| Name: | ipa-client |
|---|---|
| Version: | 4.5.0 |
| Release: | 21.0.2.el7_4.2.2 |
| Architecture: | x86_64 |
| Group: | System Environment/Base |
| Size: | 256496 |
| License: | GPLv3+ |
| RPM: | ipa-client-4.5.0-21.0.2.el7_4.2.2.x86_64.rpm |
| Source RPM: | ipa-4.5.0-21.0.2.el7_4.2.2.src.rpm |
| Build Date: | Fri Oct 20 2017 |
| Build Host: | x86-ol7-builder-01.us.oracle.com |
| Vendor: | Oracle America |
| URL: | http://www.freeipa.org/ |
| Summary: | IPA authentication for use on clients |
| Description: | IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). If your network uses IPA for authentication, this package should be installed on every client machine. This package provides command-line tools for IPA administrators. |
- Rebuild
- Blank out header-logo.png product-name.png Replace login-screen-logo.png [20362818]
- Resolves: #1493410 ipa-server-upgrade timeouts on wait_for_open ports
expecting IPA services listening on IPv6 ports
- Make sure upgrade also checks for IPv6 stack
- control logging of host_port_open from caller
- log progress of wait_for_open_ports
- Resolves: #1493411 ipa help command returns traceback when no cache
is present
- Store help in Schema before writing to disk
- Disable pylint in get_help function because of type confusion.
- Resolves: #1486794 - [ipa-replica-install] - 406 Client Error: Failed to
validate message: Incorrect number of results (0) searching forpublic
key for host
- Always check peer has keys before connecting
- Resolves: #1489300 - Unable to set ca renewal master on replica
- Fix ipa config-mod --ca-renewal-master
- Resolves: #1489815 - TypeError in renew_ca_cert prevents from swiching
back to self-signed CA
- Backport PR 988 to ipa-4-5 Fix Certificate renewal (with ext ca)
- Resolves: #1489817 - ipa-server-upgrade failes with "This entry already exists"
- Backport PR 1008 to ipa-4-5 Fix ipa-server-upgrade: This entry already exists
- Resolves: #1490331 - FreeIPA/IdM installations which were upgraded from
versions with 389 DS prior to 1.3.3.0 doesn't have whomai plugin enabled and
thus startup of Web UI fails
- Adds whoami DS plugin in case that plugin is missing
- Resolves: #1491545 - IPA WebUI does not work after upgrade from IPA 4.4 to 4.5
- Fixing how sssd.conf is updated when promoting a client to replica
- Resolves: #1492616 - ipa-otptoken-import - XML file is missing PBKDF2
parameters!
- ipa-otptoken-import: Make PBKDF2 refer to the pkcs5 namespace
- Resolves: #1493153 - Updating from RHEL 7.3 fails with Server-Cert not found
(ipa-server-upgrade)
- Backport 4-5: Fix ipa-server-upgrade with server cert tracking
- Fixing issues reported by Errata tool
- Resolves: #1477046 Use CommonNameToSANDefault in default profile (new installs only) - Restore old version of caIPAserviceCert for upgrade only
- Resolves: #1473272 Provide a tooling automating the configuration of Smart Card authentication on a FreeIPA master - smart-card advises: configure systemwide NSS DB also on master - smart-card advises: add steps to store smart card signing CA cert - Allow to pass in multiple CA cert paths to the smart card advises - add a class that tracks the indentation in the generated advises - delegate the indentation handling in advises to dedicated class - advise: add an infrastructure for formatting Bash compound statements - delegate formatting of compound Bash statements to dedicated classes - Fix indentation of statements in Smart card advises - Use the compound statement formatting API for configuring PKINIT - smart card advises: use a wrapper around Bash `for` loops - smart card advise: use password when changing trust flags on HTTP cert - smart-card-advises: ensure that krb5-pkinit is installed on client - Resolves: #1477046 Use CommonNameToSANDefault in default profile (new installs only) - Add CommonNameToSANDefault to default cert profile - Resolves: #1475664 NULL LDAP context in call to ldap_search_ext_s during search in cn=ad,cn=trusts,dc=example,dc=com - NULL LDAP context in call to ldap_search_ext_s during search
- Resolves: #1470125 Replica install fails to configure IPA-specific temporary files/directories - replica install: drop-in IPA specific config to tmpfiles.d - Resolves: #1469978 bind package is not automatically updated during ipa-server upgrade process - Bumped Required version of bind-dyndb-ldap and bind package
- Resolves: #1452216 Replica installation grants HTTP principal access in WebUI - Make sure we check ccaches in all rpcserver paths
- Resolves: #1462112 ipaserver installation fails in FIPS mode: OpenSSL internal error, assertion failed: Digest MD4 forbidden in FIPS mode! - ipa-sam: replace encode_nt_key() with E_md4hash() - ipa_pwd_extop: do not generate NT hashes in FIPS mode - Resolves: #1377973 ipa-server-install fails when the provided or resolved IP address is not found on local interfaces - Fix local IP address validation - ipa-dns-install: remove check for local ip address - refactor CheckedIPAddress class - CheckedIPAddress: remove match_local param - Remove ip_netmask from option parser - replica install: add missing check for non-local IP address - Remove network and broadcast address warnings