (#817080)

Thu Dec 13 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-14.el6

- Compliant client side session cookie behavior. CVE-2012-5631.
  (#886371)

Wed Dec 12 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-13.el6

- Use secure method to retrieve IPA CA during client enrollment.
  CVE-2012-5484 (#878220)
- Reformat patch 0044 so it works with git-am

Tue Dec 11 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-12.el6

- Include /var/lib/sss/pubconf/krb5.include.d/ for domain-realm mappings
  in krb5.conf (#883166) 
- Set minimum selinux-policy >= 3.7.19-184 to allow domains that can read
  sssd_public_t files to also list the directory (#881413)
- Remove dist label from changelog entries.
- Fix timestamp on patched files to avoid multilib warnings

Thu Dec 06 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-11.el6

- Set Requires on httpd 2.2.15-24, mod_nss to 1.0.8-18 and patch to
  check for existing mod_ssl configuration. These versions allow mod_proxy
  to simultaneously support SSL servers using mod_ssl and mod_proxy (#761574)
- IPA WebUI login for AD Trusted User fails (#875261)
- Add 'disable_last_success' and 'disable_lockout' to the ipa_lockout
  plugin (#824488)

Tue Dec 04 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-10.el6

- Make default group type POSIX in ui (#880655)
- Write replacement for python-crypto (#878969)
- ipa trust-add prints misleading information about required DNS setting
  (#878485)
- Lookup user SIDs in external groups (#878480)
- Special case NFS related ticket to avoid attaching MS-PACs (#878462)
- IPA users are not available after ipa-server-install because sssd not running
  (#878288)
- Incorrect error message when time difference between AD and IPA is too great
  (#877434)
- Missing option to add SSH Public Key in Web UI after upgrade (#877324)

Mon Nov 26 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-9.el6

- Update minimum BR and Requires of sssd to 1.9.2-25 (related #870278,
  related #871160, related #878262)
- Replication agreement tools report errors with new single instance CA database
  (#878491)
- If time is moved back on the IPA server, ipasam does not invalidate the
  existing ticket (#866576)

Fri Nov 09 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-8.el6

- Server installation fails to find A/AAAA record for IPA hostname (#874935)
- Out of range error when listing RUV on host with no agreements (#873726)
- Tighten dependency on krb5-server to limit to 1.10 (#872707)
- Default SELinuxusermaporder needs to mapped with default selinux users list
  (#870053)
- Clarify trust-add help regarding multiple runs against the same domain
  (#869741)
- Improve reliabilityof RA renewal script (#869663)
- Add option to disable DNS forwarding by zone (#869658)
- Update minimum version of bind-dyndb-ldap to 2.3-1 (#869658)
- Improve information on passsync user in man page, command help (#869656)
- Resolve external members from trusted domain via Global Catalog (#869616)
- Process relative nameserver DNS record correctly (#868956)
- ipa-adtrust-install does not reset all information when re-run (#867447)
- Fix potential memory leak in KDB backend (#811989)

Mon Oct 29 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-7.el6

- Fix type conversion of integers when doing modifications (#870446)
- Set SECURE_NFS to lowercase yes rather than uppercase (#869654)
- Add autofs service to sssd.conf before enabling it (#869649)
- Add strict Requires for policycoreutils to avoid user removing them
  during package lifetime (#869281)
- Make internal rename_s() call compatible with python-ldap-2.3.10 (#867902)
- Update minimum version of bind-dyndb-ldap to 2.2-1.el6 (related #871583)
- Restart httpd after running ipa-adtrust-install (#866966)

Wed Oct 24 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-6.el6

- Add patch to override xmlrpc request method for session (#786199)
- Bad link to Web UI config page after session is expired (#869279)
- extdom plugin does not handle Posix UID and GID request (#867676)
- ipa-server-install --setup-dns always installs reverse zone (#866978)
- Inform user when ipa-upgradeconfig reports errors (#866977)
- Certificate request fails when CSR has subjectAltnames (#866955)
- ipa-adtrust-install checks for /usr/bin/smbpasswd, which is not
  required (#866572)
- Instructions to uninstall are unclear (#856294)
- Inconsistent service naming in ipa-server-install (#856292)
- Improve instructions to generate certificate in Web UI (#856282)
- /etc/ipa/default.conf is out of date (#855855)
- Time synchronization is disabled in ipa-client-install (#854325)
- ipa-replica-install httpd restart sometimes fails (#845405)
- Improve error messages during ipa-replica-manage del (#835632)
- Always log errors from dogtag (#813401)

Mon Oct 15 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-5.el6

- Update to upstream 3.0.0 GA release (#827602)
- Add zip dependency, needed for creating unsigned Firefox extensions
- Filter generated winbind dependencies so the right version of samba
  can be installed.
- Remove patch to support python-ldap 2.3.10. Fixed upstream.
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca (#864533)
- Add zip dependency, needed for creating unsigned Firefox extensions

