[Pkg-freeipa-devel] freeipa: Changes to 'refs/tags/debian/4.1.4-1'

Timo Aaltonen tjaalton at moszumanska.debian.org
Fri Sep 25 11:53:40 UTC 2015

Tag 'debian/4.1.4-1' created by Timo Aaltonen <tjaalton at debian.org> at 2015-09-25 11:25 +0000

tagging package freeipa version debian/4.1.4-1
Version: GnuPG v1


Changes since debian/4.0.5-6:
Alexander Bokovoy (24):
      ipaserver/dcerpc.py: if search of a closest GC failed, try to find any GC
      ipaserver/dcerpc.py: make PDC discovery more robust
      ipaserver/dcerpc.py: Avoid hitting issue with transitive trusts on Windows Server prior to 2012
      ipaserver/dcerpc.py: be more open to what domains can be seen through the forest trust
      ipaserver/dcerpc.py: Make sure trust is established only to forest root domain
      Support overridding user shell in ID views
      Allow user overrides to specify SSH public keys
      Allow user overrides to specify GID of the user
      Allow override of gecos field in ID views
      Update API version for ID views support
      Require slapi-nis 0.54 or later for ID views support
      Support idviews in compat tree
      Change ipaOverrideTarget OID to avoid conflict with DNSSEC feature
      updater: enable uid uniqueness plugin for posixAccounts
      Default to use TLSv1.0 and TLSv1.1 on the IPA server side
      Add ipaSshPubkey and gidNumber to the ACI to read ID user overrides
      Update slapi-nis dependency to pull 0.54.1
      AD trust: improve trust validation
      Support Samba PASSDB 0.2.0 aka interface version 24
      ipa-cldap: support NETLOGON_NT_VERSION_5EX_WITH_IP properly
      ipa-kdb: when processing transitions, hand over unknown ones to KDC
      ipa-kdb: reject principals from disabled domains as a KDC policy
      fix Makefile.am for daemons
      slapi-nis: require 0.54.2 for CVE-2015-0283 fixes

Ana Krivokapić (1):
      Remove internaldb password from password.conf

David Kupka (33):
      Improve password validity check.
      Fix group-remove-member crash when group is removed from a protected group
      test group: remove group from protected group.
      Verify otptoken timespan is valid
      Add record(s) to /etc/host when IPA is configured as DNS server.
      Use certmonger D-Bus API instead of messing with its files.
      Do not restart apache server when not necessary.
      Allow user to force Kerberos realm during installation.
      Fix typo causing ipa-upgradeconfig to fail.
      Add 'host' setting into default.conf configuration file on client. Fix description in man page.
      Detect and configure all usable IP addresses.
      Do not require description in UI.
      Fix example usage in ipa man page.
      Check that port 8443 is available when installing PKI.
      Set IPA CA for freeipa certificates.
      Stop dogtag when updating its configuration in ipa-upgradeconfig.
      Fix printing of reverse zones in ipa-dns-install.
      Fix typo causing certmonger is provided with wrong path to ipa-submit.
      Respect UID and GID soft static allocation.
      Stop dirsrv last in ipactl stop.
      Remove unneeded internal methods. Move code to public methods.
      Remove service file even if it isn't link.
      Produce better error in group-add command.
      Fix --{user,group}-ignore-attribute in migration plugin.
      ipa-restore: Check if directory is provided + better errors.
      Fix error message for nonexistent members and add tests.
      Use singular in help metavars + update man pages.
      Always add /etc/hosts record when DNS is being configured.
      Remove ipanttrustauthincoming/ipanttrustauthoutgoing from ipa trust-add output.
      Abort backup restoration on not matching host.
      idviews: Allow setting ssh public key on ipauseroverride-add
      Use IPA CA certificate when available and ignore NO_TLS_LDAP when not.
      Restore default.conf and use it to build API.

