On 03/05/2012 05:28 PM, Rob Crittenden wrote: > The FreeIPA team is proud to announce version 2.1.90 beta 1. This will > eventually become FreeIPA v2.2.0. > > It can be downloaded from http://www.freeipa.org/Downloads or from our > development repo (http://freeipa.org/downloads/freeipa-devel.repo). > Fedora 16 and 17 builds are available. >
It is actually http://www.freeipa.org/page/Downloads. > Builds for Fedora 15 are no longer being provided. Packages that > FreeIPA requires are not available in Fedora 15. > > == Highlights in 2.1.90 beta 1 == > > * Forms-based login. If Kerberos negotiate authentication fails you > have the option of logging in using a form using username and > password. Or you can go directly to /ipa/ui/login.html if you do not > have/cannot get a Kerberos ticket. This is the preferred alternative > login mechanism over enabling KrbMethodK5Passwd. > * Logout from the UI > * Support for SSH known-hosts with sssd 1.8.0. This will create a > known-hosts file dynamically based on information stored in IPA. > * DNS forwarders now configurable via IPA > * Configurable by DNS zone: query policy, transfer policy, forward > policy and forward and reverse synchronization. > * More consistent hostname validation > * Recommendation that the compat plugin be disabled during migration > (unnecessary overhead) > * On new installations the default users group, ipausers, is now > non-POSIX > > == Upgrading == > > We tested upgrades from 2.1.4 successfully but this is beta code. We > do not recommend upgrading a production server. > > Installing updated rpms is all that is required to upgrade from 2.1.4. > > It is unlikely that downgrading to a previous release once 2.1.90 is > installed will work. > > Upgrading directly from the alpha may work but is untested. > > == Feedback == > > Please provide comments, bugs and other feedback via the freeipa-devel > mailing list: http://www.redhat.com/mailman/listinfo/freeipa-devel > > == Detailed Changelog since 2.1.90 beta 1 == > > Jan Cholasta (1): > * Configure SSH features of SSSD in ipa-client-install. > > John Dennis (8): > * update translation pot file and PY_EXPLICIT_FILES list > * update po files > * created Transifex resource, adjust tx config file to point to it. > * Tweak the session auth to reflect developer consensus. > * Implement session activity timeout > * Implement password based session login > * Log a message when returning non-success HTTP result > > Martin Kosek (21): > * Ease zonemgr restrictions > * Update schema for bind-dyndb-ldap > * Global DNS options > * Query and transfer ACLs for DNS zones > * Add DNS conditional forwarding > * Add API for PTR sync control > * Add gidnumber minvalue > * Add reverse DNS record when forward is created > * Sanitize UDP checks in conncheck > * Add client hostname requirements to man page > * Add SSHFP update policy for existing zones > * Improve dns error message > * Improve dnsrecord-add interactive mode > * Improve hostname and domain name validation > * Improve FQDN handling in DNS and host plugins > * Improve hostname verification in install tools > * Fix typos in ipa-replica-manage man page > * Remove memberPrincipal for deleted replicas > * Fix encoding for setattr/addattr/delattr > * Add help for new structured DNS framework > * Improve dnsrecord interactive help > > Ondrej Hamada (3): > * Validate attributes in permission-add > * Migration warning when compat enabled > * ipa-client-install not calling authconfig > > Petr Viktorin (6): > * Make ipausers a non-posix group on new installs > * Add extra checking function to XMLRPC test framework > * Add common helper for interactive prompts > * Make sure the nolog argument to ipautil.run is not a bare string > * Use stricter semantics when checking IP address for DNS records > * Use stricter semantics when checking IP address for DNS records > * Use reboot from /sbin > > Petr VobornÃk (18): > * Fixed content type check in login_password > * Improved usability of login dialog > * Removed CSV creation from UI > * Fixed problem when attributes_widget was displaying empty option > * Added missing configuration options > * Static metadata update - new DNS options > * New checkboxes option: Mutual exclusive > * DNS Zone UI: added new attributes > * DNS UI: added A,AAAA create reverse options to adder dialog > * Fixed displaying of A6 Record > * New UI for DNS global configuration > * Multiple fields for one attribute > * Added attrs to permission when target is group or filter > * Moved is_empty method from field to IPA object > * Making validators to return true result if empty > * Fixed DNS record add handling of 4304 error > * Added unsupported_validator > * Fixed redirection in Add and edit in automember hostgroup. > * Fixed selection of single value in combobox > * Added logout button > * Forms based authentication UI > > Rob Crittenden (37): > * Limit the change password permission so it can't change admin > passwords > * Don't allow "Modify Group membership" permission to manage admins > * Add the -v option to sslget to provide more verbose errors > * Make sure memberof is in replication attribute exclusion list. > * Don't check for schema uniqueness when comparing in ldapupdate. > * Add Conflicts on mod_ssl because it interferes with mod_proxy and > dogtag > * Don't allow IPA master hosts or important services be deleted. > * Catch public exceptions when creating the LDAP context in WSGI. > * Don't consider virtual attributes when validating custom objectclasses > * Add Requires to ipa-client on oddjob-mkhomedir > * Fix managing winsync replication agreements with ipa-replica-manage > * Check for duplicate winsync agreement before trying to set one up. > * Remove unused kpasswd.keytab and ldappwd files if they exist. > * Make sure 389-ds is running when adding memcache service in upgrade. > * Don't run restorecon if SELinux is disabled or not present. > * Limit allowed characters in a netgroup name to alpha, digit, -, _ > and . > * Don't call memberof task when re-initializing a replica. > * Fix bad merge of not calling memberof task when re-initializing a > replica > * Add support defaultNamingContext and add --basedn to migrate-ds > * Fix nested netgroups in NIS. > * Warn that deleting replica is irreversible, try to detect > reconnection. > * Don't set migrated user's GID to that of default users group. > * Don't delete system users that are added during installation. > * Only apply validation rules when adding and updating. > * subclass HTTP_Status from plugable.Plugin, fix not_found tests > * Make hostnames adhere to new standards in HBAC tests > * Fix WSGI error handling > * Add status command to retrieve user lockout status > * Add support for sudoOrder > * Make hostnames adhere to new standards in hbactest plugin tests > * Fix API.txt and VERSION to reflect new sudoOrder option. > * Add --noac option to ipa-client-install man page > * Do kinit in client before connecting to backend > * Only warn if ipa-getkeytab doesn't get all requested enctypes. > * Fix NSS no_init in the NSSHTTPS class > > Simo Sorce (4): > * ipa-kdb: Fix ACL evaluator > * policy: add function to check lockout policy > * ipa-kdb: fix delegation acl check > * Fix ticket checks when using either s4u2proxy or a delegated krbtgt > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users