summaryrefslogtreecommitdiffstats
path: root/freeipa.spec.in
Commit message (Collapse)AuthorAgeFilesLines
* Allow hashed passwords in DSMartin Kosek2014-07-251-2/+2
| | | | | | | | | Without nsslapd-allow-hashed-passwords being turned on, user password migration fails. https://fedorahosted.org/freeipa/ticket/4450 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Do not require dogtag-pki-server-themeMartin Kosek2014-07-241-1/+0
| | | | | | | | | Theme package is contains resources for PKI web interface. This interface is not needed by FreeIPA as it rather utilizes it's API. As recommended in https://bugzilla.redhat.com/show_bug.cgi?id=1068029#c5, remove this hard dependency. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Update freeipa-server krb5-server dependency to 1.11.5-5Nathaniel McCallum2014-07-221-1/+1
| | | | | | | | Previous versions of libkrb5 can't handle expired passwords inside the FAST tunnel. This breaks the password change UI in FreeIPA. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Prepare spec for 4.0 releaseMartin Kosek2014-07-041-48/+4
| | | | | | | | | | | | - Bump 389-ds-base requires to fix the deref call with new ACIs: https://fedorahosted.org/freeipa/ticket/4389 - Bump bind-dyndb-ldap Conflicts to fetch the DNSSEC capability - Bump selinux-policy to fix the CRL retrieval: https://fedorahosted.org/freeipa/ticket/4369 - Remove conditionals for Fedora < 20 as FreeIPA 4.0 is not planned to be released on these platforms. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* test_ipaserver: Add OTP token test data to ipatests packagePetr Viktorin2014-07-041-0/+1
| | | | | | The missing files caused test failures when running tests out of tree. Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Remove python-cherrypy BuildRequiresMartin Kosek2014-07-011-1/+0
| | | | | As FreeIPA Foreman Smartproxy was moved to separate repo, python-cherrypy is no longer required as a build dependency.
* Remove IPA Foreman Smart ProxyRob Crittenden2014-07-011-25/+0
| | | | | | | The code has been moved to its own, separate repository at git://git.fedorahosted.org/git/freeipa-foreman-smartproxy.git Reviewed-By: Martin Kosek <mkosek@redhat.com>
* webui: add sync_otp.htmlPetr Vobornik2014-06-301-0/+1
| | | | | | | | | standalone page for OTP token synchronization. It reuses SyncOTPScreen widget instead of reimplementing the logic as in other standalone pages. https://fedorahosted.org/freeipa/ticket/4218 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: layer for standalone pages which use WebUI frameworkPetr Vobornik2014-06-301-0/+1
| | | | | | | | | | Current compiled Web UI layer (app.js) contains every FreeIPA plugin and not just the UI framework. It's not possible to start just a simple facet. This commit creates a basis for a layer (core.js) which contains only framework code and not entity related code. Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* Add python-yubico to BuildRequiresMartin Kosek2014-06-271-0/+1
| | | | | python-yubico needs to be on a machine to be able to build FreeIPA. Without it, even ./makeapi and ./makeaci fails.
