Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ipa-server-common-4.11.0-9.el9 RPM for noarch

From CentOS Stream 9 AppStream for s390x

Name: ipa-server-common Distribution: CentOS
Version: 4.11.0 Vendor: CentOS
Release: 9.el9 Build date: Thu Mar 7 18:55:45 2024
Group: Unspecified Build host:
Size: 2501885 Source RPM: ipa-4.11.0-9.el9.src.rpm
Summary: Common files used by IPA server
IPA is an integrated solution to provide centrally managed Identity (users,
hosts, services), Authentication (SSO, 2FA), and Authorization
(host access control, SELinux user roles, services). The solution provides
features for further integration with Linux based clients (SUDO, automount)
and integration with Active Directory based infrastructures (Trusts).
If you are installing an IPA server, you need to install this package.






* Thu Mar 07 2024 Florence Blanc-Renaud <> - 4.11.0-9
  - Resolves: RHEL-28258 vault fails on non-fips client if server is in FIPS mode
  - Resolves: RHEL-26154 ipa: freeipa: specially crafted HTTP requests potentially lead to DoS or data exposure
* Tue Feb 20 2024 Florence Blanc-Renaud <> - 4.11.0-8
  - Resolves: RHEL-12143 'ipa vault-add is failing with ipa: ERROR: an internal error has occurred in FIPS mode
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available
* Fri Feb 16 2024 Florence Blanc-Renaud <> - 4.11.0-7
  - Resolves: RHEL-25260 tier-1-upstream-dns-locations failed on RHEL8.8 gating
  - Resolves: RHEL-25738 ipa-kdb: Cannot determine if PAC generator is available
  - Resolves: RHEL-25815 Backport latest test fixes in python3-ipatests
* Fri Feb 09 2024 2024 Florence Blanc-Renaud <> - 4.11.0-6
  - Resolves: RHEL-23627 IPA stops working if HTTP/... service principal was created before FreeIPA 4.4.0 and never modified
  - Resolves: RHEL-23625 sidgen plugin does not ignore staged users
  - Resolves: RHEL-23621 session cookie can't be read
  - Resolves: RHEL-22372 Gating-DL1 test failure in test_integration/
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-17996 Memory leak in IdM's KDC
* Thu Jan 18 2024 Florence Blanc-Renaud <> - 4.11.0-5
  - Resolves: RHEL-12589 ipa: Invalid CSRF protection
  - Resolves: RHEL-19748 ipa hbac-test did not report that it hit an arbitrary search limit
  - Resolves: RHEL-21059 'DogtagCertsConfigCheck' fails, displaying the error message 'Malformed directive: ca.signing.certnickname=caSigningCert cert-pki-ca'
  - Resolves: RHEL-21804 ipa client 4.10.2 - Failed to obtain host TGT
  - Resolves: RHEL-21809 CA less servers are failing to be added in topology segment for domain suffix
  - Resolves: RHEL-21810 ipa-client-install --automount-location does not work
  - Resolves: RHEL-21811 Handle change in behavior of pki-server ca-config-show in pki 11.5.0
  - Resolves: RHEL-21812 Backport latest test fixes in ipa
  - Resolves: RHEL-21813 krb5kdc fails to start when pkinit and otp auth type is enabled in ipa
  - Resolves: RHEL-21815 IPA 389ds plugins need to have better logging and tracing
  - Resolves: RHEL-21937 Make sure a default NetBIOS name is set if not passed in by ADTrust instance constructor
* Fri Dec 01 2023 Florence Blanc-Renaud <> - 4.11.0-4
  - Resolves: RHEL-16985 Handle samba 4.19 changes in
* Mon Nov 20 2023 Florence Blanc-Renaud <> - 4.11.0-3
  - Resolves: RHEL-14428 healthcheck reports nsslapd-accesslog-logbuffering is set to 'off'
* Mon Nov 06 2023 Florence Blanc-Renaud <> - 4.11.0-2
  - Resolves: RHEL-14292 Backport latest test fixes in python3-ipatests
  - Resolves: RHEL-15443 Server install: failure to install with externally signed CA because of timezone issue
  - Resolves: RHEL-15444 Minimum length parameter in pwpolicy cannot be removed with empty string
  - Resolves: RHEL-14842 Upstream xmlrpc tests are failing in RHEL9.4
* Fri Oct 06 2023 Florence Blanc-Renaud <> - 4.11.0-1
  - Resolves: RHEL-11652 Rebase ipa to latest 4.11.x version for RHEL 9.4
* Thu Aug 17 2023 Florence Blanc-Renaud <> - 4.10.2-4
  - Resolves: rhbz#2231847 RHEL 8.8 & 9.2 fails to create AD trust with STIG applied
