Name: | ipa-server |
---|---|
Version: | 4.6.8 |
Release: | 5.0.1.el7_9.12 |
Architecture: | aarch64 |
Group: | System Environment/Base |
Size: | 1874324 |
License: | GPLv3+ |
RPM: | ipa-server-4.6.8-5.0.1.el7_9.12.aarch64.rpm |
Source RPM: | ipa-4.6.8-5.0.1.el7_9.12.src.rpm |
Build Date: | Wed Nov 02 2022 |
Build Host: | build-ol7-aarch64.oracle.com |
Vendor: | Oracle America |
URL: | http://www.freeipa.org/ |
Summary: | The IPA authentication server |
Description: | IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). If you are installing an IPA server, you need to install this package. |
- Blank out header-logo.png product-name.png - Replace login-screen-logo.png [Orabug: 20362818]
- Resolves: 2084223 - 'ipa idview-show idviewname' & IPA WebUI takes longer time to return the results - idviews: use cached ipaOriginalUid value when resolving ID override - Resolves: 2124369 - OTP token sync always returns OK even with random numbers - ipa otptoken-sync: return error when sync fails - ipatests: add negative test for otptoken-sync - ipatests: python2 does not support f-strings - Fix otptoken_sync plugin
- Resolves: 2082272 - [RFE] Require confirmation to change "Default host group" in IdM automember rules - WebUI: Add confirmation dialog for changing default user/host group
- Resolves: 2025848 - RHEL 8.6 IPA Replica Failed to configure PKINIT setup against a RHEL 7.9 IPA server - Fix cert_request for KDC cert - Resolves: 2021444 - CVE-2020-25719 ipa: samba: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets - SMB: switch IPA domain controller role
- Resolves: #2000261 - extdom: LDAP_INVALID_SYNTAX returned instead of LDAP_NO_SUCH_OBJECT - extdom: return LDAP_NO_SUCH_OBJECT if domains differ
- Resolves: #1956550 - IPA server installation fails when cert contains non-ASCII character - CA less installation: non ASCII chars in CA subject - ipatests: use non-ascii chars in CA-less install - Resolves: #1974328 - Revise PKINIT upgrade code - Allow PKINIT to be enabled when updating from a pre-PKINIT IPA CA server
- Resolves: #1959349 - Need to bump pki + ds version
- Resolves: #1931405 krb5kdc crash - Segmentation fault in ldap_first_entry(). - ipa-kdb: fix compiler warnings - ipa-kdb: add missing prototypes - ipa-kdb: reformat ipa_kdb_certauth - ipa-kdb: mark test functions as static - ipa-kdb: do not use OpenLDAP functions with NULL LDAP context - Resolves: #1835741 krb5kdc crashing on ipa server - Resolves: #1929372 krb5kdc is crashing intermittently on IPA server.
- Resolves: #1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing - wgi/plugins.py: ignore empty plugin directories - Resolves: #1895197 improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find - Improve PKI subsystem detection - ipatests: add test for PKI subsystem detection - ipatest: fix test_upgrade.py::TestUpgrade::()::test_kra_detection - Resolves: #1892793 Authentication and login times are over several seconds due to unindexed ipaExternalMember - Add more indices - Resolves: #1884819 IdM Web UI shows users as disabled - fix cert-find errors in CA-less deployment - Resolves: #1863619 CA-less install does not set required permissions on KDC certificate - CAless installation: set the perms on KDC cert file - ipatests: check KDC cert permissions in CA less install - Resolves: #1859248 CVE-2020-11023 ipa: jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution - WebUI: Fix jQuery DOM manipulation issues - Resolves: #1846349 cannot issue certs with multiple IP addresses corresponding to different hosts - fix iPAddress cert issuance for >1 host/service
- Resolves: #1826659 IPA: Ldap authentication failure due to Kerberos principal expiration UTC timestamp - ipa-pwd-extop: use timegm() instead of mktime() to preserve timezone offset