| Name: | ipa-server |
|---|---|
| Version: | 4.2.0 |
| Release: | 15.0.1.el7 |
| Architecture: | x86_64 |
| Group: | System Environment/Base |
| Size: | 5155207 |
| License: | GPLv3+ |
| RPM: | ipa-server-4.2.0-15.0.1.el7.x86_64.rpm |
| Source RPM: | ipa-4.2.0-15.0.1.el7.src.rpm |
| Build Date: | Fri Nov 20 2015 |
| Build Host: | x86-ol7-builder-02.us.oracle.com |
| Vendor: | Oracle America |
| URL: | http://www.freeipa.org/ |
| Summary: | The IPA authentication server |
| Description: | IPA is an integrated solution to provide centrally managed Identity (machine, user, virtual machines, groups, authentication credentials), Policy (configuration settings, access control information) and Audit (events, logs, analysis thereof). If you are installing an IPA server you need to install this package (in other words, most people should NOT install this package). |
- Drop redhat-access-plugin-ipa requires for OL7 Blank out header-logo.png product-name.png Replace login-screen-logo.png [20362818]
- Resolves: #1252556 Missing CLI param and ACL for vault service operations - vault: fix private service vault creation
- Resolves: #1262996 ipa vault internal error on replica without KRA - upgrade: make sure ldap2 is connected in export_kra_agent_pem - Resolves: #1270608 IPA upgrade fails for server with CA cert signed by external CA - schema: do not derive ipaVaultPublicKey from ipaPublicKey
- Resolves: #1217009 OTP sync in UI does not work for TOTP tokens - Fix an integer underflow bug in libotp - Resolves: #1262996 ipa vault internal error on replica without KRA - install: always export KRA agent PEM file - vault: select a server with KRA for vault operations - Resolves: #1269777 IPA restore overwrites /etc/passwd and /etc/group files - do not overwrite files with local users/groups when restoring authconfig - Renamed patch 1011 to 0138, as it was merged upstream
- Resolves: #1204205 [RFE] ID Views: Automated migration tool from Winsync to Trusts - winsync-migrate: Convert entity names to posix friendly strings - winsync-migrate: Properly handle collisions in the names of external groups - Resolves: #1261074 Adjust Firefox configuration to new extension signing policy - webui: use manual Firefox configuration for Firefox >= 40 - Resolves: #1263337 IPA Restore failed with installed KRA - ipa-backup: Add mechanism to store empty directory structure - Resolves: #1264793 CVE-2015-5284 ipa: ipa-kra-install includes certificate and private key in world readable file [rhel-7.2] - install: fix KRA agent PEM file permissions - Resolves: #1265086 Mark IdM API Browser as experimental - WebUI: add API browser is experimental warning - Resolves: #1265277 Fix kdcproxy user creation - install: create kdcproxy user during server install - platform: add option to create home directory when adding user - install: fix kdcproxy user home directory - Resolves: #1265559 GSS failure after ipa-restore - destroy httpd ccache after stopping the service
- Resolves: #1258965 ipa vault: set owner of vault container - baseldap: make subtree deletion optional in LDAPDelete - vault: add vault container commands - vault: set owner to current user on container creation - vault: update access control - vault: add permissions and administrator privilege - install: support KRA update - Resolves: #1261586 ipa config-mod addattr fails for ipauserobjectclasses - config: allow user/host attributes with tagging options - Resolves: #1262315 Unable to establish winsync replication - winsync: Add inetUser objectclass to the passsync sysaccount
- Resolves: #1260663 crash of ipa-dnskeysync-replica component during ipa-restore - IPA Restore: allows to specify files that should be removed - Resolves: #1261806 Installing ipa-server package breaks httpd - Handle timeout error in ipa-httpd-kdcproxy - Resolves: #1262322 Failed to backup CS.cfg message in upgrade. - Server Upgrade: backup CS.cfg when dogtag is turned off
- Resolves: #1257074 The KRA agent cert is stored in a PEM file that is not
tracked
- cert renewal: Include KRA users in Dogtag LDAP update
- cert renewal: Automatically update KRA agent PEM file
- Resolves: #1257163 renaming certificatte profile with --rename option leads
to integrity issues
- certprofile: remove 'rename' option
- Resolves: #1257968 kinit stop working after ipa-restore
- Backup: back up the hosts file
- Resolves: #1258926 Remove 'DNSSEC is experimental' warnings
- DNSSEC: remove "DNSSEC is experimental" warnings
- Resolves: #1258929 Uninstallation of IPA leaves extra entry in /etc/hosts
- Installer: do not modify /etc/hosts before user agreement
- Resolves: #1258944 DNSSEC daemons may deadlock when processing more than 1
zone
- DNSSEC: backup and restore opendnssec zone list file
- DNSSEC: remove ccache and keytab of ipa-ods-exporter
- DNSSEC: prevent ipa-ods-exporter from looping after service auto-restart
- DNSSEC: Fix deadlock in ipa-ods-exporter <-> ods-enforcerd interaction
- DNSSEC: Fix HSM synchronization in ipa-dnskeysyncd when running on DNSSEC
key master
- DNSSEC: Fix key metadata export
- DNSSEC: Wrap master key using RSA OAEP instead of old PKCS v1.5.
- Resolves: #1258964 revert to use ldapi to add kra agent in KRA install
- Using LDAPI to setup CA and KRA agents.
- Resolves: #1259848 server closes connection and refuses commands after
deleting user that is still logged in
- ldap: Make ldap2 connection management thread-safe again
- Resolves: #1259996 AttributeError: 'NameSpace' object has no attribute
'ra_certprofile' while ipa-ca-install
- load RA backend plugins during standalone CA install on CA-less IPA master
- Resolves: #1254689 Storing big file as a secret in vault raises traceback - vault: Limit size of data stored in vault - Resolves: #1255880 ipactl status should distinguish between different pki-tomcat services - ipactl: Do not start/stop/restart single service multiple times
- Resolves: #1256840 [webui] majority of required fields is no longer marked as required - fix missing information in object metadata - Resolves: #1256842 [webui] no option to choose trust type when creating a trust - webui: add option to establish bidirectional trust - Resolves: #1256853 Clear text passwords in KRA install log - Removed clear text passwords from KRA install log. - Resolves: #1257072 The "Standard Vault" MUST not be the default and must be discouraged - vault: change default vault type to symmetric - Resolves: #1257163 renaming certificatte profile with --rename option leads to integrity issues - certprofile: prevent rename (modrdn)