[Freeipa-users] Announcing FreeIPA v2.1.90 beta 1 Release

Dmitri Pal dpal at redhat.com
Wed Mar 7 17:32:18 UTC 2012 

On 03/05/2012 05:28 PM, Rob Crittenden wrote:
> The FreeIPA team is proud to announce version 2.1.90 beta 1. This will
> eventually become FreeIPA v2.2.0.
>
> It can be downloaded from http://www.freeipa.org/Downloads or from our
> development repo (http://freeipa.org/downloads/freeipa-devel.repo).
> Fedora 16 and 17 builds are available.
>

It is actually http://www.freeipa.org/page/Downloads.

> Builds for Fedora 15 are no longer being provided. Packages that
> FreeIPA requires are not available in Fedora 15.
>
> == Highlights in 2.1.90 beta 1 ==
>
>  * Forms-based login. If Kerberos negotiate authentication fails you
> have the option of logging in using a form using username and
> password. Or you can go directly to /ipa/ui/login.html if you do not
> have/cannot get a Kerberos ticket. This is the preferred alternative
> login mechanism over enabling KrbMethodK5Passwd.
>  * Logout from the UI
>  * Support for SSH known-hosts with sssd 1.8.0. This will create a
> known-hosts file dynamically based on information stored in IPA.
>  * DNS forwarders now configurable via IPA
>  * Configurable by DNS zone: query policy, transfer policy, forward
> policy and forward and reverse synchronization.
>  * More consistent hostname validation
>  * Recommendation that the compat plugin be disabled during migration
> (unnecessary overhead)
>  * On new installations the default users group, ipausers, is now
> non-POSIX
>
> == Upgrading ==
>
> We tested upgrades from 2.1.4 successfully but this is beta code. We
> do not recommend upgrading a production server.
>
> Installing updated rpms is all that is required to upgrade from 2.1.4.
>
> It is unlikely that downgrading to a previous release once 2.1.90 is
> installed will work.
>
> Upgrading directly from the alpha may work but is untested.
>
> == Feedback ==
>
> Please provide comments, bugs and other feedback via the freeipa-devel
> mailing list: http://www.redhat.com/mailman/listinfo/freeipa-devel
>
> == Detailed Changelog since 2.1.90 beta 1 ==
>
> Jan Cholasta (1):
> *  Configure SSH features of SSSD in ipa-client-install.
>
> John Dennis (8):
> *  update translation pot file and PY_EXPLICIT_FILES list
> *  update po files
> *  created Transifex resource, adjust tx config file to point to it.
> *  Tweak the session auth to reflect developer consensus.
> *  Implement session activity timeout
> *  Implement password based session login
> *  Log a message when returning non-success HTTP result
>
> Martin Kosek (21):
> *  Ease zonemgr restrictions
> *  Update schema for bind-dyndb-ldap
> *  Global DNS options
> *  Query and transfer ACLs for DNS zones
> *  Add DNS conditional forwarding
> *  Add API for PTR sync control
> *  Add gidnumber minvalue
> *  Add reverse DNS record when forward is created
> *  Sanitize UDP checks in conncheck
> *  Add client hostname requirements to man page
> *  Add SSHFP update policy for existing zones
> *  Improve dns error message
> *  Improve dnsrecord-add interactive mode
> *  Improve hostname and domain name validation
> *  Improve FQDN handling in DNS and host plugins
> *  Improve hostname verification in install tools
> *  Fix typos in ipa-replica-manage man page
> *  Remove memberPrincipal for deleted replicas
> *  Fix encoding for setattr/addattr/delattr
> *  Add help for new structured DNS framework
> *  Improve dnsrecord interactive help
>
> Ondrej Hamada (3):
> *  Validate attributes in permission-add
> *  Migration warning when compat enabled
> *  ipa-client-install not calling authconfig
>
> Petr Viktorin (6):
> *  Make ipausers a non-posix group on new installs
> *  Add extra checking function to XMLRPC test framework
> *  Add common helper for interactive prompts
> *  Make sure the nolog argument to ipautil.run is not a bare string
> *  Use stricter semantics when checking IP address for DNS records
> *  Use stricter semantics when checking IP address for DNS records
> *  Use reboot from /sbin
>
> Petr Voborník (18):
> *  Fixed content type check in login_password
> *  Improved usability of login dialog
> *  Removed CSV creation from UI
> *  Fixed problem when attributes_widget was displaying empty option
> *  Added missing configuration options
> *  Static metadata update - new DNS options
> *  New checkboxes option: Mutual exclusive
> *  DNS Zone UI: added new attributes
> *  DNS UI: added A,AAAA create reverse options to adder dialog
> *  Fixed displaying of A6 Record
> *  New UI for DNS global configuration
> *  Multiple fields for one attribute
> *  Added attrs to permission when target is group or filter
> *  Moved is_empty method from field to IPA object
> *  Making validators to return true result if empty
> *  Fixed DNS record add handling of 4304 error
> *  Added unsupported_validator
> *  Fixed redirection in Add and edit in automember hostgroup.
> *  Fixed selection of single value in combobox
> *  Added logout button
> *  Forms based authentication UI
>
> Rob Crittenden (37):
> *  Limit the change password permission so it can't change admin
> passwords
> *  Don't allow "Modify Group membership" permission to manage admins
> *  Add the -v option to sslget to provide more verbose errors
> *  Make sure memberof is in replication attribute exclusion list.
> *  Don't check for schema uniqueness when comparing in ldapupdate.
> *  Add Conflicts on mod_ssl because it interferes with mod_proxy and
> dogtag
> *  Don't allow IPA master hosts or important services be deleted.
> *  Catch public exceptions when creating the LDAP context in WSGI.
> *  Don't consider virtual attributes when validating custom objectclasses
> *  Add Requires to ipa-client on oddjob-mkhomedir
> *  Fix managing winsync replication agreements with ipa-replica-manage
> *  Check for duplicate winsync agreement before trying to set one up.
> *  Remove unused kpasswd.keytab and ldappwd files if they exist.
> *  Make sure 389-ds is running when adding memcache service in upgrade.
> *  Don't run restorecon if SELinux is disabled or not present.
> *  Limit allowed characters in a netgroup name to alpha, digit, -, _
> and .
> *  Don't call memberof task when re-initializing a replica.
> *  Fix bad merge of not calling memberof task when re-initializing a
> replica
> *  Add support defaultNamingContext and add --basedn to migrate-ds
> *  Fix nested netgroups in NIS.
> *  Warn that deleting replica is irreversible, try to detect
> reconnection.
> *  Don't set migrated user's GID to that of default users group.
> *  Don't delete system users that are added during installation.
> *  Only apply validation rules when adding and updating.
> *  subclass HTTP_Status from plugable.Plugin, fix not_found tests
> *  Make hostnames adhere to new standards in HBAC tests
> *  Fix WSGI error handling
> *  Add status command to retrieve user lockout status
> *  Add support for sudoOrder
> *  Make hostnames adhere to new standards in hbactest plugin tests
> *  Fix API.txt and VERSION to reflect new sudoOrder option.
> *  Add --noac option to ipa-client-install man page
> *  Do kinit in client before connecting to backend
> *  Only warn if ipa-getkeytab doesn't get all requested enctypes.
> *  Fix NSS no_init in the NSSHTTPS class
>
> Simo Sorce (4):
> *  ipa-kdb: Fix ACL evaluator
> *  policy: add function to check lockout policy
> *  ipa-kdb: fix delegation acl check
> *  Fix ticket checks when using either s4u2proxy or a delegated krbtgt
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager IPA project,
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Freeipa-users mailing list