--- Begin Message ---
Source: debian-edu-config
Source-Version: 1.443
We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive:
debian-edu-config_1.443.dsc
to main/d/debian-edu-config/debian-edu-config_1.443.dsc
debian-edu-config_1.443.tar.gz
to main/d/debian-edu-config/debian-edu-config_1.443.tar.gz
debian-edu-config_1.443_all.deb
to main/d/debian-edu-config/debian-edu-config_1.443_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 585...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Holger Levsen <hol...@debian.org> (supplier of updated debian-edu-config
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 30 Oct 2010 16:49:05 +0200
Source: debian-edu-config
Binary: debian-edu-config
Architecture: source all
Version: 1.443
Distribution: unstable
Urgency: low
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Holger Levsen <hol...@debian.org>
Description:
debian-edu-config - Configuration files for Skolelinux systems
Closes: 585064
Changes:
debian-edu-config (1.443) unstable; urgency=low
.
[ Jürgen Leibner ]
* Little cleanup of the smb.conf and adjust the examples to match
the new configuration using kerberos.
.
[ Andreas B. Mundt ]
* Complete gosa-server.ldif: Add missing dns and dhcp entries.
* Add echo message to help the user with re-initializing the
kerberos KDC.
* Improve password changes done by GOsa: Do not show common users the
passwords in the process list
.
[ Petter Reinholdtsen ]
* Rewrite setup-roaming to use sssd+libpam-mklocaluser instead of
libpam-ccreds+libpam-localoffline and nscd. Make it use a
sssd.conf file included in the package, to make it possible to
update the configuration using package upgrades. Switch to use
Kerberos for authentication, and purge libpam-ldapd and
libpam-krb5 to avoid duplicate password checking and nscd to avoid
duplicate caching.
* Add libpam-mklocaluser hook script for roaming workstations to add
a KDE and Gnome bookmark/places link to the SMB exported home
directory when the local user is created. Use sambaHomePath
attribute from LDAP if it is set to locate the SMB mount point,
and generate if from the NFS mount point if the attribute is not
set.
* Adjust the roaming NSS setup to use LDAP for network names too.
* Adjust roaming setup, remove obsolete nslcd config and add sss to
netgroup part of nsswitch.conf to use it when sssd get netgroup
support.
* Try to generates sssd configuration dynamically and fall back to
static setup if this fail.
* Depend on ldap-utils to ensure ldapsearch is available when it is
needed by the autodetection and test code.
* Adjust roaming setup, purge the killer package to avoid throwing
out the user when idle.
* Add default config for networkmanager-kde on networked KDE
systems, to not start it at login.
* Add autostart entry to start the web browser with http://www/ as
the welcome page when a user log in for the first time. The URL
is fetched from LDAP using the labeledURI attribute from RFC 2079
in the users LDAP object and all parent objects up to and
including dc=skole,dc=skolelinux,dc=no object, as well as the root
DSE, to make it easy for administrators to change the start page
for new users using the LDAP protocol. Add labeledURIObject object
class to LDAP subtree object People, Students and Teachers as well
as the base object.
* Test suite:
- Rewrite dnsd tests to no longer look for obsolete DNS entries
(the ltspserver00, static00 and static200 entries are no longer
in DNS).
- Start on code to check the Kerberos server.
- Add LTSP test to verify that IPv4 forwarding is enabled in the
kernel.
- Add LTSP test to verify that the default settings are available
in LDAP.
- Add LTSP test to verify that ldinfod can be contacted outside
localhost (detects #519316 in inetutils-inetd).
- Extend samba test to verify the sambadomain object is present in
LDAP.
- Extend samba test to verify that the net binary is available,
and use it to verify that the Domain Admins group is listed in
the samba group map.
- Change samba test to look for the smbadmin user anywhere in
LDAP, and not under a fixed CN.
- Adjust ldap-client test to not check nscd but instead check sssd
with roaming workstations.
- Add ldap-client test to verify that only one of krb5, ldap and
sss PAM modules is enabled.
- Change ldap-client test to not look for cn=machines which seem
to be unused but look for cn=admins instead. Change it also to
search only from the base to not require any specific structure.
- Extend ldap-client test to check that certificate verification
is enabled for nslcd, sssd and ldapsearch.
- Start on test suite for the sudo in LDAP setup.
- Update dhcpd test to look for the new binary name dhcpd.
