The FreeIPA Project (http://freeipa.org) is proud to present FreeIPA
FreeIPA is an integrated security information management solution
combining Linux (Fedora), 389 Directory Server, MIT Kerberos and NTP.
FreeIPA binds together a number of technologies and adds a web interface
and command-line administration tools.
Features of FreeIPA v2.0 include:
* Centralized authentication via Kerberos or LDAP
* Identity management for users, groups, hosts and services
* Pluggable and extensible framework for UI/CLI
* Rich CLI
* Web-based User Interface
* Server X.509 v3 certificate provisioning capabilities
* Managing host identities including grouping hosts
* Defining host-based access control rules that will be enforced
on the client side by the IPA back end for SSSD 
* Serving netgroups based on user and host objects stored in IPA
* Serving sets of automount maps to different clients
* Finer-grained management delegation
* Group-based password policies
* Centrally-managed SUDO
* Automatic management of private groups
* Compatibility with broad set of clients
* Painless password migration
* Optional integrated DNS server managed by IPA
* Optional integrated Certificate Authority to manage server
certificates managed by IPA
* Can act as NIS server for legacy systems
* Supports multi-server deployment based on the multi-master replication
* User and group replication with MS Active Directory
We encourage users and developers to start testing and deploying FreeIPA
in their environments. A very simple installation procedure is provided
and is part of the effort of making these complex technologies simple to
use and friendly to administrators. We encourage people to experiment
and evaluate the current release, we welcome feedback on the overall
experience and bug reports .
We also would like to encourage interested users and developers to join
our mailing list and discuss features and development directions .
The complete source code is available for download here:
See our git repository at http://git.fedorahosted.org/git/freeipa.git/
for a complete changelog.
FreeIPA 2.0 is available in Fedora 15, see Known Issues below. You will
need to enable the updates-testing repository, e.g.
# yum install freeipa-server --enablerepo=updates-testing
The FreeIPA Project Team.
 https://bugzilla.redhat.com/enter_bug.cgi?product=Fedora (component
* The latest tomcat6 package has not been pushed to updates-testing.
You need tomcat6-6-0.30-5 or higher. The packages can be retrieved from
koji at http://koji.fedoraproject.org/koji/buildinfo?buildID=231410 .
The installation will fail restarting the CA with the current tomcat6
package in Fedora 15.
* If the domain and realm do not match you may need to use the --force
flag with ipa-client-install.
* Dogtag replication is done separately from IPA replication. The
ipa-replica-manage tool does not currently operate on dogtag replication
* The OCSP URL encoded in dogtag certificates is by default the CA
machine that issued the certificate.
Detailed Changlog since FreeIPA v2.0.0 rc3
Adam Young (1):
* pwpolicy priority Priority is now a required field in order to add a
new password policy. Thus, not having the field present means we cannot
Endi S. Dewata (1):
* Removed nested role from UI.
Martin Kosek (2):
* Wait for Directory Server ports to open
* Prevent stacktrace when DNS AAAA record is added
Pavel Zuna (1):
* Update translation file (ipa.pot).
Rob Crittenden (4):
* Always consider domain and server when doing DNS discovery in client.
* Fix SELinux errors caused by enabling TLS on dogtag 389-ds instance.
* Ensure that the system hostname is lower-case.
* Automatically update IPA LDAP on rpm upgrades
Simo Sorce (1):
* Domain to Realm Explicitly use the realm specified on the command
line. Many places were assuming that the domain and realm were the same.
* Fix uninitialized variable.
Freeipa-users mailing list