Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ipa-server-trust-ad-4.11.0-9.el9 RPM for aarch64

From CentOS Stream 9 AppStream for aarch64

Name: ipa-server-trust-ad Distribution: CentOS
Version: 4.11.0 Vendor: CentOS
Release: 9.el9 Build date: Thu Mar 7 18:55:45 2024
Group: Unspecified Build host: aarch64-03.stream.rdu2.redhat.com
Size: 407729 Source RPM: ipa-4.11.0-9.el9.src.rpm
Packager: builder@centos.org
Url: http://www.freeipa.org/
Summary: Virtual package to install packages required for Active Directory trusts
 
Cross-realm trusts with Active Directory in IPA require working Samba 4
installation. This package is provided for convenience to install all required
dependencies at once.

Provides

Requires

License

GPL-3.0-or-later

Changelog

* Thu Mar 07 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-9
  - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode
  - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure
* Tue Feb 20 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-8
  - Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available
* Fri Feb 16 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-7
  - Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available
  - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests
* Fri Feb 09 2024 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-6
  - Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified
  - Resolves: RHEL-23625 sidgen plugin does not ignore staged users
  - Resolves: RHEL-23621 session cookie can't be read
  - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/test_dns_locations.py::TestDNSLocations::()::test_ipa_ca_records
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-17996 Memory leak in IdM's KDC
* Thu Jan 18 2024 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-5
  - Resolves: RHEL-12589 ipa: Invalid CSRF protection
  - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit
  - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca'
  - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-21810 ipa-client-install --automount-location does not work
  - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0
  - Resolves: RHEL-21812 Backport latest test fixes in ipa
  - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa
  - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing
  - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor
* Fri Dec 01 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-4
  - Resolves: RHEL-16985 Handle samba 4.19 changes in samba.security.dom_sid()
* Mon Nov 20 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-3
  - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'
* Mon Nov 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-2
  - Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests
  - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue
  - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string
  - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4
* Fri Oct 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.11.0-1
  - Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4
* Thu Aug 17 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-4
  - Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied
  - Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests
* Thu Aug 10 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-3
  - Resolves: rhbz#2229712 Delete operation protection for admin user
  - Resolves: rhbz#2227831 Interrupt request processing in ipadb_fill_info3() if connection to 389ds is lost
  - Resolves: rhbz#2227784 libipa_otp_lasttoken plugin memory leak
  - Resolves: rhbz#2224570 Improved error messages are needed when attempting to add a non-existing idp to a user
  - Resolves: rhbz#2230251 Backport latest test fixes to python3-ipatests
* Thu Jun 29 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-2
  - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features
  - Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA)
  - Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start
  - Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin
  - Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests
  - Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only
* Tue Jun 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.2-1
  - Resolves: rhbz#2196426 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.3
  - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features
  - Resolves: rhbz#2192625 Better catch of the IPA web UI event "IPA Error 4301:CertificateOperationError", and IPA httpd error CertificateOperationError
  - Resolves: rhbz#2188567 IPA client Kerberos configuration incompatible with java
  - Resolves: rhbz#2182683 Tolerate absence of PAC ticket signature depending of domain and servers capabilities [rhel-9]
  - Resolves: rhbz#2180914 Sequence processing failures for group_add using server context
  - Resolves: rhbz#2165880 Add RBCD support to IPA
  - Resolves: rhbz#2160399 get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct
* Wed Feb 22 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-6
  - Resolves: rhbz#2169632 Backport latest test fixes in python3-ipatests
* Mon Feb 13 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-5
  - Resolves: rhbz#2162656 Passwordless (GSSAPI) SSH not working for subdomain
  - Resolves: rhbz#2166326 Removing the last DNS type for ipa-ca does not work
  - Resolves: rhbz#2167473 RFE - Add a warning note about possible performance impact of the Auto Member rebuild task
  - Resolves: rhbz#2168244 requestsearchtimelimit=0 doesn't seems to be work with ipa-acme-manage pruning command
* Mon Feb 06 2023 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-4
  - Resolves: rhbz#2161284 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful
  - Resolves: rhbz#2164403 ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range
  - Resolves: rhbz#2162677 RFE: Implement support for PKI certificate and request pruning
  - Resolves: rhbz#2167312 - Backport latest test fixes in python3-ipatests
* Wed Dec 21 2022 Alexander Bokovoy <abokovoy@redhat.com> - 4.10.1-3
  - Rebuild against krb5 1.20.1 ABI
  - Resolves: rhbz#2155425
* Fri Dec 09 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-2
  - Resolves: rhbz#2148887 MemberManager with groups fails
  - Resolves: rhbz#2150335 idm:client is missing dependency on krb5-pkinit
* Fri Nov 25 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.1-1
  - Resolves: rhbz#2141315 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.2
  - Resolves: rhbz#2094673 ipa-client-install should just use system wide CA store and do not specify TLS_CACERT in ldap.conf
  - Resolves: rhbz#2117167 After leapp upgrade on ipa-client ipa-server package installation failed. (`REQ_FULL_WITH_MEMBERS` returns object from wrong domain)
  - Resolves: rhbz#2127833 Password Policy Grace login limit allows invalid maximum value
  - Resolves: rhbz#2143224 [RFE] add certificate support to ipa-client instead of one time password
  - Resolves: rhbz#2144736 vault interoperability with older RHEL systems is broken
  - Resolves: rhbz#2148258 ipa-client-install does not maintain server affinity during installation
  - Resolves: rhbz#2148379 Add warning for empty targetattr when creating ACI with RBAC
  - Resolves: rhbz#2148380 OTP token sync always returns OK even with random numbers
  - Resolves: rhbz#2148381 Deprecated feature idnssoaserial in IdM appears when creating reverse dns zones
  - Resolves: rhbz#2148382 Introduction of URI records for kerberos breaks location functionality
* Tue Oct 25 2022 Rafael Jeffman <rjeffman@redhat.com> - 4.10.0-7
  - Resolves: rhbz#2124547 Attempt to log in as "root" user with admin's password in Web UI does not properly fail
  - Resolves: rhbz#2137555 Attempt to log in as "root" user with admin's password in Web UI does not properly fail [rhel-9.1.0.z]
* Fri Aug 19 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.0-6
  - Resolves: rhbz#2110014 ldap bind occurs when admin user changes password with gracelimit=0
  - Resolves: rhbz#2112901 RFE: Allow grace login limit to be set in IPA WebUI
  - Resolves: rhbz#2115495 group password policy by default does not allow grace logins
  - Resolves: rhbz#2116966 ipa-replica-manage displays traceback: Unexpected error: 'bool' object has no attribute 'lower'
* Thu Jul 28 2022 Francisco Trivino <ftrivino@redhat.com> - 4.10.0-5
  - Resolves: rhbz#2109645
    - Rebuild for samba-4.16.3-101.el9
* Thu Jul 21 2022 Francisco Trivino <ftrivino@redhat.com> - 4.10.0-4
  - Resolves: rhbz#2109645
    - Rebuild for samba-4.16.3-100.el9
* Fri Jul 15 2022 Florence Blanc-Renaud <flo@redhat.com> - 4.10.0-3
  - Resolves: rhbz#2105294 IdM WebUI Pagination Size should not allow empty value
* Thu Jun 30 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.10.0-2
  - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind
* Thu Jun 30 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.10.0-1
  - Resolves: rhbz#747959 [RFE] Support random serial numbers in IPA certificates
  - Resolves: rhbz#2100227 [UX] Preserving a user account produces output saying it was deleted
* Fri Jun 17 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.10-1
  - Resolves: rhbz#2079469 [Rebase] Rebase ipa to latest 4.9.x release
  - Resolves: rhbz#2012911 named journalctl logs shows 'zone testrealm.test/IN: serial (serialnumber) write back to LDAP failed.'
  - Resolves: rhbz#2069202 [RFE] add support for authenticating against external IdP services using OAUTH2 preauthenticaiton mechanism provided by SSSD
  - Resolves: rhbz#2083218 ipa-dnskeysyncd floods /var/log/messages with DEBUG messages
  - Resolves: rhbz#2089750 RFE: Improve error message with more detail for ipa-replica-install command
  - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind
  - Resolves: rhbz#2094400 [RFE] ipa-client-install should provide option to enable subid: sss in /etc/nsswitch.conf
  - Resolves: rhbz#2096922 secret in ipa-pki-proxy.conf is not changed if new requiredSecret value is present in /etc/pki/pki-tomcat/server.xml
* Wed Apr 06 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-8
  - Resolves: rhbz#2067971 Consequences of FIPS crypto policy tightening in RHEL 9
    - tests: ensure AD-SUPPORT subpolicy is active in more cases
    - ipatests: fix check for AD topology being present
* Thu Mar 24 2022 Florence Blanc-Renaud <frenaud@redhat.com> - 4.9.8-7
  - Resolves: rhbz#2067971 Consequences of FIPS crypto policy tightening in RHEL 9
    - KRB instance: make provision to work with crypto policy without SHA-1 HMAC types
    - tests: ensure AD-SUPPORT subpolicy is active
    - ipatests: extend AES keyset to SHA2-based ones
    - freeipa.spec: bump crypto-policies dependency for CentOS 9 Stream
    - Kerberos instance: default to AES256-SHA2 for master key encryption
    - test_otp: do not use paramiko unless it is really needed
    - test_krbtpolicy: skip SPAKE-related tests in FIPS mode
    - Support AES for KRA archival wrapping
    - Set AES as default for KRA archival wrapping

