summaryrefslogtreecommitdiffstats
path: root/freeipa.spec.in
Commit message (Collapse)AuthorAgeFilesLines
* Implement an IPA Foreman smartproxy serverHEADmasterRob Crittenden2014-02-271-1/+36
| | | | | | | | | | | | | | This currently server supports only host and hostgroup commands for retrieving, adding and deleting entries. The incoming requests are completely unauthenticated and by default requests must be local. Utilize GSS-Proxy to manage the TGT. Configuration information is in the ipa-smartproxy man page. Design: http://www.freeipa.org/page/V3/Smart_Proxy
* Add OTP last token pluginNathaniel McCallum2014-02-211-0/+2
| | | | | | | | | | This plugin prevents the deletion or deactivation of the last valid token for a user. This prevents the user from migrating back to single factor authentication once OTP has been enabled. Thanks to Mark Reynolds for helping me with this patch. Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Update ACIs to permit users to add/delete their own tokensNathaniel McCallum2014-02-131-3/+3
| | | | | | https://fedorahosted.org/freeipa/ticket/4087 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
* Move ipa-otpd socket directoryNathaniel McCallum2014-02-111-1/+1
| | | | | https://fedorahosted.org/freeipa/ticket/4167 Reviewed-By: Martin Kosek <mkosek@redhat.com>
* Remove working directory for bind-dyndb-ldap plugin.Petr Spacek2014-01-271-1/+0
| | | | | | | | | The working directory will be provided directly by bind-dyndb-ldap package. This partially reverts commit 689382dc833e687d30349b10a8fd7dc740d54d08. https://fedorahosted.org/freeipa/ticket/3967
* Limit memberOf and refInt DS plugins to main IPA suffix.Petr Spacek2014-01-271-3/+3
| | | | | | This drastically improves performance of retro changelog trimming. https://fedorahosted.org/freeipa/ticket/3967
* Fix ntpd config on clients.Jan Cholasta2014-01-241-0/+10
| | | | https://fedorahosted.org/freeipa/ticket/4094
* Use only system fontsPetr Vobornik2014-01-211-4/+3
| | | | | | | | | | | | | | | | This commit changes how fonts are used. - remove usage of bundled fonts and only system fonts are used instead - by using alias in httpd conf - by using local("Font Name") directive in font-face - removed usage of overpass font - redefined Open Sans font-face declarations. Note: upstream is doing the same change so we will be fine on upgrade. - introduce variable.less for variable definitions and overrides. This file will be very useful when we upgrade to newer RCUE so we will be able to redefine their and bootstrap's variables. Fixes: https://fedorahosted.org/freeipa/ticket/2861
* Use RCUE fontsPetr Vobornik2014-01-211-4/+4
| | | | https://fedorahosted.org/freeipa/ticket/3902
* RCUE initial commitPetr Vobornik2014-01-211-0/+2
| | | | https://fedorahosted.org/freeipa/ticket/3902
* Enable Retro Changelog and Content Synchronization DS pluginsAna Krivokapic2014-01-141-0/+1
| | | | | | | | | Enable Retro Changelog and Content Synchronization DS plugins which are required for SyncRepl support. Create a working directory /var/named/ipa required by bind-dyndb-ldap v4+. https://fedorahosted.org/freeipa/ticket/3967
* Increase Java stack size on s390 platformsMartin Kosek2014-01-031-2/+2
| | | | | | As reported in https://bugzilla.redhat.com/show_bug.cgi?id=1040576, the default stack trace needs to be also increased on s390 platforms to prevent rhino segfault.
* Use /usr/bin/python2Xiao-Long Chen2014-01-031-2/+2
| | | | | | | | | | | | Part of the effort to port FreeIPA to Arch Linux, where Python 3 is the default. FreeIPA hasn't been ported to Python 3, so the code must be modified to run /usr/bin/python2 https://fedorahosted.org/freeipa/ticket/3438 Updated by pviktori@redhat.com
* Add OTP support to ipalib CLINathaniel McCallum2013-12-181-0/+2
| | | | https://fedorahosted.org/freeipa/ticket/3368
* Increase Java stack size on PPC platformsMartin Kosek2013-12-131-0/+4
| | | | | | Wit the default stack size, rhino segfaulted on PPC platforms. https://bugzilla.redhat.com/show_bug.cgi?id=1040576
* Remove CFLAGS duplication.Jan Cholasta2013-12-061-1/+0
| | | | https://fedorahosted.org/freeipa/ticket/3896
* Include LDFLAGS provided by rpmbuild in global LDFLAGS in the spec file.Jan Cholasta2013-12-061-0/+1
| | | | | | Remove explicitly specified hardening flags from LDFLAGS in ipa-otpd. https://fedorahosted.org/freeipa/ticket/3896
* Prefer user CFLAGS/CPPFLAGS over those provided by rpmbuild in the spec file.Jan Cholasta2013-12-061-2/+2
| | | | https://fedorahosted.org/freeipa/ticket/3896
* Own /usr/share/ipa/ui/js/ in the spec file.Jan Cholasta2013-12-021-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/4010
* Use hardening flags for ipa-optd.Jan Cholasta2013-12-021-0/+4
| | | | https://fedorahosted.org/freeipa/ticket/4010
* Remove changelog from the specPetr Viktorin2013-11-261-732/+3
| | | | | | | | The project's history is kept in Git. We used the spec changelog for changes to the spec itself, which doesn't make much sense. Downstreams like Fedora use their own changelog anyway. A single entry is left for tools that expect a changelog.
