[ol9_appstream] ipa-server-trust-ad-4.11.0-15.0.1.el9_4.aarch64

Cross-realm trusts with Active Directory in IPA require working Samba 4
installation. This package is provided for convenience to install all required
dependencies at once.

Changelog (Show File list) (Show related packages)

• Mon Jun 10 2024 EL Errata <el-errata_ww@oracle.com> - 4.11.0-15.0.1

  - Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]
  - Add bind to ipa-server-common Requires [Orabug: 36518596]

• Tue May 21 2024 Julien Rische <jrische@redhat.com> - 4.11.0-15

  - Resolves: RHEL-32231 CVE-2024-3183 ipa: freeipa: user can obtain a hash of the passwords of all domain users and perform offline brute force
  - Resolves: RHEL-31409 CVE-2024-2698 ipa: freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

• Fri Mar 29 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-10

  - Resolves: RHEL-23377 Enforce OTP for ldap bind (in some scenarios)
  - Resolves: RHEL-29745 Unable to re-add broken AD trust - NT_STATUS_INVALID_PARAMETER
  - Resolves: RHEL-30905 Backport latest test fixes in ipa

• Thu Mar 07 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-9

  - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode
  - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure

• Tue Feb 20 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-8

  - Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available

• Fri Feb 16 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-7

  - Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available
  - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests

• Fri Feb 09 2024 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-6

  - Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified
  - Resolves: RHEL-23625 sidgen plugin does not ignore staged users
  - Resolves: RHEL-23621 session cookie can't be read
  - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-17996 Memory leak in IdM's KDC

• Thu Jan 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-5

  - Resolves: RHEL-12589 ipa: Invalid CSRF protection
  - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit
  - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca'
  - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-21810 ipa-client-install --automount-location does not work
  - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0
  - Resolves: RHEL-21812 Backport latest test fixes in ipa
  - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa
  - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing
  - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor

• Fri Dec 01 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-4

  - Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid()

• Mon Nov 20 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-3

  - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'