freeipa.git/ipaserver/install, branch systemd-master

Spin for connection success also when socket is not (yet) available

2011-10-24T12:23:11+00:00

We were spinning for socket connection if attempt to connect returned errno 111
(connection refused). However, it is not enough for local AF_UNIX sockets as
heavy applications might not be able to start yet and therefore the whole path
might be missing. So spin for errno 2 (no such file or directory) as well.

Partial fix for
  https://fedorahosted.org/freeipa/ticket/1990

Add support for systemd environments and use it to support Fedora 16

2011-10-24T12:23:11+00:00

https://fedorahosted.org/freeipa/ticket/1192

Check /etc/hosts file in ipa-server-install

2011-10-13T04:54:45+00:00

There may already be a record in /etc/hosts for chosen IP address
which may not be detected under some circumstances. Make sure
that /etc/hosts is checked properly.

https://fedorahosted.org/freeipa/ticket/1923

Hostname used by IPA must be a system hostname

2011-10-13T04:54:41+00:00

Make sure that the hostname IPA uses is a system hostname. If user
passes a non-system hostname, update the network settings and
system hostname in the same way that ipa-client-install does.

This step should prevent various services failures which may not
be ready to talk to IPA with non-system hostname.

https://fedorahosted.org/freeipa/ticket/1931

Check hostname resolution sanity

2011-10-13T04:54:37+00:00

Always check (even with --setup-dns or --no-host-dns) that if the
host name or ip address resolves, it resolves to sane value. Otherwise
report an error. Misconfigured /etc/hosts causing these errors could
harm the installation later.

https://fedorahosted.org/freeipa/ticket/1923

Don't leak passwords through kdb5_ldap_util command line arguments.

2011-10-12T01:25:17+00:00

ticket 1948

Write KRB5REALM to /etc/sysconfig/krb5kdc and make use of common backup_config_and_replace_variables() tool

2011-10-11T22:21:48+00:00

systemd service unit for krb5kdc in Fedora 16 uses KRB5REALM variable of
/etc/sysconfig/krb5kdc to start krb5kdc for the default realm. Thus, we
need to make sure it is always existing and pointing to our realm.

Partial fix for:
   https://fedorahosted.org/freeipa/ticket/1192

Fix DNS permissions and membership in privileges

2011-10-10T03:44:22+00:00

This resolves two issues:

1. The DNS acis lacked a prefix so weren't tied to permissions
2. The permissions were added before the privileges so the member
   values weren't calculated properly

For updates we need to add in the members and recalculate memberof via
a DS task.

https://fedorahosted.org/freeipa/ticket/1898

Make mod_nss renegotiation configuration a public function

2011-10-10T03:32:55+00:00

Improve ipa-replica-prepare DNS check

2011-10-06T09:27:50+00:00

Currently, verify_fqdn() function raises RuntimeError for every
problem with the hostname. This makes it difficult for tools
like ipa-replica-prepare to behave differently for a subset of
raised errors (for example to be able to create a DNS record for
new replica when verify_fqdn() reports a lookup error).

Implement own exceptions for verify_fqdn() that they can be safely
used to distinguish the error type.

https://fedorahosted.org/freeipa/ticket/1899