Name: | ipa-server |
---|---|
Version: | 4.5.4 |
Release: | 10.0.1.el7_5.4.4 |
Architecture: | x86_64 |
Group: | System Environment/Base |
Size: | 1057911 |
License: | GPLv3+ |
RPM: | ipa-server-4.5.4-10.0.1.el7_5.4.4.x86_64.rpm |
Source RPM: | ipa-4.5.4-10.0.1.el7_5.4.4.src.rpm |
Build Date: | Tue Sep 25 2018 |
Build Host: | x86-ol7-builder-01.us.oracle.com |
Vendor: | Oracle America |
URL: | http://www.freeipa.org/ |
Summary: | The IPA authentication server |
Description: | IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). If you are installing an IPA server, you need to install this package. |
- Blank out header-logo.png product-name.png - Replace login-screen-logo.png [20362818]
- Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install - ipa-replica-install: fix pkinit setup
- Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code - Clear next field when returnining list elements in queue.c - Add cmocka unit tests for ipa otpd queue code
- Resolves: #1623673 SRV lookup doesn't correctly sort results - Sort and shuffle SRV record by priority and weight - Resolves: #1623679 Installation of replica against a specific master - Always set ca_host when installing replica - Query for server role IPA master - Only create DNS SRV records for ready server - Delay enabling services until end of installer - replicainstall: DS SSL replica install pick right certmonger host - Fix race condition in get_locations_records() - Fix DNSSEC install regression - Handle races in replica config - Fix KRA replica installation from CA master - Do not set ca_host when --setup-ca is used - Resolves: #1623676 Replication races in DogtagInstance.setup_admin - Improve and fix timeout bug in wait_for_entry() - Use common replication wait timeout of 5min - Fix replication races in Dogtag admin code - Catch ACIError instead of invalid credentials - Resolves: #1623680 Increase WSGI worker process count - Increase WSGI process count to 5 on 64bit - Use 4 WSGI workers on 64bit systems - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager - DS replication settings: fix regression with <3.3 master - Resolves: #1623668 Replica install: certmonger sometimes fails - Auto-retry failed certmonger requests - Wait for client certificates
- Resolves: #1615983 ipa-restore fails on newly installed system. - Fix ipa-restore: create /var/run/ipa files - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment - Check if replication agreement exist before enable/disable it - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7 - Tests: add integration test for password changes by dir mgr - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default. - Tune DS replication settings - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources - Fix elements not being removed in otpd_queue_pop_msgid()
- Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers
- Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default - Add nsds5ReplicaReleaseTimeout to replica config - Fix upgrade (update_replica_config) in single master mode - Resolves: #1579190 Improve Custodia client and key distribution handling - Use single Custodia instance in installers - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg' - Don't try to backup CS.cfg during upgrade if CA is not configured
- Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1) - Add a notice to restart ipa services after certs are installed - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode - Fix OTP validation in FIPS mode - Increase the default token key size - Revert "Don't allow OTP or RADIUS in FIPS mode" - Log errors from NSS during FIPS OTP key import - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type - ipa-replica-install: make sure that certmonger picks the right master - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface - replica-install: pass --ip-address to client install
- Resolves: #1540361 ipa-advise for smartcards is out-of-date - ipa-advise for smartcards updated
- Resolves: #1458169 --force-join option is not mentioned in ipa-replica-install man page - Add --force-join into ipa-replica-install manpage - Resolves: #1457876 ipa-backup fails silently - Changed ownership of ldiffile to DS_USER - Resolves: #1409786 Second phase of --external-ca ipa-server-install setup fails when dirsrv is not running - Checks if Dir Server is installed and running before IPA installation - Resolves: #1452086 Pagination Size under Customization in IPA WebUI accepts negative values - WebUI: Add positive number validator - WebUI: change validator of page size settings - WebUI: fix jslint error