[Freeipa-interest] FreeIPA 4.9.7
François Cami
fcami at redhat.com
Fri Aug 20 13:13:26 UTC 2021
The FreeIPA team would like to announce the FreeIPA 4.9.7 release!
It can be downloaded from http://www.freeipa.org/page/Downloads.
Builds for Fedora 35 and 36 will be available from the official
repository soon.
The release notes can be read online:
https://www.freeipa.org/page/Releases/4.9.7
or below.
== Highlights in 4.9.7 ==
* 3226: [RFE] ipa sudorule-add-user should accept more types of characters
* 8402: [RFE] ipa-client-install forces nsupdate to bind with gssapi:
Invoke nsupdate without authentication if the GSS-TSIG attempt
fails at install time ; configure SSSD to use nsupdate without
GSS-TSIG in this case.
* 8528: Use separate logs for AD Trust and DNS installer:
ipa-adtrust-install and ipa-dns-install commands now log their
activity into separate log files.
* 8655: Allow to establish trust to Active Directory in FIPS mode:
When IPA is deployed in FIPS mode, it is now possible to establish
trust to Active Directory forest.
* 8892: [RFE] When IPA system is healthy, ipa-healthcheck
--failures-only should display proper message instead of empty list
=== Enhancements ===
* FreeIPA now provides centrally-managed allocation of ID sub-ranges
for users and groups, for use in podman and runc.
* ipa-getkeytab now has an option to discover servers using DNS SRV.
* ipa-client-install now gracefully switches to using no
authentication when updating its own DNS record if GSS-TSIG fails. It
also configures SSSD to do the same.
=== Known Issues ===
* ipa-server-install --auto-reverse does not create a reverse DNS
zone even when needed on systems using systemd-resolved.
=== Bug fixes ===
FreeIPA 4.9.7 is a stabilization release for the features delivered as a
part of 4.9 version series.
There are more than 50 bug-fixes since the 4.9.5 release, details of
which can be seen in the list of resolved tickets below.
== Upgrading ==
Upgrade instructions are available on the Upgrade page.
== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-users
mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/)
or #freeipa channel on Freenode.
== Resolved tickets ==
* [https://pagure.io/freeipa/issue/3226 #3226] [RFE] ipa
sudorule-add-user should accept more types of characters
* [https://pagure.io/freeipa/issue/6587 #6587] ipa-otpd: systemctl
reports "degraded" for "is-system-running" after todays CentOS updates
* [https://pagure.io/freeipa/issue/7814 #7814] fix
automountlocation-tofiles output
* [https://pagure.io/freeipa/issue/8206 #8206] Add checks to prevent
assigning authentication indicators to internal IPA services
* [https://pagure.io/freeipa/issue/8227 #8227] dnszone-add: ignores
given SOA serial
* [https://pagure.io/freeipa/issue/8245 #8245] ipa-kra-install should
exit if ca_host is overriden.