Gabe (10):
      ipa trust-add command should be interactive
      Fix hardcoded lib dir in freeipa.spec
      Missing requires on python-dns in spec file
      ipa-server-install Directory Manager help incorrect
      Remove dependency on subscription-manager
      Typos in ipa-rmkeytab options help and man page
      permission-add does not prompt for ipapermright in interactive mode
      ipa-replica-prepare should document ipv6 options
      ipatests: Add tests for valid and invalid ipa-advise
      ipa-replica-prepare can only be created on the first master

Jakub Hrozek (1):
      CLIENT: Explicitly require python-backports-ssl_match_hostname

Jan Cholasta (147):
      Check if /root/ipa.csr exists when installing server with external CA.
      Exclude attributelevelrights from --raw result processing in baseldap.
      Add function for checking if certificate is self-signed to ipalib.x509.
      Support CA certificate renewal in dogtag-ipa-ca-renew-agent.
      Allow IPA master hosts to update CA certificate in LDAP.
      Automatically update CA certificate in LDAP on renewal.
      Track CA certificate using dogtag-ipa-ca-renew-agent.
      Add method for setting CA renewal master in LDAP to CAInstance.
      Provide additional functions to ipapython.certmonger.
      Move external cert validation from ipa-server-install to installutils.
      Add method for verifying CA certificates to NSSDatabase.
      Add permissions for CA certificate renewal.
      Add CA certificate management tool ipa-cacert-manage.
      Alert user when externally signed CA is about to expire.
      Load sysupgrade.state on demand.
      Pick new CA renewal master when deleting a replica.
      Remove master ACIs when deleting a replica.
      Do not use ldapi in certificate renewal scripts.
      Check that renewed certificates coming from LDAP are actually renewed.
      Allow IPA master hosts to read and update IPA master information.
      Do not treat the IPA RA cert as CA cert in DS NSS database.
      Remove certificate "External CA cert" from /etc/pki/nssdb on client uninstall.
      Allow specifying trust flags in NSSDatabase and CertDB method trust_root_cert.
      Fix trust flags in HTTP and DS NSS databases.
      Add LDAP schema for wrapped cryptographic keys.
      Add LDAP schema for certificate store.
      Add container for certificate store.
      Configure attribute uniqueness for certificate store.
      Add permissions for certificate store.
      Add functions for extracting certificates fields in DER to ipalib.x509.
      Add function for extracting extended key usage from certs to ipalib.x509.
      Add certificate store module ipalib.certstore.
      Upload CA chain from DS NSS database to certificate store on server install.
      Upload CA chain from DS NSS database to certificate store on server update.
      Rename CertDB method add_cert to import_cert.
      Add new add_cert method for adding certificates to NSSDatabase and CertDB.
      Import CA certs from certificate store to DS NSS database on replica install.
      Import CA certs from certificate store to HTTP NSS database on server install.
      Upload renewed CA cert to certificate store on renewal.
      Refactor CA certificate fetching code in ipa-client-install.
      Support multiple CA certificates in /etc/ipa/ca.crt in ipa-client-install.
      Add function for writing list of certificates to a PEM file to ipalib.x509.
      Get CA certs for /etc/ipa/ca.crt from certificate store in ipa-client-install.
      Allow overriding NSS database path in RPCClient.
      Get CA certs for /etc/pki/nssdb from certificate store in ipa-client-install.
      Add functions for DER encoding certificate extensions to ipalib.x509.
      Get CA certs for system-wide store from cert store in ipa-client-install.
      Get up-to-date CA certificates from certificate store in ipa-replica-install.
      Add client certificate update tool ipa-certupdate.
      Export full CA chain to /etc/ipa/ca.crt in ipa-server-install.
      Allow multiple CA certificates in replica info files.
      Add new NSSDatabase method get_cert for getting certs from NSS databases.
      Allow changing chaining of the IPA CA certificate in ipa-cacert-manage.
      Update CS.cfg on IPA CA certificate chaining change in renew_ca_cert.
      Allow adding CA certificates to certificate store in ipa-cacert-manage.
      Allow upgrading CA-less to CA-full using ipa-ca-install.
      Update external CA cert in Dogtag NSS DB on IPA CA cert renewal.
      Enable NSS PKIX certificate path discovery and validation for Dogtag.
      Add test for baseldap.entry_to_dict.
      Fix parsing of long nicknames in certutil -L output.
      Convert external CA chain to PKCS#7 before passing it to pkispawn.
      Allow changing CA renewal master in ipa-csreplica-manage.
      Normalize external CA cert before passing it to pkispawn
      Make CA-less ipa-server-install option --root-ca-file optional.
      Backup CS.cfg before modifying it
