Name: | ipa-server |
Version: | 4.6.4 |
Release: | 10.0.1.el7_6.6 |
Architecture: | aarch64 |
Group: | System Environment/Base |
Size: | 1870437 |
License: | GPLv3+ |
RPM: |
ipa-server-4.6.4-10.0.1.el7_6.6.aarch64.rpm
|
Source RPM: |
ipa-4.6.4-10.0.1.el7_6.6.src.rpm
|
Build Date: | Mon Jul 29 2019 |
Build Host: | ca-buildarm02.us.oracle.com |
Vendor: | Oracle America |
URL: | http://www.freeipa.org/ |
Summary: | The IPA authentication server |
Description: | IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package. |
-
Mon Jul 29 2019 EL Errata <el-errata_ww@oracle.com> - 4.6.4-10.0.1
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [20362818]
-
Thu Jun 06 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-10.el7_6.6
- Resolves: 1716882 - ERROR: invalid 'PKINIT enabled server': all masters must have IPA master role enabled
- Consider configured servers as valid
-
Mon Feb 04 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-10.el7_6.3
- Resolves: 1672343 pki spawn fails for IPA replica install from RHEL6 IPA master
- Update mod_nss cipher list so there is overlap with a 4.x master
- Resolves: 1672342 Fix compile issue with new 389-ds
- ipa-sidgen: make internal fetch_attr helper really internal
- Resolves: 1672176 host_del and host_disable fails, ra.find() search for every certificates instead of the host's certificate by subject
- Add workaround for slow host/service del
- Optimize cert remove case
- Resolves: 1672238 The ipa-replica-install command failed, exception: ValidationError: invalid 'dnszoneidnsname': only master zones can contain record
- replica installation: add master record only if in managed zone
- ipatests: add test for replica in forward zone
-
Tue Dec 18 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-10.el7_6.2
- Resolves: 1659492 searching for ipa users by certificate fails
- ipaldap.py: fix method creating a ldap filter for IPACertificate
- ipatests: add xmlrpc test for user|host-find --certificate
- Resolves: 1659509 IPA Upgrade failed with "unable to convert the attribute u'cACertificate;binary'"
- ipa upgrade: handle double-encoded certificates
- ipatests: add upgrade test for double-encoded cacert
- ipatests: fix TestUpgrade::test_double_encoded_cacert
- Resolves: 1659500 'ipa vault-retrieve' is failing with "ipa: ERROR: an internal error has occurred"
- Add a shared-vault-retrieve test
- Add a "Find enabled services" ACI in 20-aci.update so that all users can find IPA servers and services. ACI suggested by Christian Heimes.
- Resolves: 1659511 ipa-pkinit-manage reports a switch from local pkinit to full pkinit configuration was successful although it was not.
- ipatest: add test for ipa-pkinit-manage enable|disable
- PKINIT: fix ipa-pkinit-manage enable|disable
- Resolves: 1659499 automember-rebuild crashes
- Find orphan automember rules
- Resolves: 1660389 ipa-replica-install fails migrating RHEL 6 to 7
- replication: check remote ds version before editing attributes
-
Tue Sep 18 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-10.el7
- Resolves: 1630361 PKINIT fails in FIPS mode
- Ensure that public cert and CA bundle are readable
- Always make ipa.p11-kit world-readable
- Make /etc/httpd/alias world readable & executable
- Fix permission of public files in upgrader
-
Mon Sep 10 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-9.el7
- Resolves: #1624755 Re-installing replica on the same system displays 'WARNING: cannot check if port 443 is already configured'
- ipa-replica-install: properly use the file store
- Resolves: #1623486 PKINIT configuration did not succeed message is received during Replica-install
- ipa-replica-install: fix pkinit setup
- Related: #1624289 AVC denials noticed during test execution for SUB-CA test-suite in FIPS mode
- Update minimum selinux-policy to 3.13.1-224
-
Tue Sep 04 2018 Tibor Dudlák <tdudlak@redhat.com> - 4.6.4-8.el7
- Resolves #1508498 Authn/TOTP defined users periodically prompt for just password credentials to access resources
- Clear next field when returnining list elements in queue.c
- Add cmocka unit tests for ipa otpd queue code
- Resolves #1622168 ipa-otpd: fix potential double-free and infinite loop in queue code
- Clear next field when returnining list elements in queue.c
- Add cmocka unit tests for ipa otpd queue code
- Resolves #1603444 ipa-server-install script is failing when using the "--no-dnssec-validation" parameter combined with the "--forwarder"
- ipa-server-install: do not perform forwarder validation with --no-dnssec-validation
-
Wed Aug 29 2018 Tibor Dudlák <tdudlak@redhat.com> - 4.6.4-7.el7
- Resolves: #1609882 ipaserver/plugins/cert.py: Add reason to raise of errors.NotFound
- ipaserver/plugins/cert.py: Added reason to raise of errors.NotFound
- Resolves: #1598662 Replica installation fails with connection refused error
- Do not set ca_host when --setup-ca is used
- Resolves: #1577108 Improve Custodia client and key distribution handling
- Fix KRA replica installation from CA master
- Resolves: #1515314 ipa-replica-install fails with PIN error [ CA-less environment ]
- Fix ipa-replica-install when key not protected by PIN
- Resolves: #1480502 ipa server uninstall with -v option displays "IOError: [Errno 9] Bad file descriptor Logged from file ipautil.py, line 442"
- uninstall -v: remove Tracebacks
- Resolves: #1368345 Replace ERROR: cannot connect to 'http://localhost:8888/ipa/json': [Errno 111] Connection refused with 'IPA is not configured on this system'
- ipa commands: print 'IPA is not configured' when ipa is not setup
- Disable message about log in ipa-backup if IPA is not configured
- Resolves: #1591824 Installation of replica against a specific master
- Do not set ca_host when --setup-ca is used
- Resolves: #1594141 Replication races in DogtagInstance.setup_admin
- Catch ACIError instead of invalid credentials
- Resolves: #1623112 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager
- DS replication settings: fix regression with <3.3 master
- Resolves: #1623113 Replica install: certmonger sometimes fails
- Wait for client certificates
- Auto-retry failed certmonger requests
-
Fri Aug 17 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.4-6.el7
- Resolves: #1590647 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7
- In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange
- Resolves: #1600074 ipa-server-upgrade displays 'DN: cn=Schema Compatibility,cn=plugins,cn=config does not exists or haven't been updated'
- Re-open the ldif file to prevent error message
- Resolves: #1608783 ipa trust-add fails in FIPS mode.
- Move fips_enabled to a common library to share across different plugins
- ipasam: do not use RC4 in FIPS mode
-
Mon Aug 13 2018 Tibor Dudlák <tdudlak@redhat.com> - 4.6.4-5.el7
- Resolves: #1607616 Traceback in messages file during ipa-server-install: File "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit", line 541, in <module>#012
- Removing filesystem encoding check
- Resolves: #1598044 plugable.py:491:bootstrap:SystemEncodingError: System encoding must be UTF-8, 'ANSI_X3.4-1968' is not supported.
- Removing filesystem encoding check