* [https://pagure.io/freeipa/issue/8257 #8257] ipa-certupdate sets
temporary ccache in the wrong place
* [https://pagure.io/freeipa/issue/8361 #8361] Add support for
managing subuids and subgids in FreeIPA
* [https://pagure.io/freeipa/issue/8397 #8397] Cannot remove First
master server with KRA after the server hard disk failed ( destructed)
* [https://pagure.io/freeipa/issue/8402 #8402] [RFE]
ipa-client-install forces nsupdate to bind with gssapi
* [https://pagure.io/freeipa/issue/8415 #8415] Ignore case when
evaluating attributes and objectclasses in config plugin
* [https://pagure.io/freeipa/issue/8452 #8452] update samba
configuration on IPA master to explicitly use 'server role' setting
* [https://pagure.io/freeipa/issue/8478 #8478] Do SRV discovery in
ipa-getkeytab if -s and -H aren't provided
* [https://pagure.io/freeipa/issue/8501 #8501] Unify how FreeIPA gets
FQDN of current host
* [https://pagure.io/freeipa/issue/8519 #8519] Fedora container
platform is incomplete
* [https://pagure.io/freeipa/issue/8524 #8524] Deploy & manage the
ACME service topology wide from a single system
* [https://pagure.io/freeipa/issue/8528 #8528] Use separate logs for
AD Trust and DNS installer
* [https://pagure.io/freeipa/issue/8584 #8584] ACME communication with
dogtag REST endpoints should be using the cookie it creates
* [https://pagure.io/freeipa/issue/8647 #8647] Incorrect DNSKEY
created when DNSSEC enabled for zone
* [https://pagure.io/freeipa/issue/8655 #8655] Allow to establish
trust to Active Directory in FIPS mode
* [https://pagure.io/freeipa/issue/8676 #8676] [Tracker] Multiple
nightly test failure in
test_integration/test_ntp_options/TestNTPoptions
* [https://pagure.io/freeipa/issue/8795 #8795] Remove dependency from
tests on ipaserver package/modules
* [https://pagure.io/freeipa/issue/8810 #8810] Nightly test failure
(rawhide/f34) in test_ipahealthcheck.py::TestIpaHealthCheck: missing
AAAA record for ipa-ca
* [https://pagure.io/freeipa/issue/8832 #8832] ipa-server-upgrade is
failing while upgrading rhel8.3 to rhel8.4
* [https://pagure.io/freeipa/issue/8864 #8864] azure: dnf sometimes fails
* [https://pagure.io/freeipa/issue/8889 #8889] [tests] healthcheck 0.9
* [https://pagure.io/freeipa/issue/8890 #8890] Nightly test failure
(rawhide) in test_ipa_cert_fix.py::TestIpaCertFix::test_missing_startup
* [https://pagure.io/freeipa/issue/8891 #8891] FreeIPA server in debug
mode fails to run because time.perf_counter_ns is Python 3.7+
* [https://pagure.io/freeipa/issue/8892 #8892] [RFE] When IPA system
is healthy, ipa-healthcheck --failures-only should display proper
message instead of empty list
* [https://pagure.io/freeipa/issue/8905 #8905] Package
python3-ipatests (from CRB repo) Requires python3-coverage
* [https://pagure.io/freeipa/issue/8906 #8906] support for
SHA384withRSA signing algo missing
* [https://pagure.io/freeipa/issue/8909 #8909] Unable to set
ipaUserAuthType with stageuser-add
* [https://pagure.io/freeipa/issue/8911 #8911] Nightly test failure in
pki-fedora/test_webui_cert.
* [https://pagure.io/freeipa/issue/8913 #8913] [man page]
contradiction in ipa-server-upgrade command's man page and usage
* [https://pagure.io/freeipa/issue/8918 #8918] Nightly failure in
test_external_ca.py::TestSelfExternalSelf::test_switch_back_to_self_signed