      Use autobind when updating CA people entries during certificate renewal
      Fix certmonger code causing the ca_renewal_master update plugin to fail
      Allow RPM upgrade from ipa-* packages
      Include ipaplatform in client-only build
      Include the ipa command in client-only build
      Allow specifying signing algorithm of the IPA CA cert in ipa-server-install.
      Add NSSDatabase.import_files method for importing files in various formats
      External CA installer options usability fixes
      CA-less installer options usability fixes
      Allow choosing CA-less server certificates by name
      Do stricter validation of CA certificates
      Introduce NSS database /etc/ipa/nssdb
      Move NSSDatabase from ipaserver.certs to ipapython.certdb
      Add NSSDatabase.has_nickname for checking nickname presence in a NSS DB
      Use NSSDatabase instead of direct certutil calls in client code
      Use /etc/ipa/nssdb to get nicknames of IPA certs installed in /etc/pki/nssdb
      Check if IPA client is configured in ipa-certupdate
      Get server hostname from jsonrpc_uri in ipa-certupdate
      Remove ipa-ca.crt from systemwide CA store on client uninstall and cert update
      Fix certmonger.wait_for_request
      Fix certmonger search for the CA cert in ipa-certupdate and ipa-cacert-manage
      Add missing imports to ipapython.certdb
      Remove misleading authorization error message in cert-request with --add
      Split off generic Red Hat-like platform code from Fedora platform code
      Add RHEL platform module
      Support building RPMs for RHEL/CentOS 7.0
      Support MS CS as the external CA in ipa-server-install and ipa-ca-install
      Allow specifying signing algorithm of the IPA CA cert in ipa-ca-install
      Fix CA cert validity check for CA-less and external CA installer options
      Fix certmonger.request_cert
      Add ipa-client-install switch --request-cert to request cert for the host
      Do not create ipa-pki-proxy.conf if CA is not configured in ipa-upgradeconfig
      Do not fix trust flags in the DS NSS DB in ipa-upgradeconfig
      Check LDAP instead of local configuration to see if IPA CA is enabled
      DNSSEC: remove container_dnssec_keys
      Do not check if port 8443 is available in step 2 of external CA install
      Handle profile changes in dogtag-ipa-ca-renew-agent
      Do not wait for new CA certificate to appear in LDAP in ipa-certupdate
      Fail if certmonger can't see new CA certificate in LDAP in ipa-cacert-manage
      Fix possible NULL dereference in ipa-kdb
      Fix memory leaks in ipa-extdom-extop
      Fix various bugs in ipa-opt-counter and ipa-otp-lasttoken
      Fix memory leak in ipa-pwd-extop
      Fix memory leaks in ipa-join
      Fix various bugs in ipap11helper
      Fix CA certificate backup and restore
      Update Requires on pki-ca to 10.2.1-0.1
      Fix wrong expiration date on renewed IPA CA certificates
      Restore file extended attributes and SELinux context in ipa-restore
      Use correct service name in cainstance.backup_config
      Stop tracking certificates before restoring them in ipa-restore
      Remove redefinition of LOG from ipa-otp-lasttoken
      Unload P11_Helper object's library when it is finalized in ipap11helper
      Fix Kerberos error handling in ipa-sam
      Fix unchecked return value in ipa-kdb
      Fix unchecked return values in ipa-winsync
      Fix unchecked return value in ipa-join
      Fix unchecked return value in krb5 common utils
      Fix memory leak in GetKeytabControl asn1 code
      Add TLS 1.2 to the protocol list in mod_nss config
      Fix automatic CA cert renewal endless loop in dogtag-ipa-ca-renew-agent
      Do not renew the IPA CA cert by serial number in dogtag-ipa-ca-renew-agent
      Improve validation of --instance and --backend options in ipa-restore
      Check subject name encoding in ipa-cacert-manage renew
      Refer the user to freeipa.org when something goes wrong in ipa-cacert-manage
      Fix ipa-restore on systems without IPA installed
      Remove RUV from LDIF files before using them in ipa-restore
      Fix CA certificate renewal syslog alert
      Do not crash on unknown services in installutils.stopped_service
      Restart dogtag when its server certificate is renewed
      Make certificate renewal process synchronized
      Fix validation of ipa-restore options
      Do not assume certmonger is running in httpinstance
      Put LDIF files to their original location in ipa-restore
      Revert "Make all ipatokenTOTP attributes mandatory"
      Create correct log directories during full restore in ipa-restore
      Do not crash when replica is unreachable in ipa-restore
      Bump 389-ds-base and pki-ca dependencies for POODLE fixes
      certstore: Make certificate retrieval more robust
      client-install: Do not crash on invalid CA certificate in LDAP
      client: Fix ca_is_enabled calls
      upload_cacrt: Fix empty cACertificate in cn=CAcert

Jan Pazdziora (1):
      No explicit zone specification.

