[ol7_latest_archive] ipa-server-trust-ad-4.2.0-15.0.1.el7.x86_64

Name:	ipa-server-trust-ad
Version:	4.2.0
Release:	15.0.1.el7
Architecture:	x86_64
Group:	System Environment/Base
Size:	343720
License:	GPLv3+
RPM:	ipa-server-trust-ad-4.2.0-15.0.1.el7.x86_64.rpm
Source RPM:	ipa-4.2.0-15.0.1.el7.src.rpm
Build Date:	Fri Nov 20 2015
Build Host:	x86-ol7-builder-02.us.oracle.com
Vendor:	Oracle America
URL:	http://www.freeipa.org/
Summary:	Virtual package to install packages required for Active Directory trusts
Description:	Cross-realm trusts with Active Directory in IPA require working Samba 4 installation. This package is provided for convenience to install all required dependencies at once.

Changelog (Show File list) (Show related packages)

Thu Nov 19 2015 EL Errata <el-errata_ww@oracle.com> - 4.2.0-15.0.1

- Drop redhat-access-plugin-ipa requires for OL7
  Blank out header-logo.png product-name.png
  Replace login-screen-logo.png [20362818]

Tue Oct 13 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-15

- Resolves: #1252556 Missing CLI param and ACL for vault service operations
  - vault: fix private service vault creation

Mon Oct 12 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-14

- Resolves: #1262996 ipa vault internal error on replica without KRA
  - upgrade: make sure ldap2 is connected in export_kra_agent_pem
- Resolves: #1270608 IPA upgrade fails for server with CA cert signed by
  external CA
  - schema: do not derive ipaVaultPublicKey from ipaPublicKey

Thu Oct 08 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-13

- Resolves: #1217009 OTP sync in UI does not work for TOTP tokens
  - Fix an integer underflow bug in libotp
- Resolves: #1262996 ipa vault internal error on replica without KRA
  - install: always export KRA agent PEM file
  - vault: select a server with KRA for vault operations
- Resolves: #1269777 IPA restore overwrites /etc/passwd and /etc/group files
  - do not overwrite files with local users/groups when restoring authconfig
- Renamed patch 1011 to 0138, as it was merged upstream

Wed Sep 23 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-12

- Resolves: #1204205 [RFE] ID Views: Automated migration tool from Winsync to
  Trusts
  - winsync-migrate: Convert entity names to posix friendly strings
  - winsync-migrate: Properly handle collisions in the names of external groups
- Resolves: #1261074 Adjust Firefox configuration to new extension signing
  policy
  - webui: use manual Firefox configuration for Firefox >= 40
- Resolves: #1263337 IPA Restore failed with installed KRA
  - ipa-backup: Add mechanism to store empty directory structure
- Resolves: #1264793 CVE-2015-5284 ipa: ipa-kra-install includes certificate
  and private key in world readable file [rhel-7.2]
  - install: fix KRA agent PEM file permissions
- Resolves: #1265086 Mark IdM API Browser as experimental
  - WebUI: add API browser is experimental warning
- Resolves: #1265277 Fix kdcproxy user creation
  - install: create kdcproxy user during server install
  - platform: add option to create home directory when adding user
  - install: fix kdcproxy user home directory
- Resolves: #1265559 GSS failure after ipa-restore
  - destroy httpd ccache after stopping the service

Thu Sep 17 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-11

- Resolves: #1258965 ipa vault: set owner of vault container
  - baseldap: make subtree deletion optional in LDAPDelete
  - vault: add vault container commands
  - vault: set owner to current user on container creation
  - vault: update access control
  - vault: add permissions and administrator privilege
  - install: support KRA update
- Resolves: #1261586 ipa config-mod addattr fails for ipauserobjectclasses
  - config: allow user/host attributes with tagging options
- Resolves: #1262315 Unable to establish winsync replication
  - winsync: Add inetUser objectclass to the passsync sysaccount

Wed Sep 16 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-10

- Resolves: #1260663 crash of ipa-dnskeysync-replica component during
  ipa-restore
  - IPA Restore: allows to specify files that should be removed
- Resolves: #1261806 Installing ipa-server package breaks httpd
  - Handle timeout error in ipa-httpd-kdcproxy
- Resolves: #1262322 Failed to backup CS.cfg message in upgrade.
  - Server Upgrade: backup CS.cfg when dogtag is turned off

Wed Sep 09 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-9

- Resolves: #1257074 The KRA agent cert is stored in a PEM file that is not
  tracked
  - cert renewal: Include KRA users in Dogtag LDAP update
  - cert renewal: Automatically update KRA agent PEM file
- Resolves: #1257163 renaming certificatte profile with --rename option leads
  to integrity issues
  - certprofile: remove 'rename' option
- Resolves: #1257968 kinit stop working after ipa-restore
  - Backup: back up the hosts file
- Resolves: #1258926 Remove 'DNSSEC is experimental' warnings
  - DNSSEC: remove "DNSSEC is experimental" warnings
- Resolves: #1258929 Uninstallation of IPA leaves extra entry in /etc/hosts
  - Installer: do not modify /etc/hosts before user agreement
- Resolves: #1258944 DNSSEC daemons may deadlock when processing more than 1
  zone
  - DNSSEC: backup and restore opendnssec zone list file
  - DNSSEC: remove ccache and keytab of ipa-ods-exporter
  - DNSSEC: prevent ipa-ods-exporter from looping after service auto-restart
  - DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interaction
  - DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC
    key master
  - DNSSEC: Fix key metadata export
  - DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5.
- Resolves: #1258964 revert to use ldapi to add kra agent in KRA install
  - Using LDAPI to setup CA and KRA agents.
- Resolves: #1259848 server closes connection and refuses commands after
  deleting user that is still logged in
  - ldap: Make ldap2 connection management thread-safe again
- Resolves: #1259996 AttributeError: 'NameSpace' object has no attribute
  'ra_certprofile' while ipa-ca-install
  - load RA backend plugins during standalone CA install on CA-less IPA master

Wed Aug 26 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-8

- Resolves: #1254689 Storing big file as a secret in vault raises traceback
  - vault: Limit size of data stored in vault
- Resolves: #1255880 ipactl status should distinguish between different
  pki-tomcat services
  - ipactl: Do not start/stop/restart single service multiple times

Wed Aug 26 2015 Jan Cholasta <jcholast@redhat.com> - 4.2.0-7

- Resolves: #1256840 [webui] majority of required fields is no longer marked as
  required
  - fix missing information in object metadata
- Resolves: #1256842 [webui] no option to choose trust type when creating a
  trust
  - webui: add option to establish bidirectional trust
- Resolves: #1256853 Clear text passwords in KRA install log
  - Removed clear text passwords from KRA install log.
- Resolves: #1257072 The "Standard Vault" MUST not be the default and must be
  discouraged
  - vault: change default vault type to symmetric
- Resolves: #1257163 renaming certificatte profile with --rename option leads
  to integrity issues
  - certprofile: prevent rename (modrdn)