- Extend ldap-server to verify that encryption is enforced for
LDAP bind.
- Change the CUPS test to only check http access to www on the
Main-Server profiles, and check access to localhost for all
profiles. Add check for https.
- Create new nagios test script, to verify that Nagios do not
report any errors after installation.
- Try to detect and report if bug #582568 in kde/kdm is still
present in the kdm test.
- Add webcache test to detect and report squid bug causing APT
to fail (#591839).
- Update ldap-client test to use new automount LDAP content.
* Add /etc/ltspfs/mounter.d/edu-notify based on proposal in #575031
to make sure inserting USB sticks on thin clients give some visual
feedback to the user. Disable it when a Gnome environment is
detected, as Gnome detect ltspfs mounts on its own. Depend on
python-notify to make sure it work.
* Remove unused LDAP subtrees Domains and Pam.
* Move super-admin LDAP object from ou=people to ou=People, as the
former do not exist as a subtree in LDAP while the latter do.
* Change ldap-debian-edu-install script to report problems using the
error: prefix to make sure the error reporting code running after
installation is able to see errors from this script. Report error
if kerberos setup fail.
* Rename PW variable in ldap-debian-edu-install to ROOTPWDHASH, to
be consistent with the other password variables in the script and
make it clear that it is the hash and not the clear text password.
* Some cleanup in the ldap-debian-edu-install script. Make sure
files with clear text passwords (/etc/krb5kdc/service.keyfile,
/etc/gosa/gosa.random_secret, /var/lib/samba/secrets.tdb) are not
readable by others than the users that should have access when
they are created.
* Add new LDAP subtree ou=networks with subnet base and mask of the
known subnets. Subtree name is based on recommondation from
draft-howard-rfc2307bis-02.txt.
* Move sambaDomain LDAP object and samba related user objects
(cn=smbadmin, uid=root) to a ou=samba subtree.
* Reinsert loading of DNS names into LDAP, while we try to figure
out how to get diskless workstations working without them.
* Disable autofs on the main-server, to avoid hiding the local
file systems.
* Samba initialization (samba-debian-edu-admin)
- Rewrote minor bashism to work with dash.
- Enable debug output to figure out why it fail. Make sure the
script fail on the first error.
- Try to get initialization working by reintroducing the admins
and jradmins group without using the lis schema.
- Try to get initialization working by rewriting it to call
the samba-debian-edu-admin on first boot and not from cfengine
within d-i, because it depend on operational DNS, LDAP and Samba
server.
- Remove net groupmap calls in samba-debian-edu-admin, as they do
not work and the admins and jradmins groups already have the
sambaSID they need in LDAP. Guessing we can live without Samba
knowing about the students and teachers groups.
- Merge the remaining samba configuration into
ldap-debian-edu-install, because the removal of the calls to
'net groupmap' removed the need to set up samba on first boot.
Remove call to samba-debian-edu-admin in run-at-first-boot and
flag samba-debian-edu-admin as obsolete.
- Remove samba-debian-edu-admin script, it is now obsolete and its
task has been integrated into ldap-debian-edu-install.
* Add dhclient-exit-hooks.d entry to update proxy settings using the
wpad-url option sent from the DHCP server. Verify/update the
proxy setting every time a dhcp reply is received. Rewrite proxy
setup using WPAD to disable the use of a proxy if no WPAD file is
found.
* Add /etc/dhcp/dhclient-exit-hooks.d/hostname-update to update
hostname from DNS when a DHCP request change the IP address.
* Extend the debian-edu-ldapserver script to return the LDAP base
found in the LDAP server root DSE when -b is used, the kerberos
realm when -r is used and the kerberos server when -k is used.
* Write on new test tool ldap-createuser-krb5 to create a user in
LDAP, Samba and Kerberos from the command line. Use
gosaDepartment objects as its LDAP base and to use an existing
group if it exist. Generate gecos field using 'iconv
ASCII//TRANSLIT' to make sure posixAccount get the ASCII version
it need.
* Filter ldapsearch output in ldap-createuser-krb5 through
"perl -p0e 's/\n //g'" to make sure long lines are not wrapped
and breaking the script, and wish for -T support in ldapsearch.
* Add script ldap-add-host-to-netgroup to add hosts to netgroups
from the command line.
* Add ForceType to apache config, to enforce .html.nb pages to
text/html and not application/matematica.