* Remove mod_ssl port workaround.Jan Cholasta2013-11-261-2/+6
| | | | https://fedorahosted.org/freeipa/ticket/4021
* platform: Add Fedora 19 platform fileTomas Babej2013-11-201-0/+13
| | | | Part of: https://fedorahosted.org/freeipa/ticket/3504
* Removed old firefox configuration scriptsMartin Basti2013-11-151-3/+0
| | | | Part of ticket https://fedorahosted.org/freeipa/ticket/3821
* Fix date in last changelog entryPetr Viktorin2013-10-251-1/+1
|
* Remove mod_ssl conflictMartin Kosek2013-10-251-5/+4
| | | | | | | | | | | Since mod_nss-1.0.8-24, mod_nss and mod_ssl can co-exist on one machine (of course, when listening to different ports). To make sure that mod_ssl is not configured to listen on 443 (default mod_ssl configuration), add a check to the installer checking of either mod_nss or mod_ssl was configured to listen on that port. https://fedorahosted.org/freeipa/ticket/3974
* Require new SSSD to pull required AD subdomain fixesMartin Kosek2013-10-041-1/+1
|
* Move tests to test directoriesPetr Viktorin2013-09-251-1/+1
| | | | | | | | Nose doesn't pick up directories that don't begin with 'test'. Rename ipatests/test_ipaserver/install to test_install so that it's run. Also, merge test_ipautil.py from ipapython/test into tests/test_ipapython, so the whole test suite is in one place.
* Follow tmpfiles.d packaging guidelinesAna Krivokapic2013-09-161-3/+6
| | | | https://fedorahosted.org/freeipa/ticket/3881
* Add man pages for testing toolsPetr Viktorin2013-08-291-0/+6
| | | | | | Add man pages for ipa-run-tests, ipa-test-task, and ipa-test-config. https://fedorahosted.org/freeipa/ticket/3855 (part 5)
* Allow freeipa-tests to work with older paramiko versionsPetr Viktorin2013-08-131-1/+4
| | | | | | The integration testing framework used Paramiko SFTP files as context managers. This feature is only available in Paramiko 1.10+. Use an explicit context manager so that we don't rely on the feature.
* Fix selected minor issues in the spec file and licenseMartin Kosek2013-08-131-4/+5
| | | | | | | | | | | | This patch fixes: - too long description for server-trust-ad subpackage - adds (noreplace) flag %{_sysconfdir}/tmpfiles.d/ipa.conf to avoid overwriting potential user changes - changes permissions on default_encoding_utf8.so to prevent it pollute python subpackage Provides. - wrong address in GPL v2 license preamble in 2 distributed files https://fedorahosted.org/freeipa/ticket/3855
* Remove rpmlint warnings in spec fileMartin Kosek2013-08-131-23/+23
| | | | | | | | | Specifically: - combination of spaces and tabs in one line - using macros in comments - using "egrep" instead of "grep -E" https://fedorahosted.org/freeipa/ticket/3855
* Remove support for IPA deployments with no persistent searchTomas Babej2013-08-091-1/+1
| | | | | | | | | Drops the code from ipa-server-install, ipa-dns-install and the BindInstance itself. Also changed ipa-upgradeconfig script so that it does not set zone_refresh to 0 on upgrades, as the option is deprecated. https://fedorahosted.org/freeipa/ticket/3632
* Add requires for slapi-nis and SSSDMartin Kosek2013-08-081-2/+6
| | | | | Require slapi-nis 0.47.7 and sssd 1.11.0-0.1.beta2 required for core features of 3.3.0 release.