Wed Oct 10 2012 Alexander Bokovoy <abokovoy@redhat.com> - 3.0.0-4.el6

- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
  plugin to /dev/null since they cannot be used when trusts are configured
  (related #864889)
- Update BR and Requires of samba4 to 4.0.0-31 to pick up winbind_krb5_locator
  alternatives change. (related #864889)

Fri Oct 05 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-3.el6

- Update to upstream 3.0.0.rc2 release (#827602)
- Provide new Firefox extension.
- Own /etc/ipa/ca.crt

Tue Sep 25 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-2.el6

- Remove Requires on krb5-pkinit-openssl as part of disabling pkinit code.
- Add missing subdirectories in site-packages/ipaserver discovered by
  rpmdiff. (#827602)

Mon Sep 24 2012 Rob Crittenden <rcritten@redhat.com> - 3.0.0-1.el6

- Update to upstream 3.0.0.rc1 release (#827602)
- Update BR and Requires of 389-ds-base to 1.2.11.14
- Update BR and Requires of krb5 to 1.10
- Update BR and Requires of samba4 to 4.0.0-24
- Update BR and Requires of sssd to 1.9.0
- Update Requires on policycoreutils to 2.0.83-19.24
- Update Requires on httpd to httpd-2.2.15-17 to pick up #787247
- Update minimum version of bind-dyndb-ldap to 1.1.0-0.9.b1.el6_3.1
- Update minimum version of bind to 9.8.2-0.10.rc1.el6_3.2
- Sync upstream spec file Requires
- Add patch to support python-ldap 2.3.10

Fri May 25 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-16.el6
```
- SSH Tech Preview feature enabled by default (#825321)
```

Tue May 22 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-15.el6

- Test for locked users before incrementing failed login counter (#822429)

Tue May 15 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-14.el6

- Fix host page to display all data when DNS is not configured (#818868)

Tue May 08 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-13.el6
```
- Make ipa 2.2 client capable of joining an older server (#817867)
```

Mon Apr 30 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-12.el6

- Remove patch 0042 and add revert patch for handling which attributes are
  allowed in a permission. (#783502)
- ipa-client-install sets "KerberosAuthenticate yes" in sshd.conf, breaking
  SSSD auth (#817030)
- pwpolicy_find does not sort by priority in UI (#815799)
- Improve zonemgr validation (#745705)

Mon Apr 23 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-11.el6

- Make new DNS permission mixed-case (#807361)
- hbactest returns failure when hostgroups are chained (#801769)
- Man Page : Document client IP addressing / FQDN requirements (#768257)
- Login failed attempts counter or locked out status are not displayed (#759501)
- Wrong title and icon in login and logout pages (#814752)

Wed Apr 18 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-10.el6

- Don't interactively prompt for dnsrecord options provided on the
  command-line options (#790295)
- Validate external hosts added to netgroups (#797256)
- Handle invalid RDN for container in migration (#804807)
- Unable to use permission-mod to rename permission object (#805478)
- Migration: don't append basedn to container if it is included (#807371)
- Raise correct exception when LDAP limits are exceeded (#808042)
- Notify user that password needs to be reset in forms-based login (#811296)
- DNS Resource records: add & delete A & AAAA record does not work in root
  (#811744)
- user-mod --rename with an empty string fails (#811748)
- DNS CNAME record: delete sometimes does not work (#811758)
- Delegation UI does not allow to specify permission (#812110)
- IPA uninstall after upgrade returns some sysrestore.state errors (#812391)
- Improve migration plugin error when 2 groups have identical GID (#813389)

Tue Apr 10 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-9.el6

- Fix password policy history enforcement (#810900)
- Privilege page should not have choice to list permissions by "indirect
  membership" (#810350)
- ipa-server-install fails when domain name is not resolvable (#809190)
- Identity->DNS->Settings:Forward policy: change check box to radio buttons
  (#808620)
- When adding permissions for a type, attributes that are not allowed are
  listed (#807755)
- user-mod --rename is successful for more than max login characters
  (#807417)
- Can't specify netgroup host, user category to all in Web UI (#807366)
- Permission names cannot contains '<' or '>' (#807304)
- ipa-server-install --uninstall errors out when trying to start dirsrv.
  (#801376)
- Should not be allowed to run host-disable on an IPA Server or
  service-disable on an IPA Server service  (#800119)
- permission with filter or subtree does not allow attr to be specified
  (#783536)
- Netgroups compat plugin not reporting users correctly (#767372)
- certmonger renews server certificates ok but those services need a restart
  (related #766167)
- Set minimum vresion of certmonger to 0.56 (related #766167)
- Set minimum version of slapi-nis to 0.40 (#767372)
- Unable to disable or enable hbacrule with --setattr (#810948)
- When adding a user with --noprivate option gidNumber should be required
  (#805546)
- Fix error when no value is given in --revocation-reason optional argument
  with "ipa cert-revoke" (#808099)
- Set minimum version of bind-dyndb-ldap to 1.1.0-0.5.b1 (related #805814)