* Add a call to munin-cron in run-at-firstboot after the
configuration is generated, to ensure http://www/munin/ work when
the test suite is executing.
* Remove cfengine rule to set sysctl value net.ipv4.ip_forward=1 on
LTSP servers. This is handled by init.d/enable-nat which also set
up the NATing that needs the IP forwarding.
* Change cfengine rule for KDM setup to not list previous user in
non-standalone profiles.
* Add README.OID to document the LDAP OIDs we have used so far.
* Create new experimental objectclass dnsDomainAux to allow DHCP and
DNS entries to have the same LDAP object. Make sure to include
all the attributes added to dnsdomain2 in 2008 according to
<URL:
http://linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend/Downloadexperimental
>.
* Add FEIDE schemas (noreduperson-1.5-openldap.schema,
eduperson-200806-openldap.schema and
eduorg-200210-openldap.schema) to the binary package. The schemas
were downloaded from <URL:http://www.feide.no/ldap-schema-feide>.
* Remove control entry for cfinputs_version in all cf.* files,
as it only produce a different warning and did not really quiet
down cfengine.
* Remove unused cfengine rules for ldap clients.
* Run 'etckeeper commit' at the end of the first boot, to record any
changes to /etc/ done during boot. Throw away output, there is no
need to clutter the boot with the debug output.
* Add workaround for #584434 in kdm, making sure kdm starts after
krb5-kdc to get a local Kerberos kdc working with kdm.
* Wrap long lines in pdns-debian-edu-conf and update comment on
local_address setup.
* Remove profile.d and Xsession.d code to set umask and add
pam-auth-config entry to use pam_umask to do it instead.
* Change pam_group setup for pam-auth-config to only use it for
interactive logins.
* Remove obsolete code in postinst to set file permissions on
/etc/skel/.kde/share/config/kmailrc. The file is no longer
part of this package.
* Expermental LDAP based LTSP configuration:
- Add experimental ltsp_config.d script to look up configuration
in LDAP. Start on draft ltspclientaux.schema to be able to
store the LTSP configuration in DHCP or DNS objects.
- Copy LTSP configuration from /etc/debian-edu/lts.conf.dist into
the LDAP object cn=ltspConfigDefault,cn=ltsp to test the this.
- Avoid running ldapsearch when the LDAP server is unavailable, to
avoid very log pauses during boot.
- Make sure the code do not try to look up MAC address in LDAP if
/proc is not mounted and not try to find hostname if it is not
yet set.
- Add caching to the script fetching LTSP configuration from LDAP
to only do it once during boot, and make sure to only look up
LDAP config if the cache directory is writable.
* Add _kerberos._tcp and _kpasswd._tcp SRV record in DNS.
* Remove ocsinventory DNS record. No-one found time to set up the
server part so far, so remove this ununsed placeholder.
* Remove unused bootps, db and afsdb DNS record. Neither is
currently used, and bootps do not really make sense when we use
DHCP.
* Move all DNS reverse entries from dns_ranges.ldif to
dns_arpa.ldif, to make it easier to test pdns in strict mode.
* Start on ldap-createmachine script to add a computer to LDAP.
* Remove www-server option from the DHCP setup, as it is ununsed
and we will fetch the default URL from LDAP and not DHCP.
* Remove workaround for bad init.d script dependencies in nslcd,
as bug #585968 is fixed in Squeeze. Add breaks on nslcd (<< 0.7.7)
and code in the postinst to remove /etc/insserv/overrides/nslcd.
* Remove replaces/provides/conflicts on ldap-skolelinux, cfengine-
skolelinux and ncs. These packages were removed 6 years ago.
* Depend on debconf-utils to make sure debian-edu-pxeinstall
find debconf-get-selections.
* Get sitesummary2ldap working for updating the DHCP entry for the
machines registered with sitesummary. Rename it to
sitesummary2ldapdhcp, and install it in the binary package.
* Split DHCP bootstrap file in two, one with the generic configuration
and one with the dhcpHost entries.
* Use /media/cdrom instead of /cdrom. The latter was made obsolete in
Etch or Lenny.
* Add vga=788 to the kernel arguments used with PXE installations,
to match the argument used on the CD and DVD.
* Change PXE setup to preseed apt-setup/local0 with test repository
on test installations, to avoid duplicate entries in sources.list.
* Remove obsolete debian-edu-etc-svk script, since we now use
etckeeper.
