[Freeipa-interest] Announcing FreeIPA v2 Server Alpha 3 Release

Rob Crittenden rcritten at redhat.com
Fri May 7 19:56:19 UTC 2010

To all freeipa-interest, freeipa-users and freeipa-devel list members,

The FreeIPA project team is pleased to announce the availability of the 
Alpha 3 release of freeIPA 2.0 server [1]. Binaries are available for 
F-12 and F-13.

This alpha is mostly a bug fix release over the previous alpha. We have 
started the process of polishing so things should generally work more 
smoothly and look better. There are few visual improvements in the UI, 
those should appear in the next release.

Please do not hesitate to share feedback, criticism or bugs with us on 
our mailing list: freeipa-users at redhat.com

The big changes in this release are:
  - better i18n support including a few translations
  - the XML-RPC API changed so it is not compatible with previous releases
  - use mod_wsgi instead of mod_python
  - the CA is a required component and is now configured by default. 
Pass --selfsign to the installer to use the old self-signed CA
  - man page for the ipa command
  - A default Host-Based Access Control (HBAC) rule is created that 
grants all users the ability to log into any host from any host. This 
was done to simplify initial testing, it is expected this rule, 
allow_all, will be removed before you deploy.
  - We no longer enable nscd, sssd handles caching now

Known issues:
  - The CA must be installed in the en_US locale (#588375)

A more complete, semi-high-level list of changes since the last alpha are:
- Fix memory crash-bug in ipa-join
- Add pwpolicy2 plugin, future replacement for pwpolicy
- CSRs that don't include NEW in the header/footer blocks should work now
- Lots of clean-ups in ipa-client-install
- ipa-server-install and ipa-client-install now use backed-up files and 
state in /var/lib/ipa and /var/lib/ipa-client to determine whether they 
are already configured or not
- Fixed bug in some DNS entries that were missing a trailing dot (.)
- Fix bug in password plugin that prevented ldappasswd from working on
non-kerberized users
- In the client installer we will have certmonger issue certificate
requests using the subject base that IPA is configured with. This will
make certmonger play nicer with the selfsign CA.
- IPA works when using external CA option again
- Stop using LDAPv2-style escaped DNs where possible
- Updated MITM integration with dogtag
- Anonymous VLV is enabled when the compat plugin is enabled making
Solaris 10 clients happy
- Add a CRL URI to certificates that are issued by dogtag
- Added an ipa man page
- XML-RPC signature change. This will affect older alphas command-line
utilities trying to talk to a new server
- Fixed bug in host plugin where deleting a non-qualified hostname would
delete just the host, not the service entries associated with that host.
- ipa-replica-manage now uses kerberos to delete and list servers. Add
still requires the DM password
- Provide feedback if a -mod command is executed and no changes are
- Don't log passwords into files during installation
- Add option to enable pam_mkhomedirs in the IPA client installer
- Fixed a number of bugs in the pwpolicy plugin
- More detailed error messages when entries are not found
- Viewing binary in the UI shouldn't cause it to fail
- dogtag is a required component and now configured by default
- Run the XML-RPC server under mod_wsgi instead of mod_python
- Fix the --all and --raw options
- 8 translations:
   - Bengali India
   - Indonesian
   - Ukrainian
   - Kannada
   - Polish
   - Russian
   - Spanish
   - Chinese Simplified
- Other minor polish and bug fixes


[1] http://www.freeipa.org/page/Downloads

More information about the Freeipa-interest mailing list