Wed Apr 04 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-8.el6

- Fix ambiguous error msg in automount indirect map creation (#790131)
- Invalid error message attempting to delete config attributes (#791373)
- Enforce single-value attributes (#794746)
- config-mod allowed to add additional certificate subjects bases (#794750)
- Embedded carriage returns in a CSV not handled (#797569)
- WebUI displays "Insufficient access: invalid credentials" when a password
  doesn't meet policy requirements (#802786)
- Tech Preview: SELinux User Mapping (#803821)
- Tech Preview: Add support for central management of the SSH keys (#803822)
- Password Policy Failure Interval Reset is not working. (#804096)
- Set SELinux booleans properly (#806330)
- DNS records in LDAP are publicly accessible (#807361)
- Upgrading replication agreements without nsDS5ReplicatedAttributeList fails
  (#808201)
- IPA Upgrade Web UI failure with internal server error (#809262)
- Do not create private groups for migrated users (#809560)

Wed Mar 28 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-7.el6

- Remove version requirement from BuildRequires on sssd. (related #736865)

Wed Mar 28 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-6.el6

- Set minimum version of 389-ds-base to 1.2.10.2-4 (related #803930)
- Only split CSV on client (#797565)
- Search allowed attributes in superior objectclasses (#783502)
- Fix precallback validators in DNS plugin (#804562)
- Fix memleak in KDB backend (#800363)
- Harden raw record processing in DNS plugin (#804572)
- Fix attributes that contain DNs when migrating (#804609)
- Wait for child process to terminate after receiving SIGINT (#754635)
- Avoid deleting DNS zone when a context is reused (#801380)
- Fix default SOA serial format (#805427)
- Set nsslapd-minssf-exclude-rootdse to on so the DSE is always available.
  (#803836)
- Amend permissions for new DNS attributes (related #766073)
- Improve user awareness about dnsconfig (#802864)
- Fix uses of O=REALM instead of the configured certificate subject base.
  (#802912)
- Fix dnsrecord-del interactive mode (#807230)
- Add requires on python-krbV to client subpackage (#807362)
- Tolerate UDP port failures in conncheck (#802860)
- Netgroup nisdomain and hosts validation (#797256)
- Remove Conflicts on mod_ssl (#804605)
- Set minimum version of pki-ca, pki-slient and pki-setup to 9.0.3-24.
  Change location of TOMCAT_LOG to match tomcat6 changes (related #802396)
- Add python-lxml, python-pyasn1 and sssd to BuildRequires
- Set minimum selinux-policy >= 3.7.19-142 to pick up certmonger_t type
  (related #790967)
- netgroup-add and netgroup-mod --nisdomain should not allow commas (#797237)

Wed Mar 21 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-5.el6

- Set minimum version of pki-ca, pki-silent and pki-setup to 9.0.3-23.
  Either we shell escape or dogtag does, we can't both do it. (#802832)
- Set dbdir in request context after a connection is created (#804128)
- Don't overwrite content by an error message (#803050)
- Don't allow IPA master hosts/services to be disabled (#800119)
- Don't error out on empty option (#798792)
- Populate gidnumber in entries added via winsync (#798352)
- Set subjectKeyIdentifier in SSL certs that IPA issues (#797274)
- Fix escaping and comma-separated value handling (#769491)
- Display certificate serial numbers in both hex and deciaml (#746060)
- Use attribute name/option name when returning errors (#718015)
- DNS forwarder's value can consist of IP address and part (#766073)
- Store DNS global options in LDAP (#766073)
- Move extension.js to subdirectory to suppress rpm warning

Wed Mar 14 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-4.el6

- Allow removing sudo commands with special characters (#800537)
- Ignore case in yes/no prompts when deleting DNS records (#800483)
- Refresh resolvers after DNS server configuration (#799335)
- Fix nsslapd-anonlimitsdn in cn=config (#798361)
- Handle more exceptions gracefully in ipa-client-install (#797567)
- Fixed checkbox value in table without pkey (#791324)
- Fix exception when removing all values from configuration (#782974)
- Set httpd_manage_ipa SELinux boolean
- Fix mask validator in network validator (#802848)
- Don't shell escape arguments sent to pkisilent (#802832)
- Reorder patches so those that disable unsupported features are applied last
- Rebase disable persistent search patch