* Add the otptoken-add-yubikey commandNathaniel McCallum2014-06-261-0/+1
| | | | | | | | This command behaves almost exactly like otptoken-add except: 1. The new token data is written directly to a YubiKey 2. The vendor/model/serial fields are populated from the YubiKey Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* ipaplatform: Fix build warningsTomas Babej2014-06-251-5/+1
| | | | | | | | | | The newly created ipaplatform subdirectories base and fedora were mentioned multiple times in the specfile, which produced build warnings. Part of: https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add missing ipa-otptoken-import.1.gz to spec fileAlexander Bokovoy2014-06-251-0/+1
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Fix packaging issue with doubly specified directoriesAlexander Bokovoy2014-06-251-1/+1
| | | | Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Implement OTP token importingNathaniel McCallum2014-06-251-0/+2
| | | | | | | | | | | | | | | | | | | | This patch adds support for importing tokens using RFC 6030 key container files. This includes decryption support. For sysadmin sanity, any tokens which fail to add will be written to the output file for examination. The main use case here is where a small subset of a large set of tokens fails to validate or add. Using the output file, the sysadmin can attempt to recover these specific tokens. This code is implemented as a server-side script. However, it doesn't actually need to run on the server. This was done because importing is an odd fit for the IPA command framework: 1. We need to write an output file. 2. The operation may be long-running (thousands of tokens). 3. Only admins need to perform this task and it only happens infrequently. https://fedorahosted.org/freeipa/ticket/4261 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Fix ipa.service restartMartin Basti2014-06-251-1/+4
| | | | | Ticket: https://fedorahosted.org/freeipa/ticket/4243 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Support requests with SAN in cert-request.Jan Cholasta2014-06-241-1/+1
| | | | | | | | | | For each SAN in a request there must be a matching service entry writable by the requestor. Users can request certificates with SAN only if they have "Request Certificate With SubjectAltName" permission. https://fedorahosted.org/freeipa/ticket/3977 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* ipaplatform: Change makefiles to accomodate for new platform packageTomas Babej2014-06-161-36/+14
| | | | | | https://fedorahosted.org/freeipa/ticket/4052 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Python-kerberos update in freeipa.spec.inMartin Basti2014-06-111-2/+1
| | | | | | | Remove duplicated entry in BuildRequires Minimal version 1.1-14 is required for ipapython Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* webui: activity indicatorsPetr Vobornik2014-06-101-1/+0
| | | | | | | https://fedorahosted.org/freeipa/ticket/4177 https://fedorahosted.org/freeipa/ticket/4255 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: remove remnants of jquery-uiPetr Vobornik2014-06-101-4/+0
| | | | Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: remove login.htmlPetr Vobornik2014-06-101-1/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4281 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* webui: remove logout.htmlPetr Vobornik2014-06-101-1/+0
| | | | | | https://fedorahosted.org/freeipa/ticket/4281 Reviewed-By: Endi Sukma Dewata <edewata@redhat.com>
* ipalib.version: Add VENDOR_VERSIONPetr Viktorin2014-05-271-2/+6
| | | | | | | | | This will allow us to make vendors' lives easier by embedding a vendor tag to installation logs. Part of the work for: https://fedorahosted.org/freeipa/ticket/4219 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Increase Java stack size for Web UI build on aarch64Petr Vobornik2014-05-261-1/+1
| | | | Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Clean up Smartproxy support, drop unused codeRob Crittenden2014-05-131-14/+2
| | | | | | | | | Drop the logrotate file because Apache manages the logs Drop the systemd configuration because we run in Apache Import json_encode_binary from ipalib Fix Requires Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Implement an IPA Foreman smartproxy serverRob Crittenden2014-04-301-1/+42
| | | | | | | | | | | | | | | | | | This currently server supports only host and hostgroup commands for retrieving, adding and deleting entries. The incoming requests are completely unauthenticated and by default requests must be local. Utilize GSS-Proxy to manage the TGT. Configuration information is in the ipa-smartproxy man page. Design: http://www.freeipa.org/page/V3/Smart_Proxy https://fedorahosted.org/freeipa/ticket/4128 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* webui: login screen widgetPetr Vobornik2014-04-151-0/+1
| | | | | | | | | | | | | | | | | | Reimplementation of unauthorized dialog into separate widget. It uses RCUE design. New features compared to unauthorized dialog: - reflects auth methods from `auth` module - validation summary - differentiates Kerberos auth failure with session expiration - Caps Lock warning - form based method doesn't allow password only submission https://fedorahosted.org/freeipa/ticket/4017 https://fedorahosted.org/freeipa/ticket/3903 Reviewed-By: Adam Misnyovszki <amisnyov@redhat.com>