Ludwig Krispenz (2):
      Update SSL ciphers configured in 389-ds-base
      Ignore irrelevant subtrees in schema compat plugin

Martin Babinsky (14):
      Moved dbus-python dependence to freeipa-python package
      ipa-kdb: unexpected error code in 'ipa_kdb_audit_as_req' triggers a message
      always get PAC for client principal if AS_REQ is true
      ipa-kdb: more robust handling of principal addition/editing
      OTP: failed search for the user of last token emits an error message
      ipa-pwd-extop: added an informational comment about intentional fallthrough
      ipa-uuid: emit a message when unexpected mod type is encountered
      OTP: emit a log message when LDAP entry for config record is not found
      ipa-client-install: put eol character after the last line of altered config file(s)
      migrate-ds: exit with error message if no users/groups to migrate are found
      Changing the token owner changes also the manager
      ipa-dns-install: use STARTTLS to connect to DS
      migrate-ds: print out failed attempts when no users/groups are migrated
      show the exception message thrown by dogtag._parse_ca_status during install

Martin Bašti (90):
      Fix DNS upgrade plugin should check if DNS container exists
      FIX: named_enable_dnssec should verify if DNS is installed
      Allow to add host if AAAA record exists
      Tests: host tests with dns
      Fix dnsrecord-mod raise error if last record attr is removed
      DNSSEC: fix DS record validation
      Tests: DNS dsrecord validation
      DNS fix NS record coexistence validator
      Test: DNS NS validation
      Fix DNS record rename test
      FIX DNS wildcard records (RFC4592)
      Tests: DNS wildcard records
      dnszone-remove-permission should raise error
      DNS: remove --class option
      WebUI: DNS: remove --class option
      FIX: ldap schmema updater needs correct ordering of the updates
      Fix DNS plugin to allow to add root zone
      DNS test: allow '.' as zone name
      Deprecation of --name-server and --ip-address option in DNS
      Add correct NS records during installation
      DNS: autofill admin email
      WebUI: DNS: Remove ip-address, admin-email options
      DNS tests: tests update to due to change in options
      Remove --ip-address, --name-server otpions from DNS help
      Refactoring of autobind, object_exists
      LDAP disable service
      DNS missing tests
      Fix ipactl service ordering
      Add missing attributes to named.conf
      Make named.conf template platform independent
      Remove ipaContainer, ipaOrderedContainer objectclass
      Add mask, unmask methods for service
      DNSSEC: dependencies
      DNSSEC: schema
      DNSSEC: add ipapk11helper module
      DNSSEC: DNS key synchronization daemon
      DNSSEC: opendnssec services
      DNSSEC: platform paths and services
      DNSSEC: validate forwarders
      DNSSEC: modify named service to support dnssec
      DNSSEC: installation
      DNSSEC: uninstallation
      DNSSEC: upgrading
      DNSSEC: add files to backup
      DNSSEC: change link to ipa page
      fix DNSSEC restore named state
      fix forwarder validation errors
      Fix dns zonemgr validation regression
      Add bind-dyndb-ldap working dir to IPA specfile
      Fix CI tests: install_adtrust
      Fix upgrade: do not use invalid ldap connection
      Fix: DNS installer adds invalid zonemgr email
      Fix: DNS policy upgrade raises asertion error
      Fix upgrade referint plugin
      Upgrade: fix trusts objectclass violationi
      Fix named working directory permissions
      Fix: zonemgr must be unicode value
      Fix warning message should not contain CLI commands
      Show warning instead of error if CA did not start
      Raise right exception if domain name is not valid
      Fix pk11helper module compiler warnings
      Fix: read_ip_addresses should return ipaddr object
      Fix detection of encoding in zonemgr option
      Fix zonemgr option encoding detection
      Throw zonemgr error message before installation proceeds
      Upgrade fix: masking named should be executed only once
      Using wget to get status of CA
      Show SSHFP record containing space in fingerprint
      Fix don't check certificate during getting CA status
      Fix: Upgrade forwardzones zones after adding newer replica
      Fix zone find during forwardzone upgrade
      Fix traceback if zonemgr error contains unicode
      DNS tests: separate current forward zone tests
      New test cases for Forward_zones
      Detect and warn about invalid DNS forward zone configuration
      DNS tests: warning if forward zone is inactive
      Add debug messages into client autodetection
      DNSSEC catch ldap exceptions in ipa-dnskeysyncd
      DNSSEC: fix root zone dns name conversion
      Always return absolute idnsname in dnszone commands
      Use dyndns_update instead of deprecated sssd option
      Fix reference counting in pkcs11 extension
      DNSSEC add support for CKM_RSA_PKCS_OAEP mechanism
      Fix memory leaks in ipap11helper
      Remove unused method from ipap11pkcs helper module
      DNS fix: do not traceback if unsupported records are in LDAP
      DNS fix: do not show part options for unsupported records
      DNS: remove NSEC3PARAM from records
      Fix dead code in ipap11helper module

