freeipa.git/ipa-client/ipa-install, branch my-master FreeIPA patches ipa-client-install: Add 'debug' and 'show' statements to nsupdate commands 2013-05-22T10:29:47+00:00 Petr Spacek pspacek@redhat.com 2013-05-15T12:54:11+00:00 9fbdf9f51f93acd76e96763501bf9852bc0f8287 https://fedorahosted.org/freeipa/ticket/3629 
https://fedorahosted.org/freeipa/ticket/3629
Drop uniqueMember mapping with nss-pam-ldapd. 2013-05-02T14:43:10+00:00 Rob Crittenden rcritten@redhat.com 2013-04-30T18:35:19+00:00 bfdcc7c62d80220e9f813b2355cced68ca4391d2 nss-pam-ldapd in 0.8.4 changed the default to map uniqueMember to member so it is no longer needed in the config file, and in fact causes an error to be raised. Add a Conflicts on older versions. https://fedorahosted.org/freeipa/ticket/3589 
nss-pam-ldapd in 0.8.4 changed the default to map uniqueMember to
member so it is no longer needed in the config file, and in fact
causes an error to be raised.

Add a Conflicts on older versions.

https://fedorahosted.org/freeipa/ticket/3589
Add support for OpenSSH 6.2. 2013-04-30T15:05:39+00:00 Jan Cholasta jcholast@redhat.com 2013-04-18T16:06:54+00:00 ddd8988f1cd2c5ecafb476a6efca15e906cb84df Run sss_ssh_authorizedkeyscommand as nobody. Automatically update sshd_config on openssh-server update. https://fedorahosted.org/freeipa/ticket/3571 
Run sss_ssh_authorizedkeyscommand as nobody. Automatically update sshd_config
on openssh-server update.

https://fedorahosted.org/freeipa/ticket/3571
Preserve already configured options in openldap conf 2013-04-30T14:54:10+00:00 Tomas Babej tbabej@redhat.com 2013-04-22T10:55:38+00:00 5d6a9d3befb5434dd7b2d1bbafd76050f22743a2 We should respect already configured options present in /etc/openldap/ldap.conf when generating our own configuration. With this patch, we only rewrite URI, BASE and TLS_CACERT options only if they are not configured. In the case they are, our suggested configuration is inserted as a comment. Also adds tab as a delimeter character in /etc/openldap/ldap.conf https://fedorahosted.org/freeipa/ticket/3582 
We should respect already configured options present in
/etc/openldap/ldap.conf when generating our own configuration.

With this patch, we only rewrite URI, BASE and TLS_CACERT options
only if they are not configured. In the case they are, our suggested
configuration is inserted as a comment.

Also adds tab as a delimeter character in /etc/openldap/ldap.conf

https://fedorahosted.org/freeipa/ticket/3582
Avoid removing sss from nssswitch.conf during client uninstall 2013-04-23T20:14:25+00:00 Tomas Babej tbabej@redhat.com 2013-04-22T09:37:33+00:00 40966cbe635eb0df80aa8d58c888d325b984ea46 This patch makes sure that sss is not removed from nsswitch.conf which causes probles with later uses of sssd. Makes sure that authconfig with --disablesssd option is not executed during ipa client uninstall. https://fedorahosted.org/freeipa/ticket/3577 
This patch makes sure that sss is not removed from nsswitch.conf
which causes probles with later uses of sssd. Makes sure that
authconfig with --disablesssd option is not executed during
ipa client uninstall.

https://fedorahosted.org/freeipa/ticket/3577
Add hint message about --force-join option when enrollment fails 2013-04-23T20:11:31+00:00 Tomas Babej tbabej@redhat.com 2013-04-22T10:02:45+00:00 6e8d311dac90c52074cfcc07b45a97326e8b7e19 When client enrollment fails due to the fact that host entry already exists on the server, display an message informing the user about the possibility of using --force-join option. https://fedorahosted.org/freeipa/ticket/3572 
When client enrollment fails due to the fact that host entry
already exists on the server, display an message informing the
user about the possibility of using --force-join option.

https://fedorahosted.org/freeipa/ticket/3572
Handle missing /etc/ipa in ipa-client-install 2013-04-19T14:57:07+00:00 Ana Krivokapic akrivoka@redhat.com 2013-04-19T12:32:20+00:00 2a8f1b0b16bb1a0af3906c06cffcd96bf152227a Make sure /etc/ipa is created and owned by freeipa-python package. Report correct error to user if /etc/ipa is missing during client installation. https://fedorahosted.org/freeipa/ticket/3551 
Make sure /etc/ipa is created and owned by freeipa-python package.

Report correct error to user if /etc/ipa is missing during client installation.

https://fedorahosted.org/freeipa/ticket/3551
Remove CA cert on client uninstall 2013-04-04T10:50:08+00:00 Ana Krivokapic akrivoka@redhat.com 2013-04-02T17:48:38+00:00 43fc525fbb98f5b6ff09df172f969a1707a6cbf4 The CA cert (/etc/ipa/ca.crt) was not being removed on client uninstall, causing failure on subsequent client installation in some cases. https://fedorahosted.org/freeipa/ticket/3537 
The CA cert (/etc/ipa/ca.crt) was not being removed
on client uninstall, causing failure on subsequent client
installation in some cases.

https://fedorahosted.org/freeipa/ticket/3537
ipa-client-install: Do not request host certificate if server is CA-less 2013-04-02T13:28:51+00:00 Petr Viktorin pviktori@redhat.com 2013-03-28T16:41:05+00:00 67c7bd3060461f0050640aca682da155e667875b https://fedorahosted.org/freeipa/ticket/3536 
https://fedorahosted.org/freeipa/ticket/3536
Allow host re-enrollment using delegation 2013-03-25T09:53:25+00:00 Tomas Babej tbabej@redhat.com 2013-03-18T10:06:22+00:00 a7ccc198a731d0e48319a73bcb2dd98c34de262a A new option --force-join has been added to ipa-client-install. It forces the host enrollment even if the host entry exists. Old certificate is revoked, new certificate and ssh key pair generated. See the relevant design for the re-enrollment part: http://freeipa.org/page/V3/Forced_client_re-enrollment https://fedorahosted.org/freeipa/ticket/3482 
A new option --force-join has been added to ipa-client-install.
It forces the host enrollment even if the host entry exists.
Old certificate is revoked, new certificate and ssh key pair
generated. See the relevant design for the re-enrollment part:
http://freeipa.org/page/V3/Forced_client_re-enrollment

https://fedorahosted.org/freeipa/ticket/3482