[Freeipa-interest] Announcing FreeIPA v3.1.1 Release

Rob Crittenden rcritten at redhat.com
Tue Jan 8 22:10:42 UTC 2013

The FreeIPA team is proud to announce version FreeIPA v3.1.1.

It can be downloaded from http://www.freeipa.org/page/Downloads.

== Highlights in 3.1.1 ==

* Increase default maxbersize so new replica installs won't fail if the 
CRL becomes very large.
* Do not crash in ipa-client-install in DNS discovery when a TXT record 
was configured, but the referred domain did not contain any Kerberos SRV 
* Cookie Expires date should be locale insensitive
* Enable SSSD on installation in client installes. We had relied on 
authconfig to enable it but it no longer does so when passed the 
--enablesssd flag. It just configures SSSD in the PAM stack.

== Upgrading ==

An IPA server can be upgraded simply by installing updated rpms. The 
server does not need to be shut down in advance.

Please note, that the referential integrity extension requires an 
extended set of indexes to be configured. RPM update for an IPA server 
with a excessive number of hosts, SUDO or HBAC entries may require 
several minutes to finish.

If you have multiple servers you may upgrade them one at a time. It is 
expected that all servers will be upgraded in a relatively short period 
(days or weeks not months). They should be able to co-exist peacefully 
but new features will not be available on old servers and enrolling a 
new client against an old server will result in the SSH keys not being 

Downgrading a server once upgraded is not supported.

Upgrading from 2.2.0 is supported. Upgrading from previous versions is 
not supported and has not been tested.

An enrolled client does not need the new packages installed unless you 
want to re-enroll it. SSH keys for already installed clients are not 
uploaded, you will have to re-enroll the client or manually upload the keys.

== Feedback ==

Please provide comments, bugs and other feedback via the freeipa-devel 
mailing list: http://www.redhat.com/mailman/listinfo/freeipa-devel

== Detailed Changelog since 3.1.0 ==

JR Aquino (1):
* Allow PKI-CA Replica Installs when CRL exceeds default maxber value

John Dennis (1):
* Cookie Expires date should be locale insensitive

Lynn Root (2):
* Fixed the catch of the hostname option during ipa-server-install
* Raise ValidationError when CSR does not have a subject hostname

Martin Kosek (4):
* Add Lynn Root to Contributors.txt
* Enable SSSD on client install
* Fix delegation-find command --group handling
* Do not crash when Kerberos SRV record is not found

Rob Crittenden (1):
* Become IPA 3.1.1

Simo Sorce (1):
* Log info on failure to connect

Tomas Babej (2):
* Relax restriction for leading/trailing whitespaces in *-find commands
* Forbid overlapping rid ranges for the same id range

More information about the Freeipa-interest mailing list