* [https://pagure.io/freeipa/issue/8919 #8919] Nightly test failure in
test_webui/test_range.py::test_range::test_crud
* [https://pagure.io/freeipa/issue/8920 #8920] ipa-healthcheck reports
RIPluginCheck CRITICAL error for DSRILE0002
* [https://pagure.io/freeipa/issue/8923 #8923] Trust controller role
should pull sssd-winbind-idmap package
* [https://pagure.io/freeipa/issue/8925 #8925] ipatests:
NAMED_CRYPTO_POLICY_FILE not defined for RHEL
* [https://pagure.io/freeipa/issue/8926 #8926] Nightly test failure
(rawhide) in test_smb
* [https://pagure.io/freeipa/issue/8929 #8929] Nightly test failure in
test_integration//test_acme.py/TestACMERenew/test_renew - kinit admin:
Password change failed while getting initial credentials
* [https://pagure.io/freeipa/issue/8930 #8930] IdM should call into
Dogtag to dynamically update the security domain info
* [https://pagure.io/freeipa/issue/8931 #8931] flake8 report for tasks.py
* [https://pagure.io/freeipa/issue/8934 #8934] ipa-advise
unconditionally uses modutil to load opensc module
* [https://pagure.io/freeipa/issue/8935 #8935] [tracker] Update boxes
for PR-CI nightly runs
* [https://pagure.io/freeipa/issue/8936 #8936] ipa-server install
failure without DNS
* [https://pagure.io/freeipa/issue/8937 #8937] Multiple issues in
tasks's install/uninstall helpers
* [https://pagure.io/freeipa/issue/8938 #8938] Remove python3-pexpect
as dependency for ipatests pkg
* [https://pagure.io/freeipa/issue/8939 #8939] Add index for sudoorder
* [https://pagure.io/freeipa/issue/8942 #8942] TestAJPSecretUpgrade
tests fail on system without pkiuser
* [https://pagure.io/freeipa/issue/8944 #8944]
TestIpaAdTrustInstall::test_ipa_user_s4u2self_pac failed at
create_active_user
* [https://pagure.io/freeipa/issue/8949 #8949] Test for RFE
ipa-healthcheck should verify owner/perms for important logs in
"/var/log" in the ipahealthcheck.ipa.files source
* [https://pagure.io/freeipa/issue/8956 #8956] Nightly failure in
test_caless.py::TestIPACommands::test_invoke_upgrader
== Detailed changelog since 4.9.6 ==
=== Armando Neto (1) ===
* ipatests: bump prci boxes + move gating to f34
[https://pagure.io/freeipa/c/02447762a3f62383313f0b8cd7c5d129dc2c6213
commit] [https://pagure.io/freeipa/issue/8935 #8935]
=== Alexander Bokovoy (2) ===
* rhel platform: add a named crypto-policy support
[https://pagure.io/freeipa/c/1a5159b216455070eb51b6a11ceaf0033fc8ce4c
commit] [https://pagure.io/freeipa/issue/8925 #8925]
* Back to git snapshots
[https://pagure.io/freeipa/c/2b7e8841824b44fc41581717c51ccd4b0fc553ff
commit]
=== Anuja More (5) ===
* ipatests: Test unsecure nsupdate.
[https://pagure.io/freeipa/c/4fdab0c94c4e17e42e5f38a0e671bea39bcc9b74
commit] [https://pagure.io/freeipa/issue/8402 #8402]
* ipatests: Refactor test_check_otpd_after_idle_timeout
[https://pagure.io/freeipa/c/eac03d6828d0bac1925c897090fc77e250eaee04
commit] [https://pagure.io/freeipa/issue/6587 #6587]
* ipatests: skip test_basesearch_compat_tree on fedora.
[https://pagure.io/freeipa/c/d4062e407d242a72b9d4e32f4fdd6aed086ce005
commit]
* ipatests: Test ldapsearch with base scope works with compat tree.
[https://pagure.io/freeipa/c/a3d71eb72a6125a80a9d7b698f34dcb95dc25184
commit]
* ipatests: Test for OTP when the LDAP connection timed out.
