freeipa.git/VERSION, branch master_keytab FreeIPA patches Disable User's ability to use the setkeytab exop. 2015-12-11T20:20:52+00:00 Simo Sorce simo@redhat.com 2015-11-24T19:02:01+00:00 49b1d167ec3a39328630a8febd247ce48f2d8dce Users can still obtain a keytab for themselves using the getkeytab exop which does not circumvent password policy checks. Users are disallowed from using setkeytab by default in new installations but not in existing installations (no forced upgrade). Signed-off-by: Simo Sorce <simo@redhat.com> Ticket: https://fedorahosted.org/freeipa/ticket/5485 
Users can still obtain a keytab for themselves using the getkeytab exop
which does not circumvent password policy checks.

Users are disallowed from using setkeytab by default in new installations
but not in existing installations (no forced upgrade).

Signed-off-by: Simo Sorce <simo@redhat.com>

Ticket: https://fedorahosted.org/freeipa/ticket/5485
topologysuffix: change iparepltopoconfroot API properties 2015-12-03T11:41:07+00:00 Petr Vobornik pvoborni@redhat.com 2015-12-01T12:02:18+00:00 581f5432bff7df909c1d7d7b8a55c5c81282afc0 Change CLI option, label and type to reflect that it is a only a DN of the suffix. Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Change CLI option, label and type to reflect that it is a only a DN
of the suffix.

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
server: use topologysuffix name in iparepltopomanagedsuffix 2015-12-01T08:30:21+00:00 Jan Cholasta jcholast@redhat.com 2015-11-30T09:25:01+00:00 46ae52569a179f73b1445922f7bac993d598c953 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
topology: treat server suffix as multivalued attribute in API 2015-11-27T14:56:59+00:00 Petr Vobornik pvoborni@redhat.com 2015-10-29T18:01:09+00:00 c688954c27c219cb18aff968fc1f510afff93981 Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> 
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Allow multiple managers per user - CLI part 2015-11-20T14:35:14+00:00 Martin Basti mbasti@redhat.com 2015-11-05T16:11:23+00:00 457c9746709042e6f4f8f37a85ca8ad562962405 Added commands: * user-add-manager * user-remove-manager * stageuser-add-manager * stageuser-remove-manager Commit contains override of convert_attribute_members method in baseuser class that ensures the managers will be returned in 'manager' attribute due to backward compatibility instead of 'manager_user' as would be expected. https://fedorahosted.org/freeipa/ticket/5344 This patch also fixes: https://fedorahosted.org/freeipa/ticket/5387 Reviewed-By: David Kupka <dkupka@redhat.com> Reviewed-By: Jan Cholasta <jcholast@redhat.com> 
Added commands:
* user-add-manager
* user-remove-manager
* stageuser-add-manager
* stageuser-remove-manager

Commit contains override of convert_attribute_members method in baseuser
class that ensures the managers will be returned in 'manager' attribute
due to backward compatibility instead of 'manager_user' as would be
expected.

https://fedorahosted.org/freeipa/ticket/5344

This patch also fixes: https://fedorahosted.org/freeipa/ticket/5387

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
do not ask for segment direction when running topology commands 2015-10-20T13:32:47+00:00 Martin Babinsky mbabinsk@redhat.com 2015-10-12T15:49:50+00:00 e0d9a1b47ce6144d57345744d895b63e5b0ea413 https://fedorahosted.org/freeipa/ticket/5222 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5222

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
vault: add vault container commands 2015-09-17T12:55:54+00:00 Petr Vobornik pvoborni@redhat.com 2015-08-25T17:56:00+00:00 d396913e9c0578fa68847b84e44a4f0dd916fbfd adds commands: * vaultcontainer-show [--service <service>|--user <user>|--shared ] * vaultcontainer-del [--service <service>|--user <user>|--shared ] * vaultcontainer-add-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] * vaultcontainer-remove-owner [--service <service>|--user <user>|--shared ] [--users <users>] [--groups <groups>] [--services <services>] https://fedorahosted.org/freeipa/ticket/5250 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
adds commands:
* vaultcontainer-show [--service <service>|--user <user>|--shared ]
* vaultcontainer-del [--service <service>|--user <user>|--shared ]
* vaultcontainer-add-owner
     [--service <service>|--user <user>|--shared ]
     [--users <users>]  [--groups <groups>] [--services <services>]
* vaultcontainer-remove-owner
     [--service <service>|--user <user>|--shared ]
     [--users <users>]  [--groups <groups>] [--services <services>]

https://fedorahosted.org/freeipa/ticket/5250

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
certprofile: remove 'rename' option 2015-09-02T11:47:48+00:00 Fraser Tweedale ftweedal@redhat.com 2015-09-02T01:04:34+00:00 86cd47af0245a216324900be39be1a145bf0741b The initial fix of ticket 5247 rejected renames, but left the option behind for API compatibility. Remove the option now, according to the consensus that because it never worked, it is fine to remove it. Fixes: https://fedorahosted.org/freeipa/ticket/5247 Reviewed-By: Petr Vobornik <pvoborni@redhat.com> 
The initial fix of ticket 5247 rejected renames, but left the option
behind for API compatibility.  Remove the option now, according to
the consensus that because it never worked, it is fine to remove it.

Fixes: https://fedorahosted.org/freeipa/ticket/5247
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
vault: change default vault type to symmetric 2015-08-26T08:56:28+00:00 Petr Vobornik pvoborni@redhat.com 2015-08-25T16:25:50+00:00 19dd2ed758210e859a5b0085de558cf13ba09104 https://fedorahosted.org/freeipa/ticket/5251 Reviewed-By: Martin Basti <mbasti@redhat.com> 
https://fedorahosted.org/freeipa/ticket/5251

Reviewed-By: Martin Basti <mbasti@redhat.com>
Added support for changing vault encryption. 2015-08-25T17:11:53+00:00 Endi S. Dewata edewata@redhat.com 2015-07-31T05:53:15+00:00 e46d9236d19f714b67fdf2865f19146c3016f46d The vault-mod command has been modified to support changing vault encryption attributes (i.e. type, password, public/private keys) in addition to normal attributes (i.e. description). Changing the encryption requires retrieving the stored secret with the old attributes and rearchiving it with the new attributes. https://fedorahosted.org/freeipa/ticket/5176 Reviewed-By: Martin Basti <mbasti@redhat.com> 
The vault-mod command has been modified to support changing vault
encryption attributes (i.e. type, password, public/private keys)
in addition to normal attributes (i.e. description). Changing the
encryption requires retrieving the stored secret with the old
attributes and rearchiving it with the new attributes.

https://fedorahosted.org/freeipa/ticket/5176

Reviewed-By: Martin Basti <mbasti@redhat.com>