To all freeipa-interest, freeipa-users and freeipa-devel list members,

The FreeIPA project team is pleased to announce the availability of the Alpha 5 release of freeIPA 2.0 server [1]. Binaries are available for F-12, F-13 and F-14.

This alpha is a bug fix release over the previous alpha and includes a completely re-written UI.

Please do not hesitate to share feedback, criticism or bugs with us on our mailing list:

The changes in this release include:

- Dropped our PKCS#10 parser to use the one provided by python-nss
- Started enforcing that hosts must be resolvable before adding them (use --force if you really want to add them).
- Provide a reason when adding members to a group fails.
- Allow de-coupling of user private groups (group-detach).
- Support for ipa tool failover.
- Hosts are allowed to retrieve keytabs for their services.
- More configurable logging, see
- Add support for ldap:///self aci rules
- Use global time and size limit values when searching.
- Don't include passwords in log files.
- Work on F-14
- Make ipactl a lot smarter and add a man page for it.
- Have certmonger track the IPA service certificates.
- Initial support for SUDO. You can create the objects but the client-side is not done yet. - The delete commands now take multiple arguments: ipa user-del user1 user2 user3 ... usern - Remove reliance on 'admin' as a special user. All access control now granted via groups.
- Groups are now created as POSIX by default.
- Add options to control NTLM hashes. By default LM hash is disabled.
- Remove the correct password from the history. We were mistakenly removing the latest password from the history instead of the oldest.
- Rename user-lock and user-unlock to user-enable user-disable.
- The ipa command should return non-zero when something fails.
- Add gettext support for the C utilities.
- Add capability to import automount files.
- Add basic support for user and group renames (more work is needed). For now use ipa user-mod --setattr uid=newuser olduser
- Add flag to group-find to only search on private groups.
- Set default python encoding to utf-8. This should resolve a number of i18n problems.
- Show indirect members (of groups, hostgroups, netgroups, etc).
- Remove group nesting from the HBAC service groups.
- Implement nested netgroups.
- Add basic support for kerberos lockout policy. You can control how many failed attempts are allowed before lockout. What is missing is a way to unlock a user. This depends on fixes from MIT Kerberos 1.9.
- Correct handling of userCategory and hostCategory in netgroups.
- Updated a lot of man pages.

Known issues:
- dogtag does not work out-of-the-box on Fedora 14. To fix it for for the time being run:

# ln -s /usr/share/java/xalan-j2-serializer.jar /usr/share/tomcat5/common/lib/xalan-j2-serializer.jar



Freeipa-devel mailing list

Reply via email to