Name: | ipa-client |
Version: | 4.5.0 |
Release: | 20.0.1.el7 |
Architecture: | x86_64 |
Group: | System Environment/Base |
Size: | 256496 |
License: | GPLv3+ |
RPM: |
ipa-client-4.5.0-20.0.1.el7.x86_64.rpm
|
Source RPM: |
ipa-4.5.0-20.0.1.el7.src.rpm
|
Build Date: | Wed Aug 02 2017 |
Build Host: | x86-ol7-builder-02.us.oracle.com |
Vendor: | Oracle America |
URL: | http://www.freeipa.org/ |
Summary: | IPA authentication for use on clients |
Description: | IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If your network uses IPA for authentication, this package should be
installed on every client machine.
This package provides command-line tools for IPA administrators. |
-
Tue Aug 01 2017 EL Errata <el-errata_ww@oracle.com> - 4.5.0-20.0.1
- Blank out header-logo.png product-name.png
Replace login-screen-logo.png [20362818]
-
Tue Jun 27 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-20.el7
- Resolves: #1452216 Replica installation grants HTTP principal
access in WebUI
- Make sure we check ccaches in all rpcserver paths
-
Wed Jun 21 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-19.el7
- Resolves: #1462112 ipaserver installation fails in FIPS mode: OpenSSL
internal error, assertion failed: Digest MD4 forbidden in FIPS mode!
- ipa-sam: replace encode_nt_key() with E_md4hash()
- ipa_pwd_extop: do not generate NT hashes in FIPS mode
- Resolves: #1377973 ipa-server-install fails when the provided or resolved
IP address is not found on local interfaces
- Fix local IP address validation
- ipa-dns-install: remove check for local ip address
- refactor CheckedIPAddress class
- CheckedIPAddress: remove match_local param
- Remove ip_netmask from option parser
- replica install: add missing check for non-local IP address
- Remove network and broadcast address warnings
-
Thu Jun 15 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-18.el7
- Resolves: #1449189 ipa-kra-install timeouts on replica
- kra: promote: Get ticket before calling custodia
-
Wed Jun 14 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-17.el7
- Resolve: #1455946 Provide a tooling automating the configuration
of Smart Card authentication on a FreeIPA master
- server certinstall: update KDC master entry
- pkinit manage: introduce ipa-pkinit-manage
- server upgrade: do not enable PKINIT by default
- Extend the advice printing code by some useful abstractions
- Prepare advise plugin for smart card auth configuration
- Resolve: #1461053 allow to modify list of UPNs of a trusted forest
- trust-mod: allow modifying list of UPNs of a trusted forest
- WebUI: add support for changing trust UPN suffixes
-
Wed Jun 07 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-16.el7
- Resolves: #1377973 ipa-server-install fails when the provided or resolved
IP address is not found on local interfaces
- Only warn when specified server IP addresses don't match intf
- Resolves: #1438016 gssapi errors after IPA server upgrade
- Bump version of python-gssapi
- Resolves: #1457942 certauth: use canonical principal for lookups
- ipa-kdb: use canonical principal in certauth plugin
- Resolves: #1459153 Do not send Max-Age in ipa_session cookie to avoid
breaking older clients
- Add code to be able to set default kinit lifetime
- Revert setting sessionMaxAge for old clients
-
Wed Jun 07 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-15.el7
- Resolves: #1442233 IPA client commands fail when pointing to replica
- httpinstance: wait until the service entry is replicated
- Resolves: #1456769 ipaAnchorUUID index incorrectly configured and then
not indexed
- Fix index definition for ipaAnchorUUID
- Resolves: #1438016 gssapi errors after IPA server upgrade
- Avoid possible endless recursion in RPC call
- rpc: preparations for recursion fix
- rpc: avoid possible recursion in create_connection
- Resolves: #1446087 services entries missing krbCanonicalName attribute.
- Changing cert-find to do not use only primary key to search in LDAP.
