To all freeipa-interest, freeipa-users and freeipa-devel list members,
The FreeIPA project team is pleased to announce the availability of the
Alpha 5 release of freeIPA 2.0 server . Binaries are available for
F-12, F-13 and F-14.
This alpha is a bug fix release over the previous alpha and includes a
completely re-written UI.
Please do not hesitate to share feedback, criticism or bugs with us on
our mailing list: freeipa-us...@redhat.com
The changes in this release include:
- Dropped our PKCS#10 parser to use the one provided by python-nss
- Started enforcing that hosts must be resolvable before adding them
(use --force if you really want to add them).
- Provide a reason when adding members to a group fails.
- Allow de-coupling of user private groups (group-detach).
- Support for ipa tool failover.
- Hosts are allowed to retrieve keytabs for their services.
- More configurable logging, see http://freeipa.org/page/IPAv2_config_files
- Add support for ldap:///self aci rules
- Use global time and size limit values when searching.
- Don't include passwords in log files.
- Work on F-14
- Make ipactl a lot smarter and add a man page for it.
- Have certmonger track the IPA service certificates.
- Initial support for SUDO. You can create the objects but the
client-side is not done yet.
- The delete commands now take multiple arguments: ipa user-del user1
user2 user3 ... usern
- Remove reliance on 'admin' as a special user. All access control now
granted via groups.
- Groups are now created as POSIX by default.
- Add options to control NTLM hashes. By default LM hash is disabled.
- Remove the correct password from the history. We were mistakenly
removing the latest password from the history instead of the oldest.
- Rename user-lock and user-unlock to user-enable user-disable.
- The ipa command should return non-zero when something fails.
- Add gettext support for the C utilities.
- Add capability to import automount files.
- Add basic support for user and group renames (more work is needed).
For now use ipa user-mod --setattr uid=newuser olduser
- Add flag to group-find to only search on private groups.
- Set default python encoding to utf-8. This should resolve a number of
- Show indirect members (of groups, hostgroups, netgroups, etc).
- Remove group nesting from the HBAC service groups.
- Implement nested netgroups.
- Add basic support for kerberos lockout policy. You can control how
many failed attempts are allowed before lockout. What is missing is a
way to unlock a user. This depends on fixes from MIT Kerberos 1.9.
- Correct handling of userCategory and hostCategory in netgroups.
- Updated a lot of man pages.
- dogtag does not work out-of-the-box on Fedora 14. To fix it for for
the time being run:
# ln -s /usr/share/java/xalan-j2-serializer.jar
Freeipa-devel mailing list