- Move ipa-otpd socket directory to /var/run/krb5kdc
- Require krb5-server 1.11.5-3 supporting the new directory
- ipa_lockout plugin did not work with users's without krbPwdPolicyReference
- Update to upstream 3.3.4
- Install CA anchor into standard location (#928478)
- ipa-client-install part of ipa-server-install fails on reinstall (#1044994)
- Remove mod_ssl workaround (RHEL bug #1029046)
- Enable syncrepl plugin to support bind-dyndb-ldap 4.0
- Drop freeipa-server-selinux subpackage
- Drop redundant directory /var/cache/ipa/sessions
- Do not create /var/lib/ipa/pki-ca/publish, retain reference as ghost
- Run ipa-upgradeconfig and server restart in posttrans to avoid inconsistency
issues when there are still old parts of software (like entitlements plugin)
- ipa-client-install fails if /etc/ipa does not exist (#961483)
- Certificate status is not visible in Service and Host page (#956718)
- ipa-client-install removes needed options from ldap.conf (#953991)
- Handle socket.gethostbyaddr() exceptions when verifying hostnames
(#953957)
- Add triggerin scriptlet to support OpenSSH 6.2 (#953617)
- Require nss 3.14.3-12.0 to address certutil certificate import
errors (#953485)
- Require pki-ca 10.0.2-3 to pull in fix for sslget and mixed IPv4/6
environments. (#953464)
- ipa-client-install removes 'sss' from /etc/nsswitch.conf (#953453)
- ipa-server-install --uninstall doesn't stop dirsrv instances
(#953432)
- Add requires for openldap-2.4.35-4 to pickup fixed SASL_NOCANON
behavior for socket based connections (#960222)
- Require libsss_nss_idmap-python
- Add Conflicts on nss-pam-ldapd < 0.8.4. The mapping from uniqueMember
to member is now done automatically and having it in the config file
raises an error.
- Add backup and restore tools, directory.
- require at least systemd 38 which provides the journal (we no longer
need to require syslog.target)
- Update Requires on policycoreutils to 2.1.14-37
- Update Requires on selinux-policy to 3.12.1-42
- Update Requires on 389-ds-base to 1.3.1.0
- Remove redundat Requires versions that are already in Fedora 17
- Replace python-crypto Requires with m2crypto
- Add missing Requires(post) for client and server-trust-ad subpackages
- Restart httpd service when server-trust-ad subpackage is installed
- Bump selinux-policy Requires to pick up PKI/LDAP port labeling fixes
- Set minimum for sssd to 1.9.2
- Set minimum for pki-ca to 10.0.0-1
- Set minimum for 389-ds-base to 1.3.0
- Set minimum for selinux-policy to 3.11.1-60
- Remove unneeded dogtag package requires
- Set minimum for samba to 4.0.0-153.
- Make sure server-trust-ad subpackage alternates winbind_krb5_locator.so
plugin to /dev/null since they cannot be used when trusts are configured
- Restrict krb5-server to 1.10.
- Update minimum for 389-ds-base to 1.3.0
- Add directory /var/lib/ipa/pki-ca/publish for CRL published by pki-ca
- Add Requires on zip for generating FF browser extension
- Update BR for 389-ds-base to 1.2.11.14
- Update BR for krb5 to 1.10
- Update BR for samba4-devel to 4.0.0-139 (rc1)
- Add BR for python-polib
- Update Requires on policycoreutils to 2.1.12-5
- Update Requires on 389-ds-base to 1.2.11.14
- Update Requires on selinux-policy to 3.11.1-21
- Update Requires on dogtag to 10.0.0-0.33.a1
- Update Requires on certmonger to 0.60
- Update Requires on tomcat to 7.0.29
- Update minimum version of bind to 9.9.1-10.P3
- Update minimum version of bind-dyndb-ldap to 1.1.0-0.16.rc1
- Remove Requires on authconfig from python sub-package