[https://pagure.io/freeipa/c/25a4acf3ad5964eacddbcb83ddf9f84432968918
commit] [https://pagure.io/freeipa/issue/6587 #6587]
=== Antonio Torres (6) ===
* ipatests: expect SOA serial option deprecation warning
[https://pagure.io/freeipa/c/1d7512495d3e7f933d95707f74a6b6f0aeecd00f
commit] [https://pagure.io/freeipa/issue/8227 #8227]
* dnszone: deprecate option for setting SOA serial
[https://pagure.io/freeipa/c/4c0dcabd6e2163dfa80a4d2a18064824934274fa
commit] [https://pagure.io/freeipa/issue/8227 #8227]
* ipatests: test if KRA install fails when ca_host is overriden
[https://pagure.io/freeipa/c/a4e13a33247fb14145c632fb53b4480fc5fb10ea
commit] [https://pagure.io/freeipa/issue/8245 #8245]
* ipa-kra-install: exit if ca_host is overriden
[https://pagure.io/freeipa/c/ab4720d9c2bae059e8f622cd4a331510fefe27ae
commit] [https://pagure.io/freeipa/issue/8245 #8245]
* ipatests: ensure auth indicators can't be added to internal IPA
services [https://pagure.io/freeipa/c/28484c3dee225662e41acc691bfe6b1c1cee99c8
commit] [https://pagure.io/freeipa/issue/8206 #8206]
* Add checks to prevent adding auth indicators to internal IPA
services [https://pagure.io/freeipa/c/a5d2857297cfcf87ed8973df96e89ebcef22850d
commit] [https://pagure.io/freeipa/issue/8206 #8206]
=== Christian Heimes (8) ===
* Fix string check in uninstall helper
[https://pagure.io/freeipa/c/c5b5bc9099fc26b863d7c964e47dbdcd0ff008c8
commit] [https://pagure.io/freeipa/issue/8937 #8937]
* Fix ldapupdate.get_sub_dict() for missing named user
[https://pagure.io/freeipa/c/a1eb13cdbc109da8c028bb886a1207ea2cc23cee
commit] [https://pagure.io/freeipa/issue/8936 #8936]
* Test DNA plugin configuration
[https://pagure.io/freeipa/c/b53a52a1fafa94e0129e6e3e55fddd59909f0f0a
commit]
* Fix oid of ipaUserDefaultSubordinateId
[https://pagure.io/freeipa/c/44ccc0f64bac9fc2e7e3264984af26635bb34742
commit]
* Fix ipa-server-upgrade
[https://pagure.io/freeipa/c/e6e3fb606d08b0dc57bfa360a0f0082052441db6
commit]
* Use 389-DS' dnaInterval setting to assign intervals
[https://pagure.io/freeipa/c/ef115b04182d572bf61e32e2405bbb68ff65e928
commit]
* Redesign subid feature
[https://pagure.io/freeipa/c/5d4fe06663c3e66b1da73c01ce022790634a3e3b
commit]
* Add basic support for subordinate user/group ids
[https://pagure.io/freeipa/c/3540986a11d4f3401ba4918f25229a79283d9dbd
commit] [https://pagure.io/freeipa/issue/8361 #8361]
=== Chris Kelley (2) ===
* Parse cert chain as JSON not XML
[https://pagure.io/freeipa/c/40f76a53f78267b4d2b890defa3e4f7d27fdfb7a
commit]
* Parse getStatus as JSON not XML
[https://pagure.io/freeipa/c/7fb95cc638b1c9b7f2e9a67dba859ef8126f2c5f
commit]
=== François Cami (13) ===
* Update list of contributors
[https://pagure.io/freeipa/c/3cb6b5c801b04922c3a23070e79aab20399d033b
commit]
* ipatests: use krb5_trace in TestIpaAdTrustInstall
[https://pagure.io/freeipa/c/9ae23e1257478bfee04b08b54f36dda7f5850348
commit] [https://pagure.io/freeipa/issue/8944 #8944]
* freeipa.spec.in: remove python3-pexpect from Requires
[https://pagure.io/freeipa/c/e0e1d6f94dd16c8066be8ce3c75ef306890a3e2b
commit] [https://pagure.io/freeipa/issue/8938 #8938]