Martin Košek (17):
      Do not require dogtag-pki-server-theme
      Allow hashed passwords in DS
      Do not crash client basedn discovery when SSF not met
      ipa-adtrust-install does not re-add member in adtrust agents group
      Sudorule RunAsUser should work with external groups
      Raise better error message for permission added to generated tree
      Remove changetype attribute from update plugin
      Update contributors
      Lower pki-ca requires to 10.1.2
      Bump SSSD Requires to 1.12.3
      Allow PassSync user to locate and update NT users
      Allow Replication Administrators manipulate Winsync Agreements
      Replication Administrators cannot remove replication agreements
      Add anonymous read ACI for DUA profile
      Print PublicError traceback when in debug mode
      group-detach does not add correct objectclasses
      Remove references to GPL v2.0 license

Nathan Kinder (1):
      Timeout when performing time sync during client install

Nathaniel McCallum (22):
      Fix ipa-getkeytab for pre-4.0 servers
      Add TOTP watermark support
      Ensure ipaUserAuthTypeClass when needed on user creation
      Update qrcode support for newer python-qrcode
      Use stack allocation when writing values during otp auth
      Move OTP synchronization step to after counter writeback
      Remove token ID from self-service UI
      Remove token vendor, model and serial defaults
      Display token type when viewing token
      Create ipa-otp-counter 389DS plugin
      Configure IPA OTP Last Token plugin on upgrade
      Ensure that a password exists after OTP validation
      Improve otptoken help messages
      Ensure users exist when assigning tokens to them
      Enable QR code display by default in otptoken-add
      Catch USBError during YubiKey location
      Preliminary refactoring of libotp files
      Move authentication configuration cache into libotp
      Enable last token deletion when password auth type is configured
      Make token auth and sync windows configurable
      Create an OTP help topic
      Prefer TCP connections to UDP in krb5 clients

Petr Viktorin (36):
      Update API.txt
      test_ipagetkeytab: Fix assertion in negative test
      Support delegating RBAC roles to service principals
      service: Normalize service principal in get_dn
      freeipa.spec.in: Add python-backports-ssl_match_hostname to BuildRequires
      permission plugin: Make --target available in the CLI
      permission plugin: Improve description of the target option
      Add managed read permissions for compat tree
      Fix: Add managed read permissions for compat tree and operational attrs
      Update referential integrity config for DS 1.3.3
      permission plugin: Auto-add operational atttributes to read permissions
      Allow deleting obsolete permissions; remove operational attribute permissions
      ipaserver.install: Consolidate system user creation
      ipa_restore: Split the services list
      backup,restore: Don't overwrite /etc/{passwd,group}
      ipa_backup: Log where the backup is be stored
      Add basic test for backup & restore
      Add test for backup/delete system users/restore
      JSON client: Log pretty-printed request and response with -vv or above
      test_permission_plugin: Check legacy permissions
      upgradeinstance: Restore listeners on failure
      ipa-replica-prepare: Wait for the DNS entry to be resolvable
      Move setting SELinux booleans to platform code
      ipa-restore: Set SELinux booleans when restoring
      ipaserver.install.service: Don't show error message on SystemExit(0)
      VERSION,Makefile: Rename "pre" to "alpha"
      Become IPA 4.1.0 Alpha 1
      test_service_plugin: Do not lowercase memberof_role
      test_forced_client_reenrollment: Don't check for host certificates
      backup/restore: Add files from /etc/ipa/nssdb
      sudo integration test: Remove the local user test
      ipa-restore: Don't crash if AD trust is not installed
      ipaplatform: Use the dirsrv service, not target
      Do not restore SELinux settings that were not backed up
      Add additional backup & restore checks
      copy_schema_to_ca: Fallback to old import location for ipaplatform.services