- Resolves: #1452763 ipa certmaprule change not reflected in krb5kdc workers
- ipa-kdb: reload certificate mapping rules periodically
- Resolves: #1455541 after upgrade login from web ui breaks
- kdc.key should not be visible to all
- Resolves: #1435606 Add pkinit_indicator option to KDC configuration
- ipa-kdb: add pkinit authentication indicator in case of a successful
certauth
- Resolves: #1455945 Enabling OCSP checks in mod_nss breaks certificate
issuance when ipa-ca records are not resolvable
- Turn off OCSP check
- Resolves: #1454483 rhel73 ipa ui - cannot del server - IPA Error 903 -
server_del - TypeError: 'NoneType' object is not iterable
- fix incorrect suffix handling in topology checks
-
Wed May 24 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-14.el7
- Resolves: #1438731 Extend ipa-server-certinstall and ipa-certupdate to
handle PKINIT certificates/anchors
- certdb: add named trust flag constants
- certdb, certs: make trust flags argument mandatory
- certdb: use custom object for trust flags
- install: trust IPA CA for PKINIT
- client install: fix client PKINIT configuration
- install: introduce generic Kerberos Augeas lens
- server install: fix KDC PKINIT configuration
- ipapython.ipautil.run: Add option to set umask before executing command
- certs: do not export keys world-readable in install_key_from_p12
- certs: do not export CA certs in install_pem_from_p12
- server install: fix KDC certificate validation in CA-less
- replica install: respect --pkinit-cert-file
- cacert manage: support PKINIT
- server certinstall: support PKINIT
- Resolves: #1444432 CA-less pkinit not installable with --pkinit-cert-file
option
- certs: do not export CA certs in install_pem_from_p12
- server install: fix KDC certificate validation in CA-less
- Resolves: #1451228 ipa-kra-install fails when primary KRA server has been
decommissioned
- ipa-kra-install: fix pkispawn setting for pki_security_domain_hostname
- Resolves: #1451712 KRA installation fails on server that was originally
installed as CA-less
- ipa-ca-install: append CA cert chain into /etc/ipa/ca.crt
- Resolves: #1441499 ipa cert-show does not raise error if no file name
specified
- ca/cert-show: check certificate_out in options
- Resolves: #1449522 Deprecate `ipa pkinit-anonymous` command in FreeIPA 4.5+
- Remove pkinit-anonymous command
- Resolves: #1449523 Provide an API command to retrieve PKINIT status
in the FreeIPA topology
- Allow for multivalued server attributes
- Refactor the role/attribute member reporting code
- Add an attribute reporting client PKINIT-capable servers
- Add the list of PKINIT servers as a virtual attribute to global config
- Add `pkinit-status` command
- test_serverroles: Get rid of MockLDAP and use ldap2 instead
- Resolves: #1452216 Replica installation grants HTTP principal access in WebUI
- Fix rare race condition with missing ccache file
- Resolves: #1455045 Simple service uninstallers must be able to handle
missing service files gracefully
- only stop/disable simple service if it is installed
- Resolves: #1455541 after upgrade login from web ui breaks
- krb5: make sure KDC certificate is readable
- Resolves: #1455862 "ipa: ERROR: an internal error has occurred" on executing
command "ipa cert-request --add" after upgrade
- Change python-cryptography to python2-cryptography
-
Thu May 18 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-13.el7
- Resolves: #1451804 "AttributeError: 'tuple' object has no attribute 'append'"
error observed during ipa upgrade with latest package.
- ipa-server-install: fix uninstall
- Resolves: #1445390 ipa-[ca|kra]-install with invalid DM password break
replica
- ca install: merge duplicated code for DM password
- installutils: add DM password validator
- ca, kra install: validate DM password
-
Tue May 16 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-12.el7
- Resolves: #1447284 Upgrade from ipa-4.1 fails when enabling KDC proxy
- python2-ipalib: add missing python dependency
- installer service: fix typo in service entry
- upgrade: add missing suffix to http instance
- Resolves: #1444791 Update man page of ipa-kra-install
- ipa-kra-install manpage: document domain-level 1
- Resolves: #1441493 ipa cert-show raises stack traces when
--certificate-out=/tmp
- cert-show: writable files does not mean dirs
- Resolves: #1441192 Add the name of URL parameter which will be check for
username during cert login
- Bump version of ipa.conf file
- Resolves: #1378797 Web UI must check OCSP and CRL during smartcard login
- Turn on NSSOCSP check in mod_nss conf
- Resolves: #1322963 Errors from AD when trying to sign ipa.csr, conflicting
template on
- renew agent: respect CA renewal master setting
- server upgrade: always fix certmonger tracking request
- cainstance: use correct profile for lightweight CA certificates
- renew agent: allow reusing existing certs
- renew agent: always export CSR on IPA CA certificate renewal
- renew agent: get rid of virtual profiles
- ipa-cacert-manage: add --external-ca-type
- Resolves: #1441593 error adding authenticator indicators to host
- Fixing adding authenticator indicators to host
- Resolves: #1449525 Set directory ownership in spec file
- Added plugins directory to ipaclient subpackages
- ipaclient: fix missing RPM ownership
- Resolves: #1451279 otptoken-add-yubikey KeyError: 'ipatokenotpdigits'
- otptoken-add-yubikey: When --digits not provided use default value