* gating.yaml: Fix TestInstallMaster timeout
[https://pagure.io/freeipa/c/33c561dcd30dc346ccbaa00933bcd1cac5e994b6
commit]
* Azure: temporarily disable problematic tests, #2
[https://pagure.io/freeipa/c/18ccaea7cb36b3d1069f0d12a15b06357b3f94f0
commit] [https://pagure.io/freeipa/issue/8864 #8864]
* Azure: temporarily disable problematic tests, #1
[https://pagure.io/freeipa/c/eb1d509fd5271d39cc899838b57e5398683401f7
commit] [https://pagure.io/freeipa/issue/8864 #8864]
* tasks.py: fix flake8-reported issues
[https://pagure.io/freeipa/c/5b826ab3582566b15a618f57cb2e002a9c16ef64
commit] [https://pagure.io/freeipa/issue/8931 #8931]
* test_acme: make password renewal more robust
[https://pagure.io/freeipa/c/701adb9185c77194ba1ad0c5fd2f13484417ef6f
commit] [https://pagure.io/freeipa/issue/8929 #8929]
* test_acme: refactor with tasks
[https://pagure.io/freeipa/c/86869364a30f071ee79974b301ff68e80c0950ba
commit]
* ipatests: smbclient "-k" => "--use-kerberos=desired"
[https://pagure.io/freeipa/c/161d5844eb1214e60c636bdb73713c6a43f1e75c
commit] [https://pagure.io/freeipa/issue/8926 #8926]
* rpcserver.py: perf_counter_ns is Python 3.7+
[https://pagure.io/freeipa/c/1539c7383116647ad9c5b125b343f972e9c9653b
commit] [https://pagure.io/freeipa/issue/8891 #8891]
* ipatests: smoke test for server debug mode.
[https://pagure.io/freeipa/c/ee4be290e1583834a573c3896ee1d97b3fbb6c24
commit] [https://pagure.io/freeipa/issue/8891 #8891]
* paths: add IPA_SERVER_CONF
[https://pagure.io/freeipa/c/e713c227bb420a841ce3ae146bca55a84a1b0dbf
commit] [https://pagure.io/freeipa/issue/8891 #8891]
=== Florence Blanc-Renaud (12) ===
* webui tests: fix algo for finding available idrange
[https://pagure.io/freeipa/c/f7997ed0b7d5b915c0184bf8e8864ff935cd6232
commit] [https://pagure.io/freeipa/issue/8919 #8919]
* Index: Fix definition for memberOf
[https://pagure.io/freeipa/c/b132956e42a88ab39bb8d6a854e7c5d28d544a11
commit] [https://pagure.io/freeipa/issue/8920 #8920]
* spec file: Trust controller role should pull sssd-winbind-idmap
package [https://pagure.io/freeipa/c/1a4f459b81bc77cdf233b65f41d0f76dbb5f2fce
commit] [https://pagure.io/freeipa/issue/8923 #8923]
* webui tests: close notification when revoking cert
[https://pagure.io/freeipa/c/40e4ccf1ea943aba4d10e8126ffa49feddd2e683
commit] [https://pagure.io/freeipa/issue/8911 #8911]
* pr-ci definitions: add subid-related jobs
[https://pagure.io/freeipa/c/d456649feb40d462f73321a4a220b4aff7adb443
commit] [https://pagure.io/freeipa/issue/8361 #8361]
* ipatests: use whole date when calling journalctl --since
[https://pagure.io/freeipa/c/b2e6292337c6f7f68ac383db8aa54a1abfa3f6b4
commit] [https://pagure.io/freeipa/issue/8918 #8918]
* Server install: do not use unchecked ip addr for ipa-ca record
[https://pagure.io/freeipa/c/2c0a123e99d943f115cc726e391f5d79b5bfb70e
commit] [https://pagure.io/freeipa/issue/8810 #8810]
* man page: update ipa-server-upgrade.1
[https://pagure.io/freeipa/c/195035cef51a132b2b80df57ed50f2fe620244e6
commit] [https://pagure.io/freeipa/issue/8913 #8913]
* augeas: bump version for rhel9
[https://pagure.io/freeipa/c/076e499f6f1223458cb896f1e90296e511c922d7