* Replace calls to etcinsvk in postinst with calls to etckeeper.
* Update init.d/update-hostname to look for update-hostname-from-ip
in its new location /usr/sbin/ where it belong.
* Fix typo in the debian-edu-hd-warn script causing it to fail.
* Correct pam-auth-config entry to use pam_umask to use the session
and not the auth section.
* Introduce new LDAP group ldap-admins with full access to LDAP.
Add cn=admin and cn=gosa-admin as initial members of the group,
making sure the group have one of the required member attribute.
Drop slapd.conf access rule for gosa-admin, as its access is
granted through the group.
* Move adduser script to ldap-tools (and install it in /usr/bin/)
and rename it to ldap-add-user-to-group. Extend script to handle
groupOfNames groups.
* Explain in ldap-debian-edu-install how to reinitialize ldap.
* Make sure ldap-debian-edu-install report an error if ldif loading
fail.
* Move netgroup subtree object to the netgroup.ldif file next to the
subtree members.
* Introduce new LDAP subtree ou=ldap-access, for user and group
objects used to update LDAP. Move ldap-admins group and admin,
gosa-admin users into this subtree.
* Modify LTSP plugin:
- Change build of diskless workstation (032-edu-pkgs) to use LTSP
method chroot_mount for mounting tha APT cache.
- Add code to report what is blocking umount of CHROOT_MOUNTED
entries.
- Remove obsolete scripts 010-http-proxy and 099-progress-log.
Their code is now in the ltsp package.
- Make sure Kerberos and LDAP automatic configuration is invoked
when building chroots for diskless workstations, unless building
chroot on a main-server.
- Add new workaround for bug #593770 in LTSP (failing to generate
resolv.conf based on DHCP settings), and remove the old
workaround. This should speed up the client boot a bit.
- Move extra bind mount entries for diskless workstation from
init.d config file to optional ltsp_config.d fragment, to make
sure it is set in the initrd when the bind mounting is done.
- Brush up ltsp_local_mount to work with new LTSP version, make
sure it do not copy etckeeper .git directory and try to umount
bind mounted files in /etc/ before bindmounting /etc/
read-writable to avoid hiding existing bind mounts.
- Correct help text for --no-diskless-edu-workstation in the LTSP
plugin.
* Rename ou=hosts subtree to ou=dns, to avoid ou=hosts which
according to draft-howard-rfc2307bis-02.txt should contain ipHost
LDAP objects.
* Move dhcp config in LDAP into new subtree ou=dhcp.
* Add workaround for bug #589915 in slapd by making sure
fetch-ldap-cert starts before krb5-kdc during boot.
* Make sure fetch-ldap-cert give pdns 2 seconds to start before
trying to locate the LDAP server using DNS.
* Drop conflict on debian-edu-install (<= 0.616), it was published
in 2004.
* Drop conflict on samba (<<3.0.0), it was published in 2003.
* Drop alternative depend on discover1. It is no longer in Debian.
* Remove all our pam.d files, as we use pam-auth-update now
* Remove code in debian-edu-hwsetup calling discover-pkginstall,
as this is done by debian-installer (hw-detect) in Squeeze.
* Rephrase server web page to use 'LDAP administration' instead
of 'Lwat' as the link text, and improve explanation on where the
link leads.
* Drop translation flag from kerberos debconf templates, as they
will normally not be show to any user.
* Depend on libterm-readkey-perl for sitesummary2ldapdhcp to work.
* Create new Perl module Debian::Edu, and move functions to find
LDAP server, LDAP base and prompt for passwords there to avoid
duplicate code in our scripts. Make sure it use LDAP settings
from /etc/ldap/ldap.conf when set, to allow clients to change
these in one place and affect our Perl LDAP scripts. Depend on
fping to make sure Debian::Edu find it when needed.
* Reduce DNS timeouts in Debian::Edu when looking for LDAP and
Kerberos server, to make sure a result is returned quicker when no
DNS server is available. Reduced runtime from 6.5 to 1.5 minute.
* Extend ldap2netgroup to list member netgroups too.
* Reimplement debian-edu-ldapserver using Perl to add support for
-s servername and use it to speed up scripts using it.
* Add "ServerAlias *" to our cupsd.conf file, to make cups accept
requests using any name/interface.
* Reinsert the machines group wanted by /etc/samba/smbaddclient.pl.