Mon Mar 05 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-3.el6

- Rebase to upstream 2.1.90.rc1 release (#736865)
- Remove dependency on krb5-server-ldap, we use our own backend now (#797564)
- Set minimum mod_auth_kerb to 5.4-8 for S4U2Proxy support (related #767741)
- Set minimum selinux-policy >= 3.7.19-137 to pick up ipa_memcache boolean
- Set minimum python-memcached >= 1.43-6 to pick up status check fix
- Set minimum version of 389-ds-base to 1.2.10.1-1
- Set minimum version of krb5-server to 1.9-27
- Set minimum version of sssd to 1.8.0-11 (#766068)
- Add Requires: oddjob-mkhomedir to ipa-client (#786223)
- Remove Requires on krb5-server-ldap (#797564)
- Add Conflicts on mod_ssl (#761574)
- Remove BuildRequires on python-rhsm
- Renumber all patches
- Don't remove dirsrv user on uninstall (#797566)
- Don't allow host-del on active replicas (#797563)
- Fix invalid hostnames when hostname contains trailing dot (#797562)
- encode Bool attributes used in setattr/addattr/delattr (#797561)
- Migration plugin raises Internal Server Error (#796401)
- man page for ipa-replica-manage has typos in examples (#796347)
- Can not add new user objectclass to ipa configuration (#794474)
- Don't require SELinux to be enabled on client (#790513)
- dnsrecord-add does not validate the record names with space in between (#790318)
- Prompt for missing DNS options (#790295)
- Resource Record type options should be more descriptive (#790017)
- Correction in error message while deleting a invalid record (#789987)
- Adding some of the RR type from the "allowed values" results in an error message (#789980)
- IP address with just 3 octets are accepted as valid addresses (#789919)
- Errors not reported correctly when logging into WebUI (#789459)
- Need option for ipa-client-install to not call authconfig (#789413)
- IPA nested netgroups not seen from ypcat (#788625)
- gid number: 0 and negative number accepted (#786240)
- Allow basedn to be passed into migrate-ds (#786185)
- permission with filter or subtree does not allow attr to be specified (#783536)
- ipa permission-add does not fail if using invalid attribute (#783502)
- When migrating warn user if compat is enabled (#783270)
- Make ipausers a non-posix group on new installs (#773488)
- Need tool to update exclusive list in replication agreements (#772359)
- Reverse DNS rec not created upon creation of fwd DNS rec (#772301)
- Adding a netgroup with a "+" causes ns-slapd to crash (#772043)
- Man Page : Document client IP addressing / FQDN requirements (#768257)
- GSS-TSIG DNS updates should update reverse entries as well (#767725)
- UI for SELinux user mapping (tech preview)
- Allow forms based kerberos authentication (#766070)
- Add support for central management of the SSH keys (tech preview)
- Login failed attempts counter or locked out status are not displayed (#759501)
- Better message for error diagnosis while adding an existing winsync agreement (#755450)
- "force-sync, re-initialize and del" options for ipa-replica-manage fail against AD (#754973)
- Connect after del using ipa-replica-manage fails (#754539)
- Unable to delete migrated groups containing spaces (#753966)
- support bind forward zones, aka DNS conditional forwarding (#753483)
- IPA needs a check to ensure hostnames 'underscore' is not allowed when installing a replica (#752874)
- Unable to select dns zone when only one exists in UI (#751529)
- ipa-replica-conncheck does does not properly check UDP ports (#751063)
- Adding loc records to a ipa-dns server breaks name resolution for some other records (#750947)
- Allow specifying query and transfer policy settings for a zone (#701677)

Fri Feb 17 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-2.el6
```
- Add missing changelog information caught by rpmdiff.
```
Fri Feb 17 2012 Rob Crittenden <rcritten@redhat.com> - 2.2.0-1.el6
```
- Update to upstream 2.1.90.pre2 release (#736865)
```

Mon Nov 07 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-9.el6

- Add current password prompt when changing own password in web UI (#751179)
- Remove extraneous trailing ' from netgroup patch (#749352)

Tue Nov 01 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-8.el6

- Updated patch for CVE-2011-3636 to include CR in the HTTP headers.
  xmlrpc-c in RHEL-6 doesn't suppose the dont_advertise option so that is
  not set any more. Another fake header, X-Original-User_Agent, is added
  so there is no more trailing junk after the Referer header.  (#749870)

Mon Oct 31 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-7.el6

- Require an HTTP Referer header to address CSRF attackes. CVE-2011-3636.
  (#749870)

Fri Oct 28 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-6.el6
```
- Users not showing up in nis netgroup triple (#749352)
```

Tue Oct 25 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-5.el6

- Add update file to remove entitlement roles, privileges and
  permissions (#739060)

Tue Oct 25 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-4.el6
```
- Quote worker option in krb5kdc (#748754)
```

Fri Oct 21 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-3.el6

- hbactest fails while you have svcgroup in hbacrule (#746227)
- Add Kerberos domain mapping for system hostname (#747443)
- Format certificates as PEM in browser (#701325)

Tue Oct 18 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-2.el6

- ipa-client-install hangs if the discovered server is unresponsive (#745392)
- Fix minor problems in help system (#747028)
- Remove help fix from Disable automember patch (#746717)
- Update minimum version of sssd to 1.5.1-60 to pick up SELinux fix (#746265)

