[Freeipa-devel] [Freeipa-users] Announcing FreeIPA v3.0.2 Release
Rob Crittenden
rcritten at redhat.com
Wed Dec 12 14:50:48 UTC 2012
Bret Wortman wrote:
> Is this (like 3.1.0) also intended for f18? The sss_idmap package
> doesn't seem to be available for f17.
No, F-18 will have 3.1.
3.0 GA won't be backported to F-17. We did a couple of pre-releases of
3.0 in F-17 because F-18 wasn't easily usable for quite a long time (in
our humble opinion).
rob
> On Tue, Dec 11, 2012 at 4:44 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
> The FreeIPA team is proud to announce version FreeIPA v3.0.2.
>
> It can be downloaded from http://www.freeipa.org/page/__Downloads
> <http://www.freeipa.org/page/Downloads>.
>
> == Highlights in 3.0.2 ==
>
> * WebUI: Change of default value of type of new group back to POSIX.
> * Lookup the user SID in external group as well.
> * Include sssd-managed domain/realm mapping file managed in krb5.conf.
> * Fix potential security error in cookie handling in ipa client
> tool, CVE-2012-5631.
>
> == Upgrading ==
>
> An IPA server can be upgraded simply by installing updated rpms. The
> server does not need to be shut down in advance.
>
> Please note, that the referential integrity extension requires an
> extended set of indexes to be configured. RPM update for an IPA
> server with a excessive number of hosts, SUDO or HBAC entries may
> require several minutes to finish.
>
> If you have multiple servers you may upgrade them one at a time. It
> is expected that all servers will be upgraded in a relatively short
> period (days or weeks not months). They should be able to co-exist
> peacefully but new features will not be available on old servers and
> enrolling a new client against an old server will result in the SSH
> keys not being uploaded.
>
> Downgrading a server once upgraded is not supported.
>
> Upgrading from 2.2.0 is supported. Upgrading from previous versions
> is not supported and has not been tested.
>
> An enrolled client does not need the new packages installed unless
> you want to re-enroll it. SSH keys for already installed clients are
> not uploaded, you will have to re-enroll the client or manually
> upload the keys.
>
> == Feedback ==
>
> Please provide comments, bugs and other feedback via the
> freeipa-devel mailing list:
> http://www.redhat.com/mailman/__listinfo/freeipa-devel
> <http://www.redhat.com/mailman/listinfo/freeipa-devel>
>
> == Detailed Changelog since 3.0.1 ==
>
> Alexander Bokovoy (3):
> * ipasam: better Kerberos error handling in ipasam
> * trusts: replace use of python-crypto by m2crypto
> * Propagate kinit errors with trust account
>
> Jakub Hrozek (4):
> * Make enabling the autofs service more robust
> * ipachangeconf: allow specifying non-default delimeter for options
> * Specify includedir in krb5.conf on new installs
> * Add the includedir to krb5.conf on upgrades
>
> John Dennis (1):
> * Compliant client side session cookie behavior
>
> Lubomir Rintel (1):
> * Drop unused readline import
>
> Martin Kosek (5):
> * Prepare spec file for Fedora 18
> * Filter suffix in replication management tools
> * Change network configuration file
> * Improve ipa-replica-prepare error message
> * Fix sshd feature check
>
> Petr Viktorin (2):
> * Provide explicit user name for Dogtag installation scripts
> * Add Lubomir Rintel to Contributors.txt
>
> Petr Vobornik (4):
> * WebUI: Change of default value of type of new group back to POSIX
> * Editable sshkey, mac address field after upgrade
> * Better licensing information of 3rd party code
> * Better error message for login of users from other realms
>
> Rob Crittenden (5):
> * Honor the kdb options disabling KDC writes in ipa_lockout plugin
> * Only update the list of running services in the installer or ipactl.
> * Set min for selinux-policy to 3.11.1-60
> * Reorder XML-RPC initialization in ipa-join to avoid segfault.
> * Become IPA 3.0.2
>
> Simo Sorce (1):
> * MS-PAC: Special case NFS services
>
> Sumit Bose (3):
> * Lookup the user SID in external group as well
> * Restart sssd after authconfig update
> * Do not recommend how to configure DNS in error message
>
> Tomas Babej (1):
> * Add detection for users from trusted/invalid realms
>
> _________________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
> https://www.redhat.com/__mailman/listinfo/freeipa-users
> <https://www.redhat.com/mailman/listinfo/freeipa-users>
>
>
>
>
> --
> Bret Wortman
> The Damascus Group
> Fairfax, VA
> http://bretwortman.com/
> http://twitter.com/BretWortman
>
More information about the Freeipa-devel
mailing list