* Change powerdns configuration to connect to ldapi:// to ensure the
unix socket is used to communicate with the LDAP server.
* Change init.d/fetch-ldap-cert to syslog and stop looking up LDAP
server when it isn't needed.
* Rewrite init.d/enable-nat to use LSB style output functions.
* Change slapd.conf to include "localssf 128", to make sure
connections using the unix socket (ldapi://) is considered safe
enough to bind and update LDAP.
* Extend workaround for bug #585966 to also include pdns-recursor in
the $named definition, to ensure DNS lookup is working also for
external DNS names.
* Add new LDAP indexes for macAddress and dhcpHWAddress attributes,
to ensure LTSP configuration and DHCP server searches are
processed quickly.
* Add new LDAP index for createTimestamp attribute, to ensure query
from Lwat cron job is processed quickly.
* Add LDAP index for aRecord to make sure powerdns reverse lookups
are quick.
* Remove LDAP server and base argument from scripts using the
ldaptools that reads /etc/ldap/ldap.conf, to allow the settings in
that file to be used instead.
* Rewrite tools/passwd script to find LDAP objects dynamically,
and use the LDAP server and base settings from ldap.conf.
* Adjust debian-edu-ldapserver, to return default values for
main-server during installation, when dynamic lookup is not
possible.
* Extend debian-edu-ldapserver with option -f to fall back to
default values if autodetection fail.
* Rewrite cfengine rules for LDAP clients to fetch LDAP server and
base using debian-edu-ldapserver to fetch it dynamically during
installation using -f to get default values if autodetection fail.
* Make sure debian-edu-ldapserver do not use localhost to generate
settings, to avoid getting bogus Kerberos realm.
* Change SRV entries in DNS to use the service DNS names to allow
the services to be relocated by only updating one DNS entry and
not on the clients copying the SRV entries to their local
configuration.
* Fix minor typo in server-hosts netgroup. Remove unused domain
part from triplet.
* Add workaround for bug #582568 in kdm by touching
/root/.local/kaboom using cfengine during installation.
* Add cfengine rule to purge libpam-ldapd after installation, as a
workaround for bug #591773 in nslcd.
* Provide hook scripts in /usr/share/debian-edu-config/d-i/ for
debian-edu-profile-udeb to call from within d-i.
* Enable bootlogd for test installations in cfengine, to give us
access to the boot messages after the boot.
* Add code in the finish-install hook to install the Gosa packages
for testing on the main-server.
* Point web page link for LDAP administration to gosa, now that we
concluded to use it for Squeeze.
* Add attributes objectClass=gosaAccount and uid=admin to admin user
object, to try to get the object to show up in Gosa.
* Add code in d-i pre-pkgsel hook to dynamically look up sitesummary
server, LDAP server and base as well as Kerberos realm and server
to use it to preseed sitesummary-client, nslcd, lwat and
krb5-config on all networked profiles.
* Configure syslog collector on clients dynamically during
installation based on 'syslog' DNS name and _syslog._udp SRV
record, and remove old static configuration. Update DNS to
provide this SRV record and not the unused _syslog._tcp entry.
* Remove unused log-servers from DHCP setup, both for the server and
the clients.
* Make cfengine rule for LDAP clients more robust and make sure the
ldap.conf file do not change when cfengine is executed several
times.
* Add _kerberos TXT record in DNS with the Kerberos realm as
content, to allow packages like krb5-config and sssd to
automatically detect the realm.
* Add workaround for bug #592479 in network-manager triggered when
building the LTSP chroot, by creating /var/lib/NetworkManager
before trying to purge network-manager.
* Create new group cn=ldap-auth,ou=ldap-access with the users that
should be allowed to authenticate using LDAP bind. Not used yet,
as I am unsure how to do that and unsure what will break if we
force the use of Kerberos authentication.
* Correct cfengine rule to detect the installation environment to
look for /sbin/start-stop-daemon.REAL instead of
/etc/inittab.real. The latter do not exist during installation
any more.
* Replace Package with Packages in squid.conf as a workaround for
bug #591839 in squid.
* Change SSL certificate specification for the LDAP server to use
ldap.intern as its common name and list DNS:ldap as DNS:ldap and
DNS:localhost to try to get certificate checking working.
* Change gosa.conf to use ldap.intern instead of localhost as its
connection point, to avoid certificate error when connecting.
* Add policykit rule to make members of the admins group admins
according to policykit.