Mon Oct 17 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.3-1.el6

- Update to upstream 2.1.3 release (#736170)
- Additional branding (#742264)
- Disable automember cli (#746717)
- ipa-client-install sometimes fails to start sssd properly (#736954)
- ipa-client-install adds duplicate information to krb5.conf (#714597)
- ipa-client-install should configure hostname (#714919)
- inconsistency in enabling "delete" buttons (#730751)
- hbactest does not resolve canonical names during simulation (#740850)
- Default DNS Administration Role - Permissions missing (#742327)
- named fails to start after installing ipa server when short (#742875)
- Duplicate hostgroup and netgroup should not be allowed (#743253)
- named fails to start (#743680)
- Global password policy should not be able to be deleted (#744074)
- Client install fails when anonymous bind is disabled (#744101)
- Internal Server Error adding invalid reverse DNS zone (#744234)
- ipa hbactest does not evaluate indirect members from groups. (#744410)
- Leaks KDC password and master password via command line arguments (#744422)
- Traceback when upgrading from ipa-server-2.1.1-1 (#744798)
- IPA User's Primary GID is not being set to their UPG's GID (#745552)
- --forwarder option of ipa-dns-install allows invalid IP addr (#745698)
- UI does not grant access based on roles (#745957)
- Unable to add external user for RunAs User for Sudo (#746056)
- Typo in error message while adding invalid ptr record. (#746199)
- Don't use python 2.7-only syntax (#746229)
- Error when using ipa-client-install with --no-sssd option (#746276)
- Installation fails if sssd.conf exists and is already config (#746298)
- External hosts are not removed properly from sudorule (#709665)
- Competely remove entitlement support (#739060)
- Add winsync section to ipa-replica-manage man page (#744306)

Fri Oct 07 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.2-2.el6
```
- Remove python-rhsm as a Requires (#739060)
```

Fri Oct 07 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.2-1.el6

- Update to upstream 2.1.2 release (#736170)
- More completely disable entitlement support (#739060)
- Drop patch to ignore return value from restorecon (upstreamed)
- Set min version of 389-ds-base to 1.2.9.12-2
- Set min version of dogtag to 9.0.3-20
- Rebased hide-pkinit, ipa-RHEL-index and remove-persistent-search
  patches (#700586)

Tue Sep 20 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.1-4.el6
```
- Update RHEL patch (#740094)
```

Tue Sep 20 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.1-3.el6

- Ignore return value from restorecon (#739604)
- Disable entitlement support (#739060, #739061)

Fri Sep 16 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.1-2.el6

- Update minimum xmlrpc-c version (#736787)
- Fix package installation order causing SELinux problems (#737516)

Thu Sep 01 2011 Rob Crittenden <rcritten@redhat.com> - 2.1.1-1.el6
```
- Update to upstream 2.1.1 release (#732803)
```
Mon Aug 15 2011 John Dennis <jdennis@redhat.com> - 2.1.0-1.el6
```
- Resolves: rhbz#708388 - Update to upstream 2.1.0 release
```
Tue May 31 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-25
```
- Remove client debug logging patch (#705800)
```

Wed May 25 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-24

- Wait for 389-ds tasks to complete (#698421)
- Set replica to restart ipa on boot (#705794)
- Improve client debug logging (#705800)
- Managed Entries not configured on replicas (#703869)
- Don't create bogus aRecord when creating new zone (#704012)

Wed Apr 20 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-23

- Update ipa-Fix-traceback-in-nis-manage.patch to fix python error (#697583)

Tue Apr 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 2.0.0-22
```
- Resolves: rhbz#697583 - Can not enable ipa-nis-manage plugin
```
Thu Apr 14 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-21
```
- Default groups are missing ipaUniqueID attribute (#696508)
```

Tue Apr 05 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-20

- Set min version of 389-ds-base to 1.2.8.0-1 for fix in BZ 693466.
- Fix some problems in IPA schema (#692978)
- postalCode should be a string not an integer (#692945)

Wed Mar 30 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-19

- Port 7390 is managed by selinux-policy-3.7.19-80. Update
  ipa-repl_selinux.patch to not manage it any more. (#691883)
- Patch to fix setting gidnumber when a user is created. (#692168)

Mon Mar 28 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-18
```
- Fix uninitialized variable in password plugin (#690595)
```

Wed Mar 23 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-17

- Wait for Directory Service ports to open (#688934)
- Mixed case hostname can cause issues and confusion (#688622)
- Wrong timeout parameter in ipapython (#684273)
- Run ipa-ldap-updater on upgrades (#688931)
- Internal Error and trace back when adding DNS AAAA record (#689452)

Tue Mar 15 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-16

- Use realm provided by installer in LDAP Updater (#684744)
- Use args for domain and server when doing DNS discovery in client (#684780)
- Fix 2 SELinux issues in dogtag replication (#684269)

Mon Mar 14 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-15

- Add Obsoletes so upgrade from ipa-client package is possible (#684931)

Thu Mar 10 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-14

- Update to upstream 2.0.0rc3 (#680993)
- Set minimum version of sssd to 1.5.1-12
- Remove SuitespotGroup patch
- Rebase remove-pkinit patch

Thu Feb 24 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-13

- Set the SuitespotGroup directive in the 389-ds installation template.
  This ensures group read/write to /var/run/dirsrv. (#680201)
- Make single line out of python sitelib/sitearch code.

