This is the first time code has been released since I joined the project. While it ai’n’t done yet, I’m still proud of how far we’ve come. Below is the release from the FreeIPA devel list.

To all freeipa-interest, freeipa-users and freeipa-devel list members,

The FreeIPA project team is pleased to announce the availability of the Alpha 5 release of freeIPA 2.0 server [1]. Binaries are available for F-12, F-13 and F-14.

This alpha is a bug fix release over the previous alpha and includes a completely re-written UI.

Please do not hesitate to share feedback, criticism or bugs with us on our mailing list: freeipa-users@redhat.com

The changes in this release include:

• Dropped our PKCS#10 parser to use the one provided by python-nss
• Started enforcing that hosts must be resolvable before adding them (use –force if you really want to add them).
• Provide a reason when adding members to a group fails.
• Allow de-coupling of user private groups (group-detach).
• Support for ipa tool failover.
• Hosts are allowed to retrieve keytabs for their services.
• More configurable logging, see http://freeipa.org/page/IPAv2_config_files
• Add support for ldap:///self aci rules
• Use global time and size limit values when searching.
• Don’t include passwords in log files.
• Work on F-14
• Make ipactl a lot smarter and add a man page for it.
• Have certmonger track the IPA service certificates.
• Initial support for SUDO. You can create the objects but the client-side is not done yet.
• The delete commands now take multiple arguments: ipa user-del user1 user2 user3 … usern
• Remove reliance on ‘admin’ as a special user. All access control now granted via groups.
• Groups are now created as POSIX by default.
• Add options to control NTLM hashes. By default LM hash is disabled.
• Remove the correct password from the history. We were mistakenly removing the latest password from the history instead of the oldest.
• Rename user-lock and user-unlock to user-enable user-disable.
• The ipa command should return non-zero when something fails.
• Add gettext support for the C utilities.
• Add capability to import automount files.
• Add basic support for user and group renames (more work is needed). For now use ipa user-mod –setattr uid=newuser olduser
• Add flag to group-find to only search on private groups.
• Set default python encoding to utf-8. This should resolve a number of i18n problems.
• Show indirect members (of groups, hostgroups, netgroups, etc).
• Remove group nesting from the HBAC service groups.
• Implement nested netgroups.
• Add basic support for kerberos lockout policy. You can control how many failed attempts are allowed before lockout. What is missing is a way to unlock a user. This depends on fixes from MIT Kerberos 1.9.
• Correct handling of userCategory and hostCategory in netgroups.
• Updated a lot of man pages.

Known issues:

• dogtag does not work out-of-the-box on Fedora 14. To fix it for for the time being run:

# ln -s /usr/share/java/xalan-j2-serializer.jar /usr/share/tomcat5/common/lib/xalan-j2-serializer.jar