* Change ldap.conf to check SSL certificate when using TLS.
* Point nslcd.conf to the SSL certificate for the LDAP server.
* Make sure nslcd start after init.d/fetch-ldap-cert to have the
cert file available when it is needed.
* Change debian-edu-pxeinstall to also detect diskless workstations
using pam-krb5 or pam-sss.
* Adjust debian-edu-pxeinstall to work with the new debian-installer
netboot debs.
* Stop showing status when starting and stopping services in
init.d/enable-nat, as it is mostly noise during boot and shutdown.
* Make sure to purge libnss-mdns on stationary machines, as in
not standalone and not roaming profiles.
* Change automount map for autofs5-ldap to list a generic
/skole/tjener/& entry to handle any subpoint under that path
without any changes to LDAP.
* Adjust automount options in LDAP to reduce timeout and make sure
the home directory is mounted with more secure and efficient
settings.
* Update standards-version from 3.8.4 to 3.9.1. No changes needed.
* Adjust sitesummary2ldapdhcp to work with recent changes in the
Debian::Edu perl module.
* Add link to http://linuxsignpost.org/ on the default page shown to
new users.
* Update Norwegian Bokmål (nb) web page translation.
* Switch powerdns to strict LDAP mode, to make it possible to do DNS
updates by only adjusting one LDAP object. Drop the reverse map
from LDAP because of this. Adjust the DNS testsuite to handle
multiple DNS names replies for reverse lookups.
* Move ACL list for powerdns to config file generated at first
boot, to avoid hardcoding subnet addresses in the package.
* Start on subnet-change script to change the IP subnet used by the
main-server (LDAP and files). It is not complete, yet. Depend on
libnet-netmask-perl for the script to work.
* Add code to migrate from slapd.conf to slapd.d style configuration
when setting up LDAP during installation. Not enabled by default,
as slapd since 2.4.23-5 work with slapd.conf. We should migrate
to slapd.d and drop our slapd.conf file.
* Add new tool notify-local-users to allow root to send a
desktop.org style notifications to all local users. Add
libnotify-bin as a recommend, to ensure it work out of the box.
* Add reference to ALSA dmix setup in asound.conf.
.
[ Andreas B. Mundt ]
* Kerberos implementation:
- Add debconf questions and templates to ask for the Kerberos master
key during installation of the main-server. Avoid infinite loop by
limiting the number of kdc password queries for debconf.
- Add script to initialize the kerberos KDC. The script is called by
ldap-debian-edu-install.
- Reset debconf questions in kerberos-kdc-init only if password is
empty, to avoid asking for the KDC password on package update.
- Cleanup of the kerberos-kdc-init script. Add debugging to slapd
startup. (Commented after successful implementation).
- Use start-stop-daemon.REAL during installation when needed to start
slapd.
- Switch kerberos to access ldap using the ldapi:/// unix socket.
This makes the KDC setup work at install time. Possible security
issues still have to be checked, but it might be better to use the
socket anyway for performance reasons.
- Add smtp service principal and fix minor issues for host/service
principals.
- Add more kerberos checks to the test suite.
* GOsa implementation:
- Add configuration file gosa.conf for gosa.
- Add schema-files from gosa. The files might be removed later and be
replaced by the debian gosa (-schema) package(s).
- Add scripts to process changes in ldap. The gosa-* scripts will be
called by gosa hooks when creating or removing a user and to
synchronize kerberos and posix/ldap passwords.
* LDAP modifications:
- Modify ldap bootstrapping to enable gosa and kdc out of the box.
- Add default sudo-ldap configuration in sudo.ldif and configure
sudo-ldap.
- Modify ACLs in slapd-squeeze_debian-edu.conf to allow kdc and gosa
access the ldap database.
- Add KRB5_KTNAME=/etc/krb5.keytab.ldap to /etc/default/slapd.
* Mailing system:
- Switch from courier to dovecot imap server configuration.
- Modify exim4 configuration (user lookup in ldap).
* Miscellaneous:
- Fix cfengine rules in cf.ldapserver and cf.ldapclient: Skip
modifications (i.e. on a second run), if they are already in place.
- Remove cfengine rules to modify the umask for lenny. The modification
is default in squeeze, but can be overwritten using the etc/profile.d/
directory.
- Remove old exim configuration and directory not used anymore; adapt
Makefile.