Petr Vobornik (1):
      Become IPA 4.1.3

Petr Voborník (91):
      baseldap: return 'none' attr level right as unicode string
      webui: support wildcard attribute level rights
      webui: fix nested items creation in dropdown list
      webui: internet explorer fixes
      webui: detach facet nodes
      webui: replace action_buttons with action_widget
      webui: remove remaining action-button-disabled occurrences
      webui: add bounce url to reset_password.html
      webui-ci: fix reset password check
      webui: better error reporting
      webui-ci: fix table widget add
      webui: display expired session notification in a more visible area
      webui: improved info msgs on login/token sync/reset pwd pages
      webui: login screen - improved button switching
      webui: rename tooltip to title
      webui: tooltip support
      webui: better authentication types description
      webui: convert widget.less indentation to spaces
      webui: improve rule table css
      webui: sshkey widget - usability fixes
      webui: disable batch action buttons by default
      webui: fix group type padding
      webui: extract complex pkey on Add and Edit
      webui: adjust behavior of bounce url
      webui: do not show login error when switching back from otp sync screen
      webui: switch associators if default doesn't work
      webui: notify psw change success only once
      webui: append network.negotiate-auth.trusted-uris
      install: create ff krb extension on every install, replica install and upgrade
      webui: add measurement unit to otp token time fields
      webui: better otp token type label
      webui: add token from user page
      webui: add i18n for the rest of QR code strings
      webui: display fields based on otp token type
      webui: better value-change reporting
      webui: widget initialization
      webui: hide empty fields and sections
      webui: hide non-readable fields
      webui: hide otp fields based on token type
      webui: fix regression in association facet preop
      webui-ci: case-insensitive record check
      webui: do not offer ipa-ad-winsync and ipa-ipa-trust range types
      webui: improve breadcrumb navigation
      webui: treat value as pkey in link widget
      webui: do not show internal facet name to user
      webui: allow to skip link widget link validation
      webui: add simple link column support
      webui: new ID views section
      webui: facet group labels for idview's facets
      webui: list only not-applied hosts in "apply to host" dialog
      webui: add link from host to idview
      webui-ci: adjust dnszone-add test to recent DNS changes
      dns: fix privileges' memberof during dns install
      keytab manipulation permission management
      tests: management of keytab permissions
      idviews: error out if appling Default Trust View on hosts
      webui: add link to OTP token app
      webui: add new iduseroverride fields
      webui: management of keytab permissions
      webui: allow --force in dnszone-mod and dnsrecord-add
      webui: make Evented a part of base IPA.object
      webui: change order of idview's facet groups
      webui: hide applied to hosts tab for Default Trust View
      webui: hide (un)apply buttons for Default Trust View
      webui: do not offer ipa users to Default Trust View
      webui: do not show closed dialog
      webui: update combobox input on list click
      Become IPA 4.1.0
      build: increase java stack size for all arches
      Become IPA 4.1.1
      ranges: prohibit setting --rid-base with ipa-trust-ad-posix type
      unittests: baserid for ipa-ad-trust-posix idranges
      ldapupdater: set baserid to 0 for ipa-ad-trust-posix ranges
      idrange: include raw range type in output
      webui: prohibit setting rid base with ipa-trust-ad-posix type
      webui: fix potential XSS vulnerabilities
      restore: clear httpd ccache after restore
      webui: use domain name instead of domain SID in idrange adder dialog
      webui: normalize idview tab labels
      Become IPA 4.1.2
      webui: add radius fields to user page
      fix indentation in ipa-restore page
      add --hosts and --hostgroup options to allow/retrieve keytab methods
      webui: fix service unprovisioning
      webui: increase duration of notification messages
      revert removal of cn attribute from idnsRecord
      migrate-ds: fix compat plugin check
      rpcclient: use json_encode_binary for verbose output
      Fix TOTP Synchronization Window label
      ipatests: add missing ssh object classes to idoverrideuser
      Become IPA 4.1.4

Petr Špaček (6):
      DNSSEC: add ipa dnssec daemons
      Fix zone name to directory name conversion in BINDMgr.
      Fix minimal version of BIND for Fedora 20 and 