Name: | ipa-client-common |
---|---|
Version: | 4.5.0 |
Release: | 21.0.1.el7_4.1.2 |
Architecture: | noarch |
Group: | System Environment/Base |
Size: | 44969 |
License: | GPLv3+ |
RPM: | ipa-client-common-4.5.0-21.0.1.el7_4.1.2.noarch.rpm |
Source RPM: | ipa-4.5.0-21.0.1.el7_4.1.2.src.rpm |
Build Date: | Tue Sep 05 2017 |
Build Host: | x86-ol7-builder-01.us.oracle.com |
Vendor: | Oracle America |
URL: | http://www.freeipa.org/ |
Summary: | Common files used by IPA client |
Description: | IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). If your network uses IPA for authentication, this package should be installed on every client machine. |
- Blank out header-logo.png product-name.png Replace login-screen-logo.png [20362818]
- Fixing issues reported by Errata tool
- Resolves: #1477046 Use CommonNameToSANDefault in default profile (new installs only) - Restore old version of caIPAserviceCert for upgrade only
- Resolves: #1473272 Provide a tooling automating the configuration of Smart Card authentication on a FreeIPA master - smart-card advises: configure systemwide NSS DB also on master - smart-card advises: add steps to store smart card signing CA cert - Allow to pass in multiple CA cert paths to the smart card advises - add a class that tracks the indentation in the generated advises - delegate the indentation handling in advises to dedicated class - advise: add an infrastructure for formatting Bash compound statements - delegate formatting of compound Bash statements to dedicated classes - Fix indentation of statements in Smart card advises - Use the compound statement formatting API for configuring PKINIT - smart card advises: use a wrapper around Bash `for` loops - smart card advise: use password when changing trust flags on HTTP cert - smart-card-advises: ensure that krb5-pkinit is installed on client - Resolves: #1477046 Use CommonNameToSANDefault in default profile (new installs only) - Add CommonNameToSANDefault to default cert profile - Resolves: #1475664 NULL LDAP context in call to ldap_search_ext_s during search in cn=ad,cn=trusts,dc=example,dc=com - NULL LDAP context in call to ldap_search_ext_s during search
- Resolves: #1470125 Replica install fails to configure IPA-specific temporary files/directories - replica install: drop-in IPA specific config to tmpfiles.d - Resolves: #1469978 bind package is not automatically updated during ipa-server upgrade process - Bumped Required version of bind-dyndb-ldap and bind package
- Resolves: #1452216 Replica installation grants HTTP principal access in WebUI - Make sure we check ccaches in all rpcserver paths
- Resolves: #1462112 ipaserver installation fails in FIPS mode: OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! - ipa-sam: replace encode_nt_key() with E_md4hash() - ipa_pwd_extop: do not generate NT hashes in FIPS mode - Resolves: #1377973 ipa-server-install fails when the provided or resolved IP address is not found on local interfaces - Fix local IP address validation - ipa-dns-install: remove check for local ip address - refactor CheckedIPAddress class - CheckedIPAddress: remove match_local param - Remove ip_netmask from option parser - replica install: add missing check for non-local IP address - Remove network and broadcast address warnings
- Resolves: #1449189 ipa-kra-install timeouts on replica - kra: promote: Get ticket before calling custodia
- Resolve: #1455946 Provide a tooling automating the configuration of Smart Card authentication on a FreeIPA master - server certinstall: update KDC master entry - pkinit manage: introduce ipa-pkinit-manage - server upgrade: do not enable PKINIT by default - Extend the advice printing code by some useful abstractions - Prepare advise plugin for smart card auth configuration - Resolve: #1461053 allow to modify list of UPNs of a trusted forest - trust-mod: allow modifying list of UPNs of a trusted forest - WebUI: add support for changing trust UPN suffixes
- Resolves: #1377973 ipa-server-install fails when the provided or resolved IP address is not found on local interfaces - Only warn when specified server IP addresses don't match intf - Resolves: #1438016 gssapi errors after IPA server upgrade - Bump version of python-gssapi - Resolves: #1457942 certauth: use canonical principal for lookups - ipa-kdb: use canonical principal in certauth plugin - Resolves: #1459153 Do not send Max-Age in ipa_session cookie to avoid breaking older clients - Add code to be able to set default kinit lifetime - Revert setting sessionMaxAge for old clients