- Remove never used configuration file krb5-winbind-debian-edu.conf.
* Enable GSSAPI authentication with kerberos ticket to exim4 smtp server.
* Remove some debug code from the kerberos-kdc-init script.
* Fix typos in cfengine config and clean it up a bit.
* Make krb5.conf, kdc.conf and kadm5.acl readable for everybody.
* Remove confused exit in kerberos KDC setup script.
* Replace the manipulated automount.schema file and replace it by the
autofs.schema file provided by the autofs5-ldap package.
* Modify autofs.ldif to work with the autofs5-ldap package.
* Remove cfengine rules not needed with the improved autofs.ldif.
* Add code to figure out distinguished names needed for KDC setup.
* Remove ignored automounter variable AUTOFS_ENABLED from cfengine
rule.
* Move gosa-* executables to /usr/share/debian-edu-config/tools/.
* Move all sysadmin executables from /usr/bin/ to /usr/sbin/.
* Remove unused bin/debian-edu-pxelinux.cfg.
* Add experimental DHCP/DNS GOsa server configuration to
gosa-server.ldif as example and for reference.
* Switch most ou=* in ldap-bootstrap/*.ldif to lower case. There are
still capital case references around in other files; we should clean
up and avoid them from now on for consistency.
* Add commented cfengine rule to filter ldap posix accounts and not
show templates as normal users. Not activated because of #311188;
let's see if we really need it.
* Add cifs/tjener principal and corresponding keytab entry.
* Move debconf questions from the package's configuration script to
the kerberos-kdc-setup script to only ask for any password if the
KDC is really set up. This makes sure no password is left in the
database.
* Modify for DHCPv4 transition starting with patch from Mehdi Dogguy
(Closes: #585064).
* Remove /etc/dhclient-exit-hooks as it is empty.
* Remove /etc/insserv/overrides/dhcp3-server as it is not needed any
more.
* Remove files in /etc/dhcp3/ if they have not been modified. It is
superseded by /etc/dhcp/.
* Add breaks with old dhcp3-client and dhcp3-server packages.
* Fix conflicting groupID numbers in predefined posix groups. Make sure
they are the same compared to what has been used in Lenny.
* Add Samba attributes to the GOsa user templates. Minor fixes.
* Switch GOsa's ldap snapshot feature on by default for testing.
.
[ Daniel Hess ]
* Replace $SAMBACRYPTPW with $SAMBAPWDHASH in samba.ldif to fix
setting the password for smbadmin by ldap-debian-edu-install.
.
[ Jürgen Leibner ]
* Add entries to smb.conf to use kerberos in a way to have tjener as
an authentificationserver for samba as testcase.
* Modified / reordered some entries in smb.conf for better reading.
.
[ Holger Levsen ]
* Unfuzzy translations of web page where possible, else just
make sure the links are correct.
Checksums-Sha1:
3398e5b1b6f477d662c4edf6ef0d0d41a45fb9cc 1368 debian-edu-config_1.443.dsc
676b0ed888f1de4ad9524495f4d440448adb908d 391926 debian-edu-config_1.443.tar.gz
b68e60cacfb28a4ea18eaab413d663fc0dc3dccb 339350 debian-edu-config_1.443_all.deb
Checksums-Sha256:
dde09df4bec79c97bc4bdfdf4293367c4123aec13b74562d9fa79dd488126bac 1368
debian-edu-config_1.443.dsc
3b0ef9d40f8f72f0f92a170f8a238d34fb571c2b942788fbba76eb148b66aba9 391926
debian-edu-config_1.443.tar.gz
45f755e763f96d287c47b66342bad70d92793b72906e1d242a1c9df548ea96c5 339350
debian-edu-config_1.443_all.deb
Files:
b6ad23687d9698a6ce5de2c0a94e4ea8 1368 misc extra debian-edu-config_1.443.dsc
c4cf6640d5c5af8d4b433ce2dc1b13ef 391926 misc extra
debian-edu-config_1.443.tar.gz
bdf2bea3f876d06d6af90bdc6052a4d2 339350 misc extra
debian-edu-config_1.443_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMzDVoUHLQNqxYNSARArpNAJ0cqo0FDCVy1ho8gcaY1WEh8kB/GgCgkjP1
NbGyg/89Ju6+HsMv8SAP2QY=
=3A7n
-----END PGP SIGNATURE-----
--- End Message ---
