Name: | ipa-admintools |
---|---|
Version: | 4.4.0 |
Release: | 14.0.1.el7_3.4 |
Architecture: | noarch |
Group: | System Environment/Base |
Size: | 46355 |
License: | GPLv3+ |
RPM: | ipa-admintools-4.4.0-14.0.1.el7_3.4.noarch.rpm |
Source RPM: | ipa-4.4.0-14.0.1.el7_3.4.src.rpm |
Build Date: | Tue Jan 17 2017 |
Build Host: | x86-ol7-builder-02.us.oracle.com |
Vendor: | Oracle America |
URL: | http://www.freeipa.org/ |
Summary: | IPA administrative tools |
Description: | IPA is an integrated solution to provide centrally managed Identity (users, hosts, services), Authentication (SSO, 2FA), and Authorization (host access control, SELinux user roles, services). The solution provides features for further integration with Linux based clients (SUDO, automount) and integration with Active Directory based infrastructures (Trusts). This package provides command-line tools for IPA administrators. |
- Blank out header-logo.png product-name.png Replace login-screen-logo.png [20362818]
- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy - ipa-kdb: search for password policies globally - Renamed patches 1011 and 1012 to 0151 and 0150, as they were merged upstream
- Resolves: #1404338 Check IdM Topology for broken record caused by replication conflict before upgrading it - Check for conflict entries before raising domain level
- Resolves: #1401953 ipa-ca-install on promoted replica hangs on creating a temporary CA admin - replication: ensure bind DN group check interval is set on replica config - add missing attribute to ipaca replica during CA topology update - Resolves: #1404169 IPA upgrade of replica without DNS fails during restart of named-pkcs11 - bindinstance: use data in named.conf to determine configuration status - Resolves: #1404171 Creation of replica for disconnected environment is failing with CA issuance errors; Need good steps. - gracefully handle setting replica bind dn group on old masters
- Resolves: #1370493 CVE-2016-7030 ipa: DoS attack against kerberized services by abusing password policy - password policy: Add explicit default password policy for hosts and services - Resolves: #1395311 CVE-2016-9575 ipa: Insufficient permission check in certprofile-mod - certprofile-mod: correctly authorise config update
- Resolves: #1378353 Replica install fails with old IPA master sometimes during replication process - spec file: bump minimal required version of 389-ds-base - Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1 - Fix missing file that fails DL1 replica installation - Resolves: #1387782 WebUI: Services are not displayed correctly after upgrade - WebUI: services without canonical name are shown correctly - Resolves: #1389709 Traceback seen in error_log when trustdomain-del is run - trustdomain-del: fix the way how subdomain is searched
- Resolves: #1318616 CA fails to start after doing ipa-ca-install --external-ca - Keep NSS trust flags of existing certificates - Resolves: #1360813 ipa-server-certinstall does not update all certificate stores and doesn't set proper trust permissions - Add cert checks in ipa-server-certinstall - Resolves: #1371479 cert-find --all does not show information about revocation - cert: add revocation reason back to cert-find output - Resolves: #1375133 WinSync users who have First.Last casing creates users who can have their password set - ipa passwd: use correct normalizer for user principals - Resolves: #1377858 Users with 2FA tokens are not able to login to IPA servers - Properly handle LDAP socket closures in ipa-otpd - Resolves: #1387779 Make httpd publish CA certificate on Domain Level 1 - Make httpd publish its CA certificate on DL1
- Resolves: #1373910 IPA server upgrade fails with DNS timed out errors. - Resolves: #1375269 ipa trust-fetch-domains throws internal error
- Resolves: #1373359 ipa-certupdate fails with "CA is not configured" - Fix regression introduced in ipa-certupdate
- Resolves: #1355753 adding two way non transitive(external) trust displays internal error on the console - Always fetch forest info from root DCs when establishing two-way trust - factor out `populate_remote_domain` method into module-level function - Always fetch forest info from root DCs when establishing one-way trust - Resolves: #1356101 Lightweight sub-CA certs are not tracked by certmonger after `ipa-replica-install` - Track lightweight CAs on replica installation - Resolves: #1357488 ipa command stuck forever on higher versioned client with lower versioned server - compat: Save server's API version in for pre-schema servers - compat: Fix ping command call - schema cache: Store and check info for pre-schema servers - Resolves: #1363905 man page for ipa-replica-manage has a typo in -c flag - Fix man page ipa-replica-manage: remove duplicate -c option from --no-lookup - Resolves: #1367865 webui: cert_revoke should use --cacn to set correct CA when revoking certificate - cert: include CA name in cert command output - WebUI add support for sub-CAs while revoking certificates - Resolves: #1368424 Unable to view certificates issued by Sub CA in Web UI - Add support for additional options taken from table facet - WebUI: Fix showing certificates issued by sub-CA - Resolves: #1368557 dnsrecord-add does not prompt for missing record parts internactively - dns: normalize record type read interactively in dnsrecord_add - dns: prompt for missing record parts in CLI - dns: fix crash in interactive mode against old servers - Resolves: #1370519 Certificate revocation in service-del and host-del isn't aware of Sub CAs - cert: fix cert-find --certificate when the cert is not in LDAP - Make host/service cert revocation aware of lightweight CAs - Resolves: #1371901 Use OAEP padding with custodia - Use RSA-OAEP instead of RSA PKCS#1 v1.5 - Resolves: #1371915 When establishing external two-way trust, forest root Administrator account is used to fetch domain info - do not use trusted forest name to construct domain admin principal - Resolves: #1372597 Incorrect CA ACL evaluation of SAN DNS names in certificate request - Fix CA ACL Check on SubjectAltNames - Resolves: #1373272 CLI always sends default command version - cli: use full name when executing a command - Resolves: #1373359 ipa-certupdate fails with "CA is not configured" - Fix ipa-certupdate for CA-less installation - Resolves: #1373540 client-install with IPv6 address fails on link-local address (always) - Fix parse errors with link-local addresses