Wed Feb 23 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-12

- Update to upstream 2.0.0rc2 (#675282)
- Set minimum version of sssd to 1.5.1-10
- Set minimum version of python-nss to 0.11
- Set minimum version of 389-ds to 1.2.8
- Add bind-utils as Requires in client subpackage
- Remove unused BuildRequires e2fsprogs-devel and libcap-devel
- Add branding patch
- Add default.conf man page
- Upstream moved some utilites from the admintools subpackage, reflect that
  here as well.

Fri Feb 11 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-11
```
- Add pyOpenSSL to BuildRequires. (#670954)
```

Mon Feb 07 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-10

- ExcludeArch doesn't do per-package exclusions, use ifarch to force
  ONLY_CLIENT on non-supported architectures. (#670954)
- Manually install ipa-admintools since the upstream client-install
  target doesn't.
- Move a lot of the BuildRequires out of the ! ONLY_CLIENT conditional
  because the API validator in the upstream code requires them.

Mon Feb 07 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-9

- Exclude building server and server-selinux on ppc, ppc64, s390 and s390x
  platforms. (#670954)
- Add date variable to the release to make daily builds easier.

Tue Feb 01 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-8

- Merge in changes from FreeIPA beta 2 (#670954)
- Add patches to disable pkinit

Thu Jan 27 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-7

- Set minimum version of dogtag to 9.0.0 and add Requires for
  the theme we need. (#658275)
- Remove unnecessary moving of v1 CA serial number file in post script
- Move some man pages into admintools subpackage

Mon Jan 24 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-6
```
- Drop specific Requires on libcurl and krb5-libs (#658275)
```
Wed Jan 19 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-5
```
- Consistent usage of buildroot vs RPM_BUILD_ROOT (#658275)
```
Mon Jan 17 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-4
```
- Drop Requires on nss-ldap (#658275)
```
Thu Jan 13 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-3
```
- Temporarily disable building on s390
```

Thu Jan 13 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-2

- Drop optional radius package, the underlying code isn't there
- Re-arrange the doc lines so that defattr is first (#658275)

Wed Jan 12 2011 Rob Crittenden <rcritten@redhat.com> - 2.0.0-1

- Initial 2.0.0 build (#658275)
- This is IPA v2.0.0 beta 1 plus all patches through git commit
  4da9228fb2ac34adab8eb1884ae414236adb84fa
- Removed some Fedora conditionals

Wed Jan 12 2011 Rob Crittenden <rcritten@redhat.com> - 1.99-36
```
- Drop BuildRequires on mozldap-devel
```
Mon Dec 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-35
```
- Add Requires on krb5-pkinit-openssl
```
Fri Dec 10 2010 Jr Aquino <jr.aquino@citrix.com> - 1.99-34
```
- Add ipa-host-net-manage script
```
Tue Dec 07 2010 Simo Sorce <ssorce@redhat.com> - 1.99-33
```
- Add ipa init script
```

Fri Nov 19 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-32

- Set minimum level of 389-ds-base to 1.2.7 for enhanced memberof plugin

Wed Nov 03 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-31
```
- remove ipa-fix-CVE-2008-3274
```

Wed Oct 06 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-30

- Remove duplicate %files entries on share/ipa/static
- Add python default encoding shared library

Mon Sep 20 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-29

- Drop requires on python-configobj (not used any more)
- Drop ipa-ldap-updater message, upgrades are done differently now

Wed Sep 08 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-28

- Drop conflicts on mod_nss
- Require nss-pam-ldapd on F-14 or higher instead of nss_ldap (#606847)
- Drop a slew of conditionals on older Fedora releases (< 12)
- Add a few conditionals against RHEL 6
- Add Requires of nss-tools on ipa-client

Fri Aug 13 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-27

- Set minimum version of certmonger to 0.26 (to pck up #621670)
- Set minimum version of pki-silent to 1.3.4 (adds -key_algorithm)
- Set minimum version of pki-ca to 1.3.6
- Set minimum version of sssd to 1.2.1

Tue Aug 10 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-26
```
- Add BuildRequires for authconfig
```

Mon Jul 19 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-25

- Bump up minimum version of python-nss to pick up nss_is_initialize() API

Thu Jun 24 2010 Adam Young <ayoung@redhat.com> - 1.99-24
```
- Removed python-asset based webui
```

Thu Jun 24 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-23

- Change Requires from fedora-ds-base to 389-ds-base
- Set minimum level of 389-ds-base to 1.2.6 for the replication
  version plugin.