Files

/etc/dbus-1/system.d/oddjob-ipa-trust.conf
/etc/oddjobd.conf.d/oddjobd-ipa-trust.conf
/usr/lib/.build-id
/usr/lib/.build-id/34
/usr/lib/.build-id/34/08de78265ff174e31c887e79e85c13f7cec8ff
/usr/lib/.build-id/d2
/usr/lib/.build-id/d2/6424286bf5517d17cc3463ea9b4d76cbca22f7
/usr/lib64/dirsrv/plugins/libipa_cldap.so
/usr/lib64/krb5/plugins/libkrb5/winbind_krb5_locator.so
/usr/lib64/samba/pdb/ipasam.so
/usr/libexec/ipa/oddjob/com.redhat.idm.trust-fetch-domains
/usr/sbin/ipa-adtrust-install
/usr/share/doc/ipa-server-trust-ad
/usr/share/doc/ipa-server-trust-ad/Contributors.txt
/usr/share/doc/ipa-server-trust-ad/README.md
/usr/share/ipa/ipa-cldap-conf.ldif
/usr/share/ipa/smb.conf.empty
/usr/share/licenses/ipa-server-trust-ad
/usr/share/licenses/ipa-server-trust-ad/COPYING
/usr/share/man/man1/ipa-adtrust-install.1.gz

Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Apr 24 05:23:50 2024