commit] [https://pagure.io/freeipa/issue/8676 #8676]
* XMLRPC test: add a test for stageuser-add --user-auth-type
[https://pagure.io/freeipa/c/4a5a0fe7d25209a41a2eadd159f7f4c771e5d7fc
commit] [https://pagure.io/freeipa/issue/8909 #8909]
* stageuser: add ipauserauthtypeclass when required
[https://pagure.io/freeipa/c/06468b2f604c56b02231904072cb57412966a701
commit] [https://pagure.io/freeipa/issue/8909 #8909]
* Remove unneeded dependency on python-coverage
[https://pagure.io/freeipa/c/9cfae2623420356fd99e09bf8559b11da66e2ccd
commit] [https://pagure.io/freeipa/issue/8905 #8905]
=== Michal Polovka (3) ===
* ipatests: test_ipahealthcheck: Verify permissions for /var/log/
files [https://pagure.io/freeipa/c/488ac7e3ba9f36d6b187687d120920d2d80d8b7f
commit] [https://pagure.io/freeipa/issue/8949 #8949]
* ipatests: test_installation: move tracking_reqs dependency to ipalib
constants ipaserver: krainstance: utilize moved tracking_reqs
dependency [https://pagure.io/freeipa/c/e5df4dc4884f1a66ccbca79b9a0d83874c996d1d
commit] [https://pagure.io/freeipa/issue/8795 #8795]
* ipatests: test_ipahealthcheck: print a message if a system is
healthy [https://pagure.io/freeipa/c/7f910eb2dda8595da435b4aed6e759a2916df813
commit] [https://pagure.io/freeipa/issue/8892 #8892]
=== Mohammad Rizwan (2) ===
* ipatests: Look for warning into stderr instead of stdout
[https://pagure.io/freeipa/c/96dd8ac1cd2e7fb8177d83e7ba5c6d79f4216ea3
commit] [https://pagure.io/freeipa/issue/8890 #8890]
* ipatests: Test ipa-cert-fix warns when startup directive is missing
from CS.cfg [https://pagure.io/freeipa/c/02c0da3ef74948579106aab4b669f6e64dd60b24
commit] [https://pagure.io/freeipa/issue/8890 #8890]
=== Rob Crittenden (21) ===
* Only call add_agent_to_security_domain_admins() when CA is installed
[https://pagure.io/freeipa/c/da1d543c2bfa9e4acb6fde170e66c88e521ac232
commit] [https://pagure.io/freeipa/issue/8956 #8956]
* ipatests: Verify that securitydomain is updated on server-del
[https://pagure.io/freeipa/c/a417810df5500b5780396ab88d53eaea74f74ccc
commit] [https://pagure.io/freeipa/issue/8930 #8930]
* Clean up the PKI securitydomain when removing a server
[https://pagure.io/freeipa/c/be3a0f3201bbb060a9d53fb65cbbccf6c7bf9bb4
commit] [https://pagure.io/freeipa/issue/8930 #8930]
* pr-ci definitions: add custom plugin-related jobs
[https://pagure.io/freeipa/c/78c48199782743e619463cefa7411817f4fe4a14
commit] [https://pagure.io/freeipa/issue/8415 #8415]
* ipatests: add suite for testing custom plugins
[https://pagure.io/freeipa/c/e28e45402c7edb007e356a59cf09ed8e10cd14d9
commit] [https://pagure.io/freeipa/issue/8415 #8415]
* Don't assume that plugin attributes and objectclasses are lowercase
[https://pagure.io/freeipa/c/97a2a925348d3bd732e582108feb02d644ba011a
commit] [https://pagure.io/freeipa/issue/8415 #8415]
* Add index for sudoorder
[https://pagure.io/freeipa/c/0526174971017aebfb9d9fcb29c6dde6e67438fe
commit] [https://pagure.io/freeipa/issue/8939 #8939]
* ipatests: verify that getcert output includes the issued date
[https://pagure.io/freeipa/c/826b5825bd644fc69a9bee17626d71fe03cc0190
