The project's history is kept in Git. We used the spec changelog
for changes to the spec itself, which doesn't make much sense.
Downstreams like Fedora use their own changelog anyway.
A single entry is left for tools that expect a changelog.
Since mod_nss-1.0.8-24, mod_nss and mod_ssl can co-exist on one
machine (of course, when listening to different ports).
To make sure that mod_ssl is not configured to listen on 443
(default mod_ssl configuration), add a check to the installer checking
of either mod_nss or mod_ssl was configured to listen on that port.
https://fedorahosted.org/freeipa/ticket/3974
Nose doesn't pick up directories that don't begin with 'test'.
Rename ipatests/test_ipaserver/install to test_install so that it's run.
Also, merge test_ipautil.py from ipapython/test into tests/test_ipapython,
so the whole test suite is in one place.
The integration testing framework used Paramiko SFTP files as
context managers. This feature is only available in Paramiko 1.10+.
Use an explicit context manager so that we don't rely on the feature.
This patch fixes:
- too long description for server-trust-ad subpackage
- adds (noreplace) flag %{_sysconfdir}/tmpfiles.d/ipa.conf to avoid
overwriting potential user changes
- changes permissions on default_encoding_utf8.so to prevent it
pollute python subpackage Provides.
- wrong address in GPL v2 license preamble in 2 distributed files
https://fedorahosted.org/freeipa/ticket/3855
Drops the code from ipa-server-install, ipa-dns-install and the
BindInstance itself. Also changed ipa-upgradeconfig script so
that it does not set zone_refresh to 0 on upgrades, as the option
is deprecated.
https://fedorahosted.org/freeipa/ticket/3632
Old versions of SSSD do not directly support cross-realm trusts between IPA
and AD. This patch introduces plugins for the ipa-advise tool, which should
help with configuring an old version of SSSD (1.5-1.8) to gain access to
resources in trusted domain.
Since the configuration steps differ depending on whether the platform includes
the authconfig tool, two plugins are needed:
* config-redhat-sssd-before-1-9 - provides configuration for Red Hat based
systems, as these system include the autconfig utility
* config-generic-sssd-before-1-9 - provides configuration for other platforms
https://fedorahosted.org/freeipa/ticket/3671https://fedorahosted.org/freeipa/ticket/3672
In external CA installation, ipa-server-install leaked NSS objects
which caused an installation crash later when a subsequent call of
NSSConnection tried to free them.
Properly freeing the NSS objects avoid this crash.
https://fedorahosted.org/freeipa/ticket/3773
There was already a dependency in server package, however,
the correct place for such dependency is in freeipa-python,
since the relevant code using keyutils resides there.
Both freeipa-server and freeipa-client require freeipa-python.
https://fedorahosted.org/freeipa/ticket/3808
Features of the new policy:
- labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is
writeable by PKI and readable by HTTPD
- contains Conflicts with old freeipa-server-selinux package to avoid
SELinux upgrade issues
https://fedorahosted.org/freeipa/ticket/3788
Provides a pluggable framework for generating configuration
scriptlets and instructions for various machine setups and use
cases.
Creates a new ipa-advise command, available to root user
on the IPA server.
Also provides an example configuration plugin,
config-fedora-authconfig.
https://fedorahosted.org/freeipa/ticket/3670
Spec file modified so that /var/lib/ipa/pki-ca/publish/ is no
longer owned by created with package installation. The directory
is rather created/removed with the CA instance itself.
This ensures proper creation/removeal, group ownership
and SELinux context.
https://fedorahosted.org/freeipa/ticket/3727
Add methods to run commands and copy files to Host objects.
Adds a base class for integration tests which can currently install
and uninstall IPA in a "star" topology with per-test specified number
of hosts.
A simple test for user replication between two masters is provided.
Log files from the remote hosts can be marked for collection, but the
actual collection is left to a Nose plugin.
Part of the work for: https://fedorahosted.org/freeipa/ticket/3621
Integration tests are configured via environment variables.
Add a framework for parsing these variables and storing them
in easy-to-use objects.
Add an `ipa-test-config` executable that loads the configuration
and prints out variables needed in shell scripts.
Part of the work for https://fedorahosted.org/freeipa/ticket/3621
Running server upgrade or restart in %post or %postun may cause issues when
there are still parts of old FreeIPA software (like entitlements plugin).
https://fedorahosted.org/freeipa/ticket/3739
Replica information file contains the file `cacert.p12` which is protected by
the Directory Manager password of the initial IPA server installation. The DM
password of the initial installation is also used for the PKI admin user
password.
If the DM password is changed after the IPA server installation, the replication
fails.
To prevent this failure, add the following steps to ipa-replica-prepare:
1. Regenerate the `cacert.p12` file and protect it with the current DM password
2. Update the password of the PKI admin user with the current DM password
https://fedorahosted.org/freeipa/ticket/3594
This daemon listens for RADIUS packets on a well known
UNIX domain socket. When a packet is received, it queries
LDAP to see if the user is configured for RADIUS authentication.
If so, then the packet is forwarded to the 3rd party RADIUS server.
Otherwise, a bind is attempted against the LDAP server.
https://fedorahosted.org/freeipa/ticket/3366http://freeipa.org/page/V3/OTP