This is the first time code has been released since I joined the project. While it ai’n’t done yet, I’m still proud of how far we’ve come. Below is the release from the FreeIPA devel list.
To all freeipa-interest, freeipa-users and freeipa-devel list members,
The FreeIPA project team is pleased to announce the availability of the Alpha 5 release of freeIPA 2.0 server [1]. Binaries are available for F-12, F-13 and F-14.
This alpha is a bug fix release over the previous alpha and includes a completely re-written UI.
Please do not hesitate to share feedback, criticism or bugs with us on our mailing list: freeipa-users@redhat.com
The changes in this release include:
- Dropped our PKCS#10 parser to use the one provided by python-nss
- Started enforcing that hosts must be resolvable before adding them (use –force if you really want to add them).
- Provide a reason when adding members to a group fails.
- Allow de-coupling of user private groups (group-detach).
- Support for ipa tool failover.
- Hosts are allowed to retrieve keytabs for their services.
- More configurable logging, see http://freeipa.org/page/IPAv2_config_files
- Add support for ldap:///self aci rules
- Use global time and size limit values when searching.
- Don’t include passwords in log files.
- Work on F-14
- Make ipactl a lot smarter and add a man page for it.
- Have certmonger track the IPA service certificates.
- Initial support for SUDO. You can create the objects but the client-side is not done yet.
- The delete commands now take multiple arguments: ipa user-del user1 user2 user3 … usern
- Remove reliance on ‘admin’ as a special user. All access control now granted via groups.
- Groups are now created as POSIX by default.
- Add options to control NTLM hashes. By default LM hash is disabled.
- Remove the correct password from the history. We were mistakenly removing the latest password from the history instead of the oldest.
- Rename user-lock and user-unlock to user-enable user-disable.
- The ipa command should return non-zero when something fails.
- Add gettext support for the C utilities.
- Add capability to import automount files.
- Add basic support for user and group renames (more work is needed). For now use ipa user-mod –setattr uid=newuser olduser
- Add flag to group-find to only search on private groups.
- Set default python encoding to utf-8. This should resolve a number of i18n problems.
- Show indirect members (of groups, hostgroups, netgroups, etc).
- Remove group nesting from the HBAC service groups.
- Implement nested netgroups.
- Add basic support for kerberos lockout policy. You can control how many failed attempts are allowed before lockout. What is missing is a way to unlock a user. This depends on fixes from MIT Kerberos 1.9.
- Correct handling of userCategory and hostCategory in netgroups.
- Updated a lot of man pages.
Known issues:
- dogtag does not work out-of-the-box on Fedora 14. To fix it for for the time being run:
# ln -s /usr/share/java/xalan-j2-serializer.jar /usr/share/tomcat5/common/lib/xalan-j2-serializer.jar
Could you explain in non-geek terms where is freeipa user any why?
FreeIPA is an attempt to provide an alternative to Microsoft Active Directory. It provides Authentication and Authorization. Basically, that means that you can set up policy for “who can do what to what”
First of all, amange the users of an organization
manage the groups they belong to
manage the computers
and establish the policy that controls access between the users and the computers.
I regularly enjoy your thoughts, thanks a lot!