[ol7_latest_archive] ipa-server-dns-4.5.0-21.0.1.el7_4.1.2.noarch

Name:	ipa-server-dns
Version:	4.5.0
Release:	21.0.1.el7_4.1.2
Architecture:	noarch
Group:	System Environment/Base
Size:	49563
License:	GPLv3+
RPM:	ipa-server-dns-4.5.0-21.0.1.el7_4.1.2.noarch.rpm
Source RPM:	ipa-4.5.0-21.0.1.el7_4.1.2.src.rpm
Build Date:	Tue Sep 05 2017
Build Host:	x86-ol7-builder-01.us.oracle.com
Vendor:	Oracle America
URL:	http://www.freeipa.org/
Summary:	IPA integrated DNS server with support for automatic DNSSEC signing
Description:	IPA integrated DNS server with support for automatic DNSSEC signing. Integrated DNS server is BIND 9. OpenDNSSEC provides key management.

Changelog (Show File list) (Show related packages)

Tue Sep 05 2017 EL Errata <el-errata_ww@oracle.com> - 4.5.0-21.0.1.el7_4.1.2

- Blank out header-logo.png product-name.png
  Replace login-screen-logo.png [20362818]

Wed Aug 16 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-21.el7.1.2
```
- Fixing issues reported by Errata tool
```

Tue Aug 15 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-21.el7.1.1

- Resolves: #1477046 Use CommonNameToSANDefault in default profile
  (new installs only)
  - Restore old version of caIPAserviceCert for upgrade only

Tue Aug 01 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-21.el7.1

- Resolves: #1473272 Provide a tooling automating the configuration
  of Smart Card authentication on a FreeIPA master
  - smart-card advises: configure systemwide NSS DB also on master
  - smart-card advises: add steps to store smart card signing CA cert
  - Allow to pass in multiple CA cert paths to the smart card advises
  - add a class that tracks the indentation in the generated advises
  - delegate the indentation handling in advises to dedicated class
  - advise: add an infrastructure for formatting Bash compound statements
  - delegate formatting of compound Bash statements to dedicated classes
  - Fix indentation of statements in Smart card advises
  - Use the compound statement formatting API for configuring PKINIT
  - smart card advises: use a wrapper around Bash `for` loops
  - smart card advise: use password when changing trust flags on HTTP cert
  - smart-card-advises: ensure that krb5-pkinit is installed on client
- Resolves: #1477046 Use CommonNameToSANDefault in default profile 
  (new installs only)
  - Add CommonNameToSANDefault to default cert profile
- Resolves: #1475664 NULL LDAP context in call to ldap_search_ext_s
  during search in cn=ad,cn=trusts,dc=example,dc=com
  - NULL LDAP context in call to ldap_search_ext_s during search

Wed Jul 12 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-21.el7

- Resolves: #1470125 Replica install fails to configure IPA-specific
  temporary files/directories
  - replica install: drop-in IPA specific config to tmpfiles.d
- Resolves: #1469978 bind package is not automatically updated during
  ipa-server upgrade process
  - Bumped Required version of bind-dyndb-ldap and bind package

Tue Jun 27 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-20.el7

- Resolves: #1452216 Replica installation grants HTTP principal
  access in WebUI
  - Make sure we check ccaches in all rpcserver paths

Wed Jun 21 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-19.el7

- Resolves: #1462112 ipaserver installation fails in FIPS mode: OpenSSL
  internal error, assertion failed: Digest MD4 forbidden in FIPS mode!
  - ipa-sam: replace encode_nt_key() with E_md4hash() 
  - ipa_pwd_extop: do not generate NT hashes in FIPS mode
- Resolves: #1377973 ipa-server-install fails when the provided or resolved
  IP address is not found on local interfaces 
  - Fix local IP address validation 
  - ipa-dns-install: remove check for local ip address
  - refactor CheckedIPAddress class
  - CheckedIPAddress: remove match_local param
  - Remove ip_netmask from option parser
  - replica install: add missing check for non-local IP address
  - Remove network and broadcast address warnings

Thu Jun 15 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-18.el7

- Resolves: #1449189 ipa-kra-install timeouts on replica
  - kra: promote: Get ticket before calling custodia

Wed Jun 14 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-17.el7

- Resolve: #1455946 Provide a tooling automating the configuration 
  of Smart Card authentication on a FreeIPA master
  - server certinstall: update KDC master entry
  - pkinit manage: introduce ipa-pkinit-manage
  - server upgrade: do not enable PKINIT by default
  - Extend the advice printing code by some useful abstractions
  - Prepare advise plugin for smart card auth configuration
- Resolve: #1461053 allow to modify list of UPNs of a trusted forest
  - trust-mod: allow modifying list of UPNs of a trusted forest
  - WebUI: add support for changing trust UPN suffixes

Wed Jun 07 2017 Pavel Vomacka <pvomacka@redhat.com> - 4.5.0-16.el7

- Resolves: #1377973 ipa-server-install fails when the provided or resolved
  IP address is not found on local interfaces
  - Only warn when specified server IP addresses don't match intf
- Resolves: #1438016 gssapi errors after IPA server upgrade
  - Bump version of python-gssapi
- Resolves: #1457942 certauth: use canonical principal for lookups
  - ipa-kdb: use canonical principal in certauth plugin
- Resolves: #1459153 Do not send Max-Age in ipa_session cookie to avoid
  breaking older clients
  - Add code to be able to set default kinit lifetime
  - Revert setting sessionMaxAge for old clients