Name: | ipa-server-common |
Version: | 4.4.0 |
Release: | 14.0.1.el7_3.7 |
Architecture: | noarch |
Group: | System Environment/Base |
Size: | 2108788 |
License: | GPLv3+ |
RPM: |
ipa-server-common-4.4.0-14.0.1.el7_3.7.noarch.rpm
|
Source RPM: |
ipa-4.4.0-14.0.1.el7_3.7.src.rpm
|
Build Date: | Wed Apr 12 2017 |
Build Host: | x86-ol7-builder-02.us.oracle.com |
Vendor: | Oracle America |
URL: | http://www.freeipa.org/ |
Summary: | Common files used by IPA server |
Description: | IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package. |
-
Wed Apr 12 2017 EL Errata <el-errata_ww@oracle.com> - 4.4.0-14.0.1.7
- Blank out header-logo.png product-name.png
Replace login-screen-logo.png [20362818]
-
Tue Mar 14 2017 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.7
- Resolves: #1429872 ipa-replica-install fails promotecustodia.create_replica
with cert errors (untrusted)
- added ssl verification using IPA trust anchor
- Resolves: #1430674 batch param compatibility is incorrect
- compat: fix `Any` params in `batch` and `dnsrecord`
- Renamed patches 1011 and 1012 to 0159 and 0157, as they were merged upstream
-
Tue Jan 31 2017 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.6
- Resolves: #1416488 replication race condition prevents IPA to install
- wait_for_entry: use only DN as parameter
- Wait until HTTPS principal entry is replicated to replica
- Use proper logging for error messages
-
Tue Jan 31 2017 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.5
- Resolves: #1410760 ipa-ca-install fails on replica when IPA Master is
installed without CA
- Set up DS TLS on replica in CA-less topology
- Resolves: #1413137 CVE-2017-2590 ipa: Insufficient permission check for
ca-del, ca-disable and ca-enable commands
- ca: correctly authorise ca-del, ca-enable and ca-disable
- Resolves: #1416481 IPA replica install fails with dirsrv errors.
- Do not configure PKI ajp redirection to use "::1"
-
Fri Dec 16 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.4
- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services
by abusing password policy
- ipa-kdb: search for password policies globally
- Renamed patches 1011 and 1012 to 0151 and 0150, as they were merged upstream
-
Tue Dec 13 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.3
- Resolves: #1404338 Check IdM Topology for broken record caused by replication
conflict before upgrading it
- Check for conflict entries before raising domain level
-
Tue Dec 13 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.2
- Resolves: #1401953 ipa-ca-install on promoted replica hangs on creating a
temporary CA admin
- replication: ensure bind DN group check interval is set on replica config
- add missing attribute to ipaca replica during CA topology update
- Resolves: #1404169 IPA upgrade of replica without DNS fails during restart of
named-pkcs11
- bindinstance: use data in named.conf to determine configuration status
- Resolves: #1404171 Creation of replica for disconnected environment is
failing with CA issuance errors; Need good steps.
- gracefully handle setting replica bind dn group on old masters
-
Mon Dec 12 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14.1
- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services
by abusing password policy
- password policy: Add explicit default password policy for hosts and
services
- Resolves: #1395311 CVE-2016-9575 ipa: Insufficient permission check in
certprofile-mod
- certprofile-mod: correctly authorise config update
-
Tue Nov 01 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-14
- Resolves: #1378353 Replica install fails with old IPA master sometimes during
replication process
- spec file: bump minimal required version of 389-ds-base
- Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1
- Fix missing file that fails DL1 replica installation
- Resolves: #1387782 WebUI: Services are not displayed correctly after upgrade
- WebUI: services without canonical name are shown correctly
- Resolves: #1389709 Traceback seen in error_log when trustdomain-del is run
- trustdomain-del: fix the way how subdomain is searched
-
Mon Oct 31 2016 Jan Cholasta <jcholast@redhat.com> - 4.4.0-13
- Resolves: #1318616 CA fails to start after doing ipa-ca-install --external-ca
- Keep NSS trust flags of existing certificates
- Resolves: #1360813 ipa-server-certinstall does not update all certificate
stores and doesn't set proper trust permissions
- Add cert checks in ipa-server-certinstall
- Resolves: #1371479 cert-find --all does not show information about revocation
- cert: add revocation reason back to cert-find output
- Resolves: #1375133 WinSync users who have First.Last casing creates users who
can have their password set
- ipa passwd: use correct normalizer for user principals
- Resolves: #1377858 Users with 2FA tokens are not able to login to IPA servers
- Properly handle LDAP socket closures in ipa-otpd
- Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1
- Make httpd publish its CA certificate on DL1