  - Resolves: rhbz#2232056 Include latest test fixes in python3-ipatests
* Thu Aug 10 2023 Florence Blanc-Renaud <> - 4.10.2-3
  - Resolves: rhbz#2229712 Delete operation protection for admin user
  - Resolves: rhbz#2227831 Interrupt request processing in ipadb_fill_info3() if connection to 389ds is lost
  - Resolves: rhbz#2227784 libipa_otp_lasttoken plugin memory leak
  - Resolves: rhbz#2224570 Improved error messages are needed when attempting to add a non-existing idp to a user
  - Resolves: rhbz#2230251 Backport latest test fixes to python3-ipatests
* Thu Jun 29 2023 Florence Blanc-Renaud <> - 4.10.2-2
  - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features
  - Resolves: rhbz#2214933 Uninstalling of the IPA server is encountering a failure during the unconfiguration of the CA (Unconfiguring CA)
  - Resolves: rhbz#2216114 After updating the RHEL from 8.7 to 8.8, IPA services fails to start
  - Resolves: rhbz#2216549 Upgrade to 4.9.10-6.0.1 fails: attributes are managed by topology plugin
  - Resolves: rhbz#2216611 Backport latest test fixes in python3-ipatests
  - Resolves: rhbz#2216872 User authentication failing on OTP validation using multiple tokens, succeeds with password only
* Tue Jun 06 2023 Florence Blanc-Renaud <> - 4.10.2-1
  - Resolves: rhbz#2196426 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.3
  - Resolves: rhbz#2192969 Better handling of the command line and web UI cert search and/or list features
  - Resolves: rhbz#2192625 Better catch of the IPA web UI event "IPA Error 4301:CertificateOperationError", and IPA httpd error CertificateOperationError
  - Resolves: rhbz#2188567 IPA client Kerberos configuration incompatible with java
  - Resolves: rhbz#2182683 Tolerate absence of PAC ticket signature depending of domain and servers capabilities [rhel-9]
  - Resolves: rhbz#2180914 Sequence processing failures for group_add using server context
  - Resolves: rhbz#2165880 Add RBCD support to IPA
  - Resolves: rhbz#2160399 get_ranges - [file ipa_sidgen_common.c, line 276]: Failed to convert LDAP entry to range struct
* Wed Feb 22 2023 Florence Blanc-Renaud <> - 4.10.1-6
  - Resolves: rhbz#2169632 Backport latest test fixes in python3-ipatests
* Mon Feb 13 2023 Florence Blanc-Renaud <> - 4.10.1-5
  - Resolves: rhbz#2162656 Passwordless (GSSAPI) SSH not working for subdomain
  - Resolves: rhbz#2166326 Removing the last DNS type for ipa-ca does not work
  - Resolves: rhbz#2167473 RFE - Add a warning note about possible performance impact of the Auto Member rebuild task
  - Resolves: rhbz#2168244 requestsearchtimelimit=0 doesn't seems to be work with ipa-acme-manage pruning command
* Mon Feb 06 2023 Florence Blanc-Renaud <> - 4.10.1-4
  - Resolves: rhbz#2161284 'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to 'ipa-client-install' command was successful
  - Resolves: rhbz#2164403 ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating an ID range
  - Resolves: rhbz#2162677 RFE: Implement support for PKI certificate and request pruning
  - Resolves: rhbz#2167312 - Backport latest test fixes in python3-ipatests
* Wed Dec 21 2022 Alexander Bokovoy <> - 4.10.1-3
  - Rebuild against krb5 1.20.1 ABI
  - Resolves: rhbz#2155425
* Fri Dec 09 2022 Florence Blanc-Renaud <> - 4.10.1-2
  - Resolves: rhbz#2148887 MemberManager with groups fails
  - Resolves: rhbz#2150335 idm:client is missing dependency on krb5-pkinit
* Fri Nov 25 2022 Florence Blanc-Renaud <> - 4.10.1-1
  - Resolves: rhbz#2141315 [Rebase] Rebase ipa to latest 4.10.x release for RHEL 9.2
  - Resolves: rhbz#2094673 ipa-client-install should just use system wide CA store and do not specify TLS_CACERT in ldap.conf
  - Resolves: rhbz#2117167 After leapp upgrade on ipa-client ipa-server package installation failed. (`REQ_FULL_WITH_MEMBERS` returns object from wrong domain)
  - Resolves: rhbz#2127833 Password Policy Grace login limit allows invalid maximum value
  - Resolves: rhbz#2143224 [RFE] add certificate support to ipa-client instead of one time password