Tue Jun 01 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-22
```
- Drop Requires of python-krbV on ipa-client
```
Mon May 17 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-21
```
- Load ipa_dogtag.pp in post install
```

Mon Apr 26 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-20

- Set minimum level of sssd to 1.1.1 to pull in required hbac fixes.

Thu Mar 04 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-19

- No need to create /var/log/ipa_error.log since we aren't using
  TurboGears any more.

Mon Mar 01 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-18
```
- Fixed share/ipa/wsgi.py so .pyc, .pyo files are included
```
Wed Feb 24 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-17
```
- Added Require mod_wsgi, added share/ipa/wsgi.py
```
Thu Feb 11 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-16
```
- Require python-wehjit >= 0.2.2
```
Wed Feb 03 2010 Rob Crittenden <rcritten@redhat.com> - 1.99-15
```
- Add sssd and certmonger as a Requires on ipa-client
```
Wed Jan 27 2010 Jason Gerard DeRose <jderose@redhat.com> - 1.99-14
```
- Require python-wehjit >= 0.2.0
```
Fri Dec 04 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-13
```
- Add ipa-rmkeytab tool
```

Tue Dec 01 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-12

- Set minimum of python-pyasn1 to 0.0.9a so we have support for the ASN.1
  Any type

Wed Nov 25 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-11

- Remove v1-style /etc/ipa/ipa.conf, replacing with /etc/ipa/default.conf

Fri Nov 13 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-10

- Add bash completion script and own /etc/bash_completion.d in case it
  doesn't already exist

Tue Nov 03 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-9
```
- Remove ipa_webgui, its functions rolled into ipa_httpd
```

Mon Oct 12 2009 Jason Gerard DeRose <jderose@redhat.com> - 1.99-8

- Removed python-cherrypy from BuildRequires and Requires
- Added Requires python-assets, python-wehjit

Mon Aug 24 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-7
```
- Added httpd SELinux policy so CRLs can be read
```

Thu May 21 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-6

- Move ipalib to ipa-python subpackage
- Bump minimum version of slapi-nis to 0.15

Wed May 06 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-5
```
- Set 0.14 as minimum version for slapi-nis
```
Wed Apr 22 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-4
```
- Add Requires: python-nss to ipa-python sub-package
```
Thu Mar 05 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-3
```
- Remove the IPA DNA plugin, use the DS one
```
Wed Mar 04 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-2
```
- Build radius separately
- Fix a few minor issues
```
Tue Feb 03 2009 Rob Crittenden <rcritten@redhat.com> - 1.99-1
```
- Replace TurboGears requirement with python-cherrypy
```
Sat Jan 17 2009 Tomas Mraz <tmraz@redhat.com> - 1.2.1-3
```
- rebuild with new openssl
```
Fri Dec 19 2008 Dan Walsh <dwalsh@redhat.com> - 1.2.1-2
```
- Fix SELinux code
```
Mon Dec 15 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-1
```
- Fix breakage caused by python-kerberos update to 1.1
```
Fri Dec 05 2008 Simo Sorce <ssorce@redhat.com> - 1.2.1-0
```
- New upstream release 1.2.1
```
Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 1.2.0-4
```
- Rebuild for Python 2.6
```

Fri Nov 14 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-3

- Respin after the tarball has been re-released upstream
  New hash is 506c9c92dcaf9f227cba5030e999f177

Thu Nov 13 2008 Simo Sorce <ssorce@redhat.com> - 1.2.0-2

- Conditionally restart also dirsrv and httpd when upgrading

Wed Oct 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.2.0-1

- Update to upstream version 1.2.0
- Set fedora-ds-base minimum version to 1.1.3 for winsync header
- Set the minimum version for SELinux policy
- Remove references to Fedora 7

Wed Jul 23 2008 Simo Sorce <ssorce@redhat.com> - 1.1.0-3

- Fix for CVE-2008-3274
- Fix segfault in ipa-kpasswd in case getifaddrs returns a NULL interface
- Add fix for bug #453185
- Rebuild against openldap libraries, mozldap ones do not work properly
- TurboGears is currently broken in rawhide. Added patch to not build
  the UI locales and removed them from the ipa-server files section.

