P is for Policy. One aspect of policy management that has the potential to be the killer feature is centralized SUDO.
Centralized SUDO with FreeIPA
Reply
Category Archives: FreeIPA
Sterilizing for FreeIPA uninstall
It is high Test season here in FreeIPA land, as we gear up for the GA of The 2.0 Release. One thing that I’ve found necessary is to set a machine into “Vanilla” state without going through the complete install process. Getting rid of all vestiges of an IPA install requires removing files that are not cleaned up in an “rpm erase” call. This is my script to reset my machine. Warning. It removes your data. Duh. It also cleans up The Dogtag Certificate server and tomcat6 installs, since those are dependencies for IPA that are undergoing significant development as well.
Firefox and Multiple Kerberos Realms
You will need two profiles: I use my default for my corporate setup, and a new one for development.
(Note:Â if you want to keep open a browser, you can use the –no-remote switch so that Firefox doesn’t ignore your pleas to use a different profile, and instead just makes another window that uses the same one.)
firefox -P kfrog –no-remote &
Go through the steps to create another profile.
In the second window, you need to establish kinit, but running with a different TGT. You do this with an environment variable:
export KRB5CCNAME=/tmp/krb5ccache
kinit kfrog@TESTREALM.COM
Close and restart firefox.
firefox –no-remote -P ayoung &
Announcing FreeIPA v2 Server Release Candidate 1 Release
(cross posted from the FreeIPA Devel mailing list)
To all freeipa-interest, freeipa-users and freeipa-devel list members,
The FreeIPA project team is pleased to announce the availability of the
Release Candidate 1 release of freeIPA 2.0 server [1].
* Binaries are available for F-14 and F-15 [2].
* Please do not hesitate to share feedback, criticism or bugs with us on
our mailing list: freeipa-users@redhat.com
Main Highlights of the Release Candidate.
This release consists primarily of bug fixes and polish across all areas ofthe project. Modifications include but are not limited to:
* Installation fixes.
* DNS improvements.
* WebUI improvements.
Focus of the Release Candidate Testing
* There is a Fedora test day for FreeIPA on Feb 15th [3]. Please join us in testing FreeIPA. The exact instructions will be provided later and will be available off the link on the page.
* The following section outlines the areas that we are mostly interested to test [4].
Significant Changes Since Beta 2
To see all the tickets addressed since the beta 2 release
see [6].
Repositories and Installation
* Use the following link to install the beta 2 packages [5].
* On Fedora-14 FreeIPA relies on the latest versions
of the packages currently available from the updates-testing
repository. Please make sure to enable this repository before
you proceed with installation.
Known Issues:
* There are known issues that currently prevent FreeIPA from successfully installing with dogtag on F-15 [2]. We will send a separate message when this issue is resolved. The FreeIPA server is installable with the –selfsign option on F-15, or with dogtag on F-14.
* Server-generated error messages are not translated yet.
* IPv6 support is not complete.
* The ‘ipa help’ command does not support localization.
We plan to address all the outstanding tickets before the final 2.0 release. For the complete list see [7].
Thank you,
The FreeIPA development team
[1] http://www.freeipa.org/page/Downloads
[2] dogtag is having issues with systemd: https://bugzilla.redhat.com/show_bug.cgi?id=676330
[3] https://fedoraproject.org/wiki/QA/Fedora_15_test_days
[4] https://fedoraproject.org/wiki/Features/FreeIPAv2#How_To_Test
[5] http://freeipa.org/downloads/freeipa-devel.repo
[6] https://fedorahosted.org/freeipa/query?status=closed&milestone=2.0.1+Bug+fixing+(RC)
[7] https://fedorahosted.org/freeipa/milestone/2.0.2%20Bug%20fixing%20%28RC2%29
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
Reviewing Patches in Git
FreeIPA requires that all code receive an ACK in a peer code review prior to submission to the main repository. While some patches can be reviewed inline in the email, more often the patch makes no sense without context.
Chromium and FreeIPA
While Google Chrome Is only in Beta at version 9 for Linux, the upstream project, Chromium, has all the latest features. Spot has provided a repo with packages for some of your favorite platforms.
For development, I run the browser on the same serve that I install freeipa-server on. To get it to run,:
chromium-browser --auth-server-whitelist=`hostname` --auth-negotiate-delegate-whitelist=`hostname`
The unit tests don’t run using the file: protocol, but I’ve run them against the Static site and they run fine.
Announcing FreeIPA v2 Server Beta 2 Release
(Cross Posted from the FreeIPA-devel mail list) To all freeipa-interest, freeipa-users and freeipa-devel list members, The FreeIPA project team is pleased to announce the availability of the Beta 2 release of freeIPA 2.0 server [1]. Continue reading
Announcing FreeIPA v2 Server Beta 1 Release
(reposted from the mailing list)
The FreeIPA project team is pleased to announce the availability of the Beta 1 release of freeIPA 2.0 server [1].
Building FreeIPA
Here’s the short version, what I did on F14.
yum -y groupinstall "Development Tools" git clone git://git.fedorahosted.org/freeipa.git cd freeipa yum install -y `grep BuildRequires: ipa.spec.in ` make all rpms yum localinstall --nogpgcheck -y dist/rpms/*rpm yum -y install bind-dyndb-ldap #Dogtag is broken on F14. There is a workaround. ln -s /usr/share/java/xalan-j2-serializer.jar /usr/share/tomcat5/common/lib/xalan-j2-serializer.jar ipa-server-install -U -r ` hostname | tr '[:lower:]' '[:upper:]'` -p freeipa4all -a freeipa4all -u admin --setup-dns --no-forwarders
Announcing FreeIPA v2 Server Alpha 5 Release
This is the first time code has been released since I joined the project. While it ai’n’t done yet, I’m still proud of how far we’ve come. Below is the release from the FreeIPA devel list.