  - Resolves: rhbz#2144736 vault interoperability with older RHEL systems is broken
  - Resolves: rhbz#2148258 ipa-client-install does not maintain server affinity during installation
  - Resolves: rhbz#2148379 Add warning for empty targetattr when creating ACI with RBAC
  - Resolves: rhbz#2148380 OTP token sync always returns OK even with random numbers
  - Resolves: rhbz#2148381 Deprecated feature idnssoaserial in IdM appears when creating reverse dns zones
  - Resolves: rhbz#2148382 Introduction of URI records for kerberos breaks location functionality
* Tue Oct 25 2022 Rafael Jeffman <> - 4.10.0-7
  - Resolves: rhbz#2124547 Attempt to log in as "root" user with admin's password in Web UI does not properly fail
  - Resolves: rhbz#2137555 Attempt to log in as "root" user with admin's password in Web UI does not properly fail [rhel-9.1.0.z]
* Fri Aug 19 2022 Florence Blanc-Renaud <> - 4.10.0-6
  - Resolves: rhbz#2110014 ldap bind occurs when admin user changes password with gracelimit=0
  - Resolves: rhbz#2112901 RFE: Allow grace login limit to be set in IPA WebUI
  - Resolves: rhbz#2115495 group password policy by default does not allow grace logins
  - Resolves: rhbz#2116966 ipa-replica-manage displays traceback: Unexpected error: 'bool' object has no attribute 'lower'
* Thu Jul 28 2022 Francisco Trivino <> - 4.10.0-5
  - Resolves: rhbz#2109645
    - Rebuild for samba-4.16.3-101.el9
* Thu Jul 21 2022 Francisco Trivino <> - 4.10.0-4
  - Resolves: rhbz#2109645
    - Rebuild for samba-4.16.3-100.el9
* Fri Jul 15 2022 Florence Blanc-Renaud <> - 4.10.0-3
  - Resolves: rhbz#2105294 IdM WebUI Pagination Size should not allow empty value
* Thu Jun 30 2022 Florence Blanc-Renaud <> - 4.10.0-2
  - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind
* Thu Jun 30 2022 Florence Blanc-Renaud <> - 4.10.0-1
  - Resolves: rhbz#747959 [RFE] Support random serial numbers in IPA certificates
  - Resolves: rhbz#2100227 [UX] Preserving a user account produces output saying it was deleted
* Fri Jun 17 2022 Florence Blanc-Renaud <> - 4.9.10-1
  - Resolves: rhbz#2079469 [Rebase] Rebase ipa to latest 4.9.x release
  - Resolves: rhbz#2012911 named journalctl logs shows 'zone testrealm.test/IN: serial (serialnumber) write back to LDAP failed.'
  - Resolves: rhbz#2069202 [RFE] add support for authenticating against external IdP services using OAUTH2 preauthenticaiton mechanism provided by SSSD
  - Resolves: rhbz#2083218 ipa-dnskeysyncd floods /var/log/messages with DEBUG messages
  - Resolves: rhbz#2089750 RFE: Improve error message with more detail for ipa-replica-install command
  - Resolves: rhbz#2091988 [RFE] Add code to check password expiration on ldap bind
  - Resolves: rhbz#2094400 [RFE] ipa-client-install should provide option to enable subid: sss in /etc/nsswitch.conf
  - Resolves: rhbz#2096922 secret in ipa-pki-proxy.conf is not changed if new requiredSecret value is present in /etc/pki/pki-tomcat/server.xml
* Wed Apr 06 2022 Florence Blanc-Renaud <> - 4.9.8-8
  - Resolves: rhbz#2067971 Consequences of FIPS crypto policy tightening in RHEL 9
    - tests: ensure AD-SUPPORT subpolicy is active in more cases
    - ipatests: fix check for AD topology being present
* Thu Mar 24 2022 Florence Blanc-Renaud <> - 4.9.8-7
  - Resolves: rhbz#2067971 Consequences of FIPS crypto policy tightening in RHEL 9
    - KRB instance: make provision to work with crypto policy without SHA-1 HMAC types
    - tests: ensure AD-SUPPORT subpolicy is active
    - ipatests: extend AES keyset to SHA2-based ones
    - freeipa.spec: bump crypto-policies dependency for CentOS 9 Stream
    - Kerberos instance: default to AES256-SHA2 for master key encryption
    - test_otp: do not use paramiko unless it is really needed
    - test_krbtpolicy: skip SPAKE-related tests in FIPS mode
    - Support AES for KRA archival wrapping
    - Set AES as default for KRA archival wrapping



Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Jul 16 03:09:02 2024