Hi I cant configure ipa to as dns, please see bottom.
On 03/04/2013 09:09 PM, Pat Riehecky wrote:
Synopsis: Low: ipa security, bug fix and enhancement update Issue Date: 2013-02-21 CVE Numbers: CVE-2012-4546 -- It was found that the current default configuration of IPA servers did not publish correct CRLs (Certificate Revocation Lists). The default configuration specifies that every replica is to generate its own CRL; however, this can result in inconsistencies in the CRL contents provided to clients from different Identity Management replicas. More specifically, if a certificate is revoked on one Identity Management replica, it will not show up on another Identity Management replica. (CVE-2012-4546) -- SL6 x86_64 ipa-client-3.0.0-25.el6.x86_64.rpm ipa-debuginfo-3.0.0-25.el6.x86_64.rpm ipa-python-3.0.0-25.el6.x86_64.rpm ipa-admintools-3.0.0-25.el6.x86_64.rpm ipa-server-3.0.0-25.el6.x86_64.rpm ipa-server-selinux-3.0.0-25.el6.x86_64.rpm ipa-server-trust-ad-3.0.0-25.el6.x86_64.rpm i386 ipa-client-3.0.0-25.el6.i686.rpm ipa-debuginfo-3.0.0-25.el6.i686.rpm ipa-python-3.0.0-25.el6.i686.rpm ipa-admintools-3.0.0-25.el6.i686.rpm ipa-server-3.0.0-25.el6.i686.rpm ipa-server-selinux-3.0.0-25.el6.i686.rpm ipa-server-trust-ad-3.0.0-25.el6.i686.rpm The following packages were added for dependency resolution SL6 x86_64 certmonger-0.61-3.el6.x86_64.rpm mod_nss-1.0.8-18.el6.x86_64.rpm nss-3.14.0.0-12.el6.i686.rpm nss-3.14.0.0-12.el6.x86_64.rpm nss-devel-3.14.0.0-12.el6.i686.rpm nss-devel-3.14.0.0-12.el6.x86_64.rpm nss-pkcs11-devel-3.14.0.0-12.el6.i686.rpm nss-pkcs11-devel-3.14.0.0-12.el6.x86_64.rpm nss-sysinit-3.14.0.0-12.el6.x86_64.rpm nss-tools-3.14.0.0-12.el6.x86_64.rpm nss-util-3.14.0.0-2.el6.i686.rpm nss-util-3.14.0.0-2.el6.x86_64.rpm nss-util-devel-3.14.0.0-2.el6.i686.rpm nss-util-devel-3.14.0.0-2.el6.x86_64.rpm policycoreutils-2.0.83-19.24.el6.x86_64.rpm policycoreutils-gui-2.0.83-19.24.el6.x86_64.rpm policycoreutils-newrole-2.0.83-19.24.el6.x86_64.rpm policycoreutils-python-2.0.83-19.24.el6.x86_64.rpm policycoreutils-sandbox-2.0.83-19.24.el6.x86_64.rpm i386 certmonger-0.61-3.el6.i686.rpm mod_nss-1.0.8-18.el6.i686.rpm nss-3.14.0.0-12.el6.i686.rpm nss-devel-3.14.0.0-12.el6.i686.rpm nss-pkcs11-devel-3.14.0.0-12.el6.i686.rpm nss-sysinit-3.14.0.0-12.el6.i686.rpm nss-tools-3.14.0.0-12.el6.i686.rpm nss-util-3.14.0.0-2.el6.i686.rpm nss-util-devel-3.14.0.0-2.el6.i686.rpm policycoreutils-2.0.83-19.24.el6.i686.rpm policycoreutils-gui-2.0.83-19.24.el6.i686.rpm policycoreutils-newrole-2.0.83-19.24.el6.i686.rpm policycoreutils-python-2.0.83-19.24.el6.i686.rpm policycoreutils-sandbox-2.0.83-19.24.el6.i686.rpm
I think bind-dyndb-ldap-2.3.2 needs to be added to that dependency list. On attempting to configure ipa-server-3.0.0 for dns it complains the bind-dyndb-ldap is not installed. On installing it says it needs 2.3.2 but only 1.1.0-0.9.b1.el6_3.1 is available. It is however available in 6.4 though, where 3.0.0 will happily run more than likely. Although the source packages http://ftp.scientificlinux.org/linux/scientific/6.4/SRPMS/vendor/bind-dyndb-ldap-1.1.0-0.9.b1.el6_3.1.src.rpm is the latest but http://ftp.scientificlinux.org/linux/scientific/6.4/i386/os/Packages/bind-dyndb-ldap-2.3-2.el6.i686.rpm I cant find the src to build it myself. There was mention of a similar problem in the transition from 6.1 to 6.2 at http://listserv.fnal.gov/scripts/wa.exe?A2=ind1201&L=scientific-linux-users&T=0&P=6283 Must I simply wait for 6.4 ? Thanks Sean
- Scientific Linux Development Team
smime.p7s
Description: S/MIME Cryptographic Signature
