[ol7_latest] ipa-server-dns-4.5.4-10.0.1.el7_5.4.4.noarch

IPA integrated DNS server with support for automatic DNSSEC signing.
Integrated DNS server is BIND 9. OpenDNSSEC provides key management.

Changelog (Show File list) (Show related packages)

• Tue Sep 25 2018 EL Errata <el-errata_ww@oracle.com> - 4.5.4-10.0.1

  - Blank out header-logo.png product-name.png
  - Replace login-screen-logo.png [20362818]

• Fri Sep 07 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-10.el7_5.4.4

  - Resolves: #1626379 PKINIT configuration did not succeed message is received during Replica-install
    - ipa-replica-install: fix pkinit setup

• Mon Sep 03 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-10.el7.4.3

  - Resolves: #1624811 ipa-otpd: fix potential double-free and infinite loop in queue code
    - Clear next field when returnining list elements in queue.c
    - Add cmocka unit tests for ipa otpd queue code

• Thu Aug 30 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-10.el7.4.2

  - Resolves: #1623673 SRV lookup doesn't correctly sort results
    - Sort and shuffle SRV record by priority and weight
  - Resolves: #1623679 Installation of replica against a specific master
    - Always set ca_host when installing replica
    - Query for server role IPA master
    - Only create DNS SRV records for ready server
    - Delay enabling services until end of installer
    - replicainstall: DS SSL replica install pick right certmonger host
    - Fix race condition in get_locations_records()
    - Fix DNSSEC install regression
    - Handle races in replica config
    - Fix KRA replica installation from CA master
    - Do not set ca_host when --setup-ca is used
  - Resolves: #1623676 Replication races in DogtagInstance.setup_admin
    - Improve and fix timeout bug in wait_for_entry()
    - Use common replication wait timeout of 5min
    - Fix replication races in Dogtag admin code
    - Catch ACIError instead of invalid credentials
  - Resolves: #1623680 Increase WSGI worker process count
    - Increase WSGI process count to 5 on 64bit
    - Use 4 WSGI workers on 64bit systems
  - Resolves: #1623669 ipa-replica-install defines nsds5replicabinddngroup before the group contains the DN of the replication manager
    - DS replication settings: fix regression with <3.3 master
  - Resolves: #1623668 Replica install: certmonger sometimes fails
    - Auto-retry failed certmonger requests
    - Wait for client certificates

• Thu Aug 16 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-10.el7.4

  - Resolves: #1615983 ipa-restore fails on newly installed system.
    - Fix ipa-restore: create /var/run/ipa files
  - Resolves: #1615966 ipa-replica-manage re-initialize TypeError: 'NoneType' object does not support item assignment
    - Check if replication agreement exist before enable/disable it
  - Resolves: #1615984 ldapmodify userPassword reflects on krblastpwdchange on RHEL6 but not RHEL7
    - Tests: add integration test for password changes by dir mgr
    - In IPA 4.4 when updating userpassword with ldapmodify does not update krbPasswordExpiration nor krbLastPwdChange
  - Resolves: #1615893 nsds5ReplicaReleaseTimeout should be set by default.
    - Tune DS replication settings
  - Resolves: #1615964 Authn/TOTP defined users periodically prompt for just password credentials to access resources
    - Fix elements not being removed in otpd_queue_pop_msgid()

• Mon Jun 11 2018 Rob Crittenden <rcritten@redhat.com> - 4.5.4-10.el7.3

  - Resolves: #1579190 Improve Custodia client and key distribution handling
    - Use single Custodia instance in installers

• Tue May 15 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-10.el7.2

  - Resolves: #1579189 nsds5ReplicaReleaseTimeout should be set by default
    - Add nsds5ReplicaReleaseTimeout to replica config
    - Fix upgrade (update_replica_config) in single master mode
  - Resolves: #1579190 Improve Custodia client and key distribution handling
    - Use single Custodia instance in installers
  - Resolves: #1579203 4.5.0 -> 4.5.4 upgrade breaks in ipa-server-upgrade: No such file or directory: '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg'
    - Don't try to backup CS.cfg during upgrade if CA is not configured

• Tue Apr 10 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-10.el7.1

  - Resolves: #1565519 Clarify the need to restart services in ipa-server-certinstall(1)
    - Add a notice to restart ipa services after certs are installed
  - Resolves: #1564390 OTP and Radius Authentication does not work in FIPS mode
    - Fix OTP validation in FIPS mode
    - Increase the default token key size
    - Revert "Don't allow OTP or RADIUS in FIPS mode"
    - Log errors from NSS during FIPS OTP key import
  - Resolves: #1565520 ipa client pointing to replica shows KDC has no support for encryption type
    - ipa-replica-install: make sure that certmonger picks the right master
  - Resolves: #1565605 DNS records updated with all IPAddresses of an interface when IPA server/replica try to install with Specific IP address of that interface
    - replica-install: pass --ip-address to client install

• Wed Feb 07 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-10.el7

  - Resolves: #1540361 ipa-advise for smartcards is out-of-date
    - ipa-advise for smartcards updated

• Mon Jan 15 2018 Florence Blanc-Renaud <frenaud@redhat.com> - 4.5.4-9.el7

  - Resolves: #1458169 --force-join option is not mentioned in ipa-replica-install man page
    - Add --force-join into ipa-replica-install manpage
  - Resolves: #1457876 ipa-backup fails silently
    - Changed ownership of ldiffile to DS_USER
  - Resolves: #1409786 Second phase of --external-ca ipa-server-install setup fails when dirsrv is not running
    - Checks if Dir Server is installed and running before IPA installation
  - Resolves: #1452086 Pagination Size under Customization in IPA WebUI accepts negative values
    - WebUI: Add positive number validator
    - WebUI: change validator of page size settings
    - WebUI: fix jslint error