* freeipa.spec.in: update dependencies to 389-ds and selinux-policyAlexander Bokovoy2014-04-041-3/+3
| | | | | | | | | | | | | 389-ds-base 1.3.2.16 implements reordering of sub-plugins based on the ordering of the main plugin. We need it to make OTP working over compat tree. selinux-polic 3.12.1-135 fixes issues which prevented httpd to work with kernel keyring-based credentials caches. This change is Fedora 20+. Reviewed-By: Nathaniel McCallum <npmccallum@redhat.com>
* Add requires for pki-core-10.1.1-1.fc20Martin Kosek2014-03-281-1/+1
| | | | | | Fixes PKI installation errors on Fedora 20. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Add missing dependencies to freeipa-python packageMartin Kosek2014-03-261-1/+2
| | | | | | | | | python-pyasn1 and python-qrcode were imported by ipalib but not required by python subpackage. https://fedorahosted.org/freeipa/ticket/4275 Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Remove dogtag-ipa-retrieve-agent-submit.Jan Cholasta2014-03-251-1/+0
| | | | Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add new certmonger CA helper dogtag-ipa-ca-renew-agent.Jan Cholasta2014-03-251-0/+1
| | | | | | The helper will be used to handle CA-related certificate renewal requests. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Use certmonger D-Bus API to configure certmonger in CA install.Jan Cholasta2014-03-251-1/+1
| | | | | | Before, certmonger was configured by modifying its internal database directly. Reviewed-By: Petr Viktorin <pviktori@redhat.com>
* Add missing dependencyNalin Dahyabhai2014-03-141-0/+1
| | | | | | | We use Java classes which are bundled with rhino when uglifying Javascript sources at build-time, so we need rhino at build-time. Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
* Add OTP last token pluginNathaniel McCallum2014-02-211-0/+2
| | | | | | | | | | This plugin prevents the deletion or deactivation of the last valid token for a user. This prevents the user from migrating back to single factor authentication once OTP has been enabled. Thanks to Mark Reynolds for helping me with this patch. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Update ACIs to permit users to add/delete their own tokensNathaniel McCallum2014-02-131-3/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4087 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Move ipa-otpd socket directoryNathaniel McCallum2014-02-111-1/+1
| | | | | https://fedorahosted.org/freeipa/ticket/4167 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Remove working directory for bind-dyndb-ldap plugin.Petr Spacek2014-01-271-1/+0
| | | | | | | | | The working directory will be provided directly by bind-dyndb-ldap package. This partially reverts commit 689382dc833e687d30349b10a8fd7dc740d54d08. https://fedorahosted.org/freeipa/ticket/3967
* Limit memberOf and refInt DS plugins to main IPA suffix.Petr Spacek2014-01-271-3/+3
| | | | | | This drastically improves performance of retro changelog trimming. https://fedorahosted.org/freeipa/ticket/3967
* Fix ntpd config on clients.Jan Cholasta2014-01-241-0/+10
| | | | https://fedorahosted.org/freeipa/ticket/4094
* Use only system fontsPetr Vobornik2014-01-211-4/+3
| | | | | | | | | | | | | | | | This commit changes how fonts are used. - remove usage of bundled fonts and only system fonts are used instead - by using alias in httpd conf - by using local("Font Name") directive in font-face - removed usage of overpass font - redefined Open Sans font-face declarations. Note: upstream is doing the same change so we will be fine on upgrade. - introduce variable.less for variable definitions and overrides. This file will be very useful when we upgrade to newer RCUE so we will be able to redefine their and bootstrap's variables. Fixes: https://fedorahosted.org/freeipa/ticket/2861
* Use RCUE fontsPetr Vobornik2014-01-211-4/+4
| | | | https://fedorahosted.org/freeipa/ticket/3902
* RCUE initial commitPetr Vobornik2014-01-211-0/+2
| | | | https://fedorahosted.org/freeipa/ticket/3902
* Enable Retro Changelog and Content Synchronization DS pluginsAna Krivokapic2014-01-141-0/+1
| | | | | | | | | Enable Retro Changelog and Content Synchronization DS plugins which are required for SyncRepl support. Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+. https://fedorahosted.org/freeipa/ticket/3967
* Increase Java stack size on s390 platformsMartin Kosek2014-01-031-2/+2
| | | | | | As reported in https://bugzilla.redhat.com/show_bug.cgi?id=1040576, the default stack trace needs to be also increased on s390 platforms to prevent rhino segfault.
* Use /usr/bin/python2Xiao-Long Chen2014-01-031-2/+2
| | | | | | | | | | | | Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com
* Add OTP support to ipalib CLINathaniel McCallum2013-12-181-0/+2
| | | | https://fedorahosted.org/freeipa/ticket/3368
* Increase Java stack size on PPC platformsMartin Kosek2013-12-131-0/+4
| | | | | | Wit the default stack size, rhino segfaulted on PPC platforms. https://bugzilla.redhat.com/show_bug.cgi?id=1040576
* Remove CFLAGS duplication.Jan Cholasta2013-12-061-1/+0
| | | | https://fedorahosted.org/freeipa/ticket/3896
generated by cgit (git 2.34.1) at 2024-05-01 11:07:33 +0000