Wed Jun 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-2
```
- Add call to /usr/sbin/upgradeconfig to post install
```

Wed Jun 11 2008 Rob Crittenden <rcritten@redhat.com> - 1.1.0-1

- Update to upstream version 1.1.0
- Patch for indexing memberof attribute
- Patch for indexing uidnumber and gidnumber
- Patch to change DNA default values for replicas
- Patch to fix uninitialized variable in ipa-getkeytab

Fri May 16 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-5

- Set fedora-ds-base minimum version to 1.1.0.1-4 and mod_nss minimum
  version to 1.0.7-4 so we pick up the NSS fixes.
- Add selinux-policy-base(post) to Requires (446496)

Tue Apr 29 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-4

- Add missing entry for /var/cache/ipa/kpasswd (444624)
- Added patch to fix permissions problems with the Apache NSS database.
- Added patch to fix problem with DNS querying where the query could be
  returned as the answer.
- Fix spec error where patch1 was in the wrong section

Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-3
```
- Added patch to fix problem reported by ldapmodify
```

Fri Apr 25 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2

- Fix Requires for krb5-server that was missing for Fedora versions > 9
- Remove quotes around test for fedora version to package egg-info

Fri Apr 18 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
```
- Update to upstream version 1.0.0
```

Tue Mar 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-12

- Pull upstream changelog 722
- Add Conflicts mod_ssl (435360)

Fri Feb 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-11

- Pull upstream changelog 698
- Fix ownership of /var/log/ipa_error.log during install (435119)
- Add pwpolicy command and man page

Thu Feb 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-10

- Pull upstream changelog 678
- Add new subpackage, ipa-server-selinux
- Add Requires: authconfig to ipa-python (bz #433747)
- Package i18n files

Mon Feb 18 2008 Rob Crittenden <rcritten@redhat.com> 0.99-9

- Pull upstream changelog 641
- Require minimum version of krb5-server on F-7 and F-8
- Package some new files

Thu Jan 31 2008 Rob Crittenden <rcritten@redhat.com> 0.99-8
```
- Marked with wrong license. IPA is GPLv2.
```

Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-7

- Ensure that /etc/ipa exists before moving user-modifiable html files there
- Put html files into /etc/ipa/html instead of /etc/ipa

Tue Jan 29 2008 Rob Crittenden <rcritten@redhat.com> 0.99-6
```
- Pull upstream changelog 608 which renamed several files
```

Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-5

- package the sessions dir /var/cache/ipa/sessions
- Pull upstream changelog 597

Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-4

- Updated upstream pull (596) to fix bug in ipa_webgui that was causing the
  UI to not start.

Thu Jan 24 2008 Rob Crittenden <rcritten@redhat.com> 0.99-3

- Included LICENSE and README in all packages for documentation
- Move user-modifiable content to /etc/ipa and linked back to
  /usr/share/ipa/html
- Changed some references to /usr to the {_usr} macro and /etc
  to {_sysconfdir}
- Added popt-devel to BuildRequires for Fedora 8 and higher and
  popt for Fedora 7
- Package the egg-info for Fedora 9 and higher for ipa-python

Tue Jan 22 2008 Rob Crittenden <rcritten@redhat.com> 0.99-2
```
- Added auto* BuildRequires
```
Mon Jan 21 2008 Rob Crittenden <rcritten@redhat.com> 0.99-1
```
- Unified spec file
```

Thu Jan 17 2008 Rob Crittenden <rcritten@redhat.com> - 0.6.0-2

- Fixed License in specfile
- Include files from /usr/lib/python*/site-packages/ipaserver

Fri Dec 21 2007 Karl MacMillan <kmacmill@redhat.com> - 0.6.0-1
```
- Version bump for release
```

Wed Nov 21 2007 Karl MacMillan <kmacmill@mentalrootkit.com> - 0.5.0-1

- Preverse mode on ipa-keytab-util
- Version bump for relase and rpm name change

Thu Nov 15 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.1-2

- Broke invididual Requires and BuildRequires onto separate lines and
  reordered them
- Added python-tgexpandingformwidget as a dependency
- Require at least fedora-ds-base 1.1

Thu Nov 01 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.1-1
```
- Version bump for release
```
Wed Oct 31 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-6
```
- Add dep for freeipa-admintools and acl
```
Wed Oct 24 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-5
```
- Add dependency for python-krbV
```
Fri Oct 19 2007 Rob Crittenden <rcritten@redhat.com> - 0.4.0-4
```
- Require mod_nss-1.0.7-2 for mod_proxy fixes
```
Thu Oct 18 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-3
```
- Convert to autotools-based build
```

Tue Sep 25 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2

* Fri Sep 7 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1
- Added support for libipa-dna-plugin

Fri Aug 10 2007 Karl MacMillan <kmacmill@redhat.com> - 0.2.0-1
```
- Added support for ipa_kpasswd and ipa_pwd_extop
```
Sun Aug 05 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-3
```
- Abstracted client class to work directly or over RPC
```

Wed Aug 01 2007 Rob Crittenden <rcritten@redhat.com> - 0.1.0-2

- Add mod_auth_kerb and cyrus-sasl-gssapi to Requires
- Remove references to admin server in ipa-server-setupssl
- Generate a client certificate for the XML-RPC server to connect to LDAP with
- Create a keytab for Apache
- Create an ldif with a test user
- Provide a certmap.conf for doing SSL client authentication

Fri Jul 27 2007 Karl MacMillan <kmacmill@redhat.com> - 0.1.0-1
```
- Initial rpm version
```