* Add ipa-advise plugins for legacy clientsAna Krivokapic2013-08-071-0/+3
| | | | | | | | | | | | | | | | | Old versions of SSSD do not directly support cross-realm trusts between IPA and AD. This patch introduces plugins for the ipa-advise tool, which should help with configuring an old version of SSSD (1.5-1.8) to gain access to resources in trusted domain. Since the configuration steps differ depending on whether the platform includes the authconfig tool, two plugins are needed: * config-redhat-sssd-before-1-9 - provides configuration for Red Hat based systems, as these system include the autconfig utility * config-generic-sssd-before-1-9 - provides configuration for other platforms https://fedorahosted.org/freeipa/ticket/3671 https://fedorahosted.org/freeipa/ticket/3672
* Free NSS objects in --external-ca scenarioMartin Kosek2013-07-261-1/+4
| | | | | | | | | | In external CA installation, ipa-server-install leaked NSS objects which caused an installation crash later when a subsequent call of NSSConnection tried to free them. Properly freeing the NSS objects avoid this crash. https://fedorahosted.org/freeipa/ticket/3773
* Add tar and xz dependencies to the freeipa-tests packagePetr Viktorin2013-07-251-0/+5
| | | | | The beakerLib plugin collects log files via compressed tarballs, so these dependencies are needed
* Add the ipa-test-task toolPetr Viktorin2013-07-251-0/+1
| | | | | | | This script makes common testing tasks such as IPA installation and uninstallation available outside of Python. https://fedorahosted.org/freeipa/ticket/3721
* Move requirement for keyutils to freeipa-python packageTomas Babej2013-07-241-1/+4
| | | | | | | | | | There was already a dependency in server package, however, the correct place for such dependency is in freeipa-python, since the relevant code using keyutils resides there. Both freeipa-server and freeipa-client require freeipa-python. https://fedorahosted.org/freeipa/ticket/3808
* Bump minimum SSSD versionMartin Kosek2013-07-241-1/+5
| | | | Pick up latest SSSD 1.11 Beta development
* Use libunistring ulc_casecmp() on unicode stringsNathaniel McCallum2013-07-181-0/+1
| | | | https://fedorahosted.org/freeipa/ticket/3772
* Bump version of sssd in spec fileAna Krivokapic2013-07-181-1/+4
| | | | https://fedorahosted.org/freeipa/ticket/3652
* Require new selinux-policy replacing old server-selinux subpackageMartin Kosek2013-07-171-1/+5
| | | | | | | | | | Features of the new policy: - labels /var/lib/ipa/pki-ca/publish as pki_tomcat_cert_t which is writeable by PKI and readable by HTTPD - contains Conflicts with old freeipa-server-selinux package to avoid SELinux upgrade issues https://fedorahosted.org/freeipa/ticket/3788
* Provide ipa-advise toolTomas Babej2013-07-171-0/+4
| | | | | | | | | | | | | | Provides a pluggable framework for generating configuration scriptlets and instructions for various machine setups and use cases. Creates a new ipa-advise command, available to root user on the IPA server. Also provides an example configuration plugin, config-fedora-authconfig. https://fedorahosted.org/freeipa/ticket/3670
* Upstream Web UI testsPetr Vobornik2013-07-161-0/+1
| | | | | | Documentation: http://www.freeipa.org/page/Web_UI_Integration_Tests https://fedorahosted.org/freeipa/ticket/3744
* Change group ownership of CRL publish directoryTomas Babej2013-07-161-2/+4
| | | | | | | | | | | Spec file modified so that /var/lib/ipa/pki-ca/publish/ is no longer owned by created with package installation. The directory is rather created/removed with the CA instance itself. This ensures proper creation/removeal, group ownership and SELinux context. https://fedorahosted.org/freeipa/ticket/3727
* Add a framework for integration testingPetr Viktorin2013-07-151-0/+1
| | | | | | | | | | | | Add methods to run commands and copy files to Host objects. Adds a base class for integration tests which can currently install and uninstall IPA in a "star" topology with per-test specified number of hosts. A simple test for user replication between two masters is provided. Log files from the remote hosts can be marked for collection, but the actual collection is left to a Nose plugin. Part of the work for: https://fedorahosted.org/freeipa/ticket/3621
* Add a framework for integration test configurationPetr Viktorin2013-07-151-0/+1
| | | | | | | | | | | Integration tests are configured via environment variables. Add a framework for parsing these variables and storing them in easy-to-use objects. Add an `ipa-test-config` executable that loads the configuration and prints out variables needed in shell scripts. Part of the work for https://fedorahosted.org/freeipa/ticket/3621
* Run server upgrade and restart in posttransMartin Kosek2013-07-111-9/+16
| | | | | | | Running server upgrade or restart in %post or %postun may cause issues when there are still parts of old FreeIPA software (like entitlements plugin). https://fedorahosted.org/freeipa/ticket/3739
generated by cgit (git 2.34.1) at 2024-04-30 13:20:35 +0000