commit]
* ipa-advise: Define the domain used when looking up ipa-ca
[https://pagure.io/freeipa/c/9a4a6cdd27781573351595e38d38eeadc8ab090d
commit] [https://pagure.io/freeipa/issue/8934 #8934]
* ipa-advise: if p11-kit provides opensc, don't add to NSS db
[https://pagure.io/freeipa/c/018ee09ccbe7fc0a5b0909592eadd168224b2409
commit] [https://pagure.io/freeipa/issue/8934 #8934]
* ipatests: test ipa-getkeytab server option
[https://pagure.io/freeipa/c/7a13200fd8b92dd90ebc4b6416ef25659df8aa71
commit] [https://pagure.io/freeipa/issue/8478 #8478]
* ipa-getkeytab: fix compiler warnings
[https://pagure.io/freeipa/c/0114d24ea160676b784ef7010c19bbacc67ceea0
commit] [https://pagure.io/freeipa/issue/8478 #8478]
* ipa-getkeytab: add option to discover servers using DNS SRV
[https://pagure.io/freeipa/c/42206df69adc9c1eefa3ee576891b2ae3ac269e0
commit] [https://pagure.io/freeipa/issue/8478 #8478]
* Provide more information in ipa-certupdate on ccache failure
[https://pagure.io/freeipa/c/fbbff3edc0fcc8bf2624283ccd88848eedaac8d7
commit] [https://pagure.io/freeipa/issue/8257 #8257]
* Fix automountlocation-tofiles expected output in xmlrpc test
[https://pagure.io/freeipa/c/ded3cd3fc8490561e44310e8f89efc3e13e82884
commit] [https://pagure.io/freeipa/issue/7814 #7814]
* ipatests: Add test for ipa automountlocation-tofiles
[https://pagure.io/freeipa/c/dbe4159e27d44550085cb3ce0629d1e525c9b30e
commit] [https://pagure.io/freeipa/issue/7814 #7814]
* Display all orphaned keys in automountlocation-tofiles
[https://pagure.io/freeipa/c/89ca5c8836333aece9caf2ac433ccab1140f909a
commit] [https://pagure.io/freeipa/issue/7814 #7814]
* ipatests: test removing last KRA when it is not running
[https://pagure.io/freeipa/c/8ea8f8b68b5a7217518f68065a5fc1df16126314
commit] [https://pagure.io/freeipa/issue/8397 #8397]
* Use new method in check to prevent removal of last KRA
[https://pagure.io/freeipa/c/0b9adf1d8d5efb48e734650e4101e8816b01e1d3
commit] [https://pagure.io/freeipa/issue/8397 #8397]
* Fall back to krbprincipalname when validating host auth indicators
[https://pagure.io/freeipa/c/8ad535b618d60fa016061212ff85d0ad28ccae59
commit] [https://pagure.io/freeipa/issue/8206 #8206]
* Add SHA384withRSA as a certificate signing algorithm
[https://pagure.io/freeipa/c/ca8c7010e8aa0f87bde11c36947fefd549bae8fd
commit] [https://pagure.io/freeipa/issue/8906 #8906]
=== Stanislav Levin (1) ===
* ipatests: Fix TestAJPSecretUpgrade tests on systems without pkiuser
[https://pagure.io/freeipa/c/c9bc471e063f2865d6423e4f1c9b81e73a45e43f
commit] [https://pagure.io/freeipa/issue/8942 #8942]
=== Serhii Tsymbaliuk (1) ===
* WebUI: Improve subordinate ids user workflow
[https://pagure.io/freeipa/c/9f4b8982cd06011df8daac480a726637fc52649e
commit] [https://pagure.io/freeipa/issue/8361 #8361]
=== Sudhir Menon (1) ===
* ipatests: Fix for
test_source_ipahealthcheck_iptest_source_ipahealthcheck_ipa_host_check_ipahostkeytab
[https://pagure.io/freeipa/c/26be7ffdba87e0e6294ea035ab3dc9bd933fba43
commit] [https://pagure.io/freeipa/issue/8889 #8889]
More information about the Freeipa-interest
mailing list