Name: | ipa-server |
Version: | 4.5.0 |
Release: | 22.0.1.el7_4 |
Architecture: | x86_64 |
Group: | System Environment/Base |
Size: | 1050511 |
License: | GPLv3+ |
RPM: |
ipa-server-4.5.0-22.0.1.el7_4.x86_64.rpm
|
Source RPM: |
ipa-4.5.0-22.0.1.el7_4.src.rpm
|
Build Date: | Thu Nov 30 2017 |
Build Host: | x86-ol7-builder-01.us.oracle.com |
Vendor: | Oracle America |
URL: | http://www.freeipa.org/ |
Summary: | The IPA authentication server |
Description: | IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package. |
-
Thu Nov 30 2017 EL Errata <el-errata_ww@oracle.com> - 4.5.0-22.0.1.el7_4
- Rebuild
- Blank out header-logo.png product-name.png
Replace login-screen-logo.png [20362818]
-
Fri Oct 27 2017 Felipe Barreto <fbarreto@redhat.com> - 4.5.0-22.el7
- Resolves: #1506528 In case full PKINIT configuration is failing during
server/replica install the error message should be more meaningful.
- Less confusing message for PKINIT configuration during install
- Resolves: #1506526 Use X509v3 Basic Constraints "CA:TRUE" instead of
"CA:FALSE" IPA CA CSR
- Include the CA basic constraint in CSRs when renewing a CA
- Resolves: #1506913 ipa-replica-install might fail because of an already
existing entry cn=ipa-http-delegation,cn=s4u2proxy,cn=etc,$SUFFIX
- Checks if replica-s4u2proxy.ldif should be applied
- Resolves: #1506525 server-del doesn't remove dns-server configuration
from ldap
- server.py: Removes dns-server configuration from ldap
-
Wed Sep 20 2017 Felipe Barreto <fbarreto@redhat.com> - 4.5.0-21.el7.2.2
- Resolves: #1493410 ipa-server-upgrade timeouts on wait_for_open ports
expecting IPA services listening on IPv6 ports
- Make sure upgrade also checks for IPv6 stack
- control logging of host_port_open from caller
- log progress of wait_for_open_ports
- Resolves: #1493411 ipa help command returns traceback when no cache
is present
- Store help in Schema before writing to disk
- Disable pylint in get_help function because of type confusion.
-
Tue Sep 19 2017 Felipe Barreto <fbarreto@redhat.com> - 4.5.0-21.el7.2
- Resolves: #1486794 - [ipa-replica-install] - 406 Client Error: Failed to
validate message: Incorrect number of results (0) searching forpublic
key for host
- Always check peer has keys before connecting
- Resolves: #1489300 - Unable to set ca renewal master on replica
- Fix ipa config-mod --ca-renewal-master
- Resolves: #1489815 - TypeError in renew_ca_cert prevents from swiching
back to self-signed CA
- Backport PR 988 to ipa-4-5 Fix Certificate renewal (with ext ca)
- Resolves: #1489817 - ipa-server-upgrade failes with "This entry already exists"
- Backport PR 1008 to ipa-4-5 Fix ipa-server-upgrade: This entry already exists
- Resolves: #1490331 - FreeIPA/IdM installations which were upgraded from
versions with 389 DS prior to 1.3.3.0 doesn't have whomai plugin enabled and
thus startup of Web UI fails
- Adds whoami DS plugin in case that plugin is missing
- Resolves: #1491545 - IPA WebUI does not work after upgrade from IPA 4.4 to 4.5
- Fixing how sssd.conf is updated when promoting a client to replica
- Resolves: #1492616 - ipa-otptoken-import - XML file is missing PBKDF2
parameters!
- ipa-otptoken-import: Make PBKDF2 refer to the pkcs5 namespace
- Resolves: #1493153 - Updating from RHEL 7.3 fails with Server-Cert not found
(ipa-server-upgrade)
- Backport 4-5: Fix ipa-server-upgrade with server cert tracking
-
Wed Aug 16 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-21.el7.1.2
- Fixing issues reported by Errata tool
-
Tue Aug 15 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-21.el7.1.1
- Resolves: #1477046 Use CommonNameToSANDefault in default profile
(new installs only)
- Restore old version of caIPAserviceCert for upgrade only
-
Tue Aug 01 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-21.el7.1
- Resolves: #1473272 Provide a tooling automating the configuration
of Smart Card authentication on a FreeIPA master
- smart-card advises: configure systemwide NSS DB also on master
- smart-card advises: add steps to store smart card signing CA cert
- Allow to pass in multiple CA cert paths to the smart card advises
- add a class that tracks the indentation in the generated advises
- delegate the indentation handling in advises to dedicated class
- advise: add an infrastructure for formatting Bash compound statements
- delegate formatting of compound Bash statements to dedicated classes
- Fix indentation of statements in Smart card advises
- Use the compound statement formatting API for configuring PKINIT
- smart card advises: use a wrapper around Bash `for` loops
- smart card advise: use password when changing trust flags on HTTP cert
- smart-card-advises: ensure that krb5-pkinit is installed on client
- Resolves: #1477046 Use CommonNameToSANDefault in default profile
(new installs only)
- Add CommonNameToSANDefault to default cert profile
- Resolves: #1475664 NULL LDAP context in call to ldap_search_ext_s
during search in cn=ad,cn=trusts,dc=example,dc=com
- NULL LDAP context in call to ldap_search_ext_s during search
-
Wed Jul 12 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-21.el7
- Resolves: #1470125 Replica install fails to configure IPA-specific
temporary files/directories
- replica install: drop-in IPA specific config to tmpfiles.d
- Resolves: #1469978 bind package is not automatically updated during
ipa-server upgrade process
- Bumped Required version of bind-dyndb-ldap and bind package
-
Tue Jun 27 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-20.el7
- Resolves: #1452216 Replica installation grants HTTP principal
access in WebUI
- Make sure we check ccaches in all rpcserver paths
-
Wed Jun 21 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-19.el7
- Resolves: #1462112 ipaserver installation fails in FIPS mode: OpenSSL
internal error, assertion failed: Digest MD4 forbidden in FIPS mode!
- ipa-sam: replace encode_nt_key() with E_md4hash()
- ipa_pwd_extop: do not generate NT hashes in FIPS mode
- Resolves: #1377973 ipa-server-install fails when the provided or resolved
IP address is not found on local interfaces
- Fix local IP address validation
- ipa-dns-install: remove check for local ip address
- refactor CheckedIPAddress class
- CheckedIPAddress: remove match_local param
- Remove ip_netmask from option parser
- replica install: add missing check for non-local IP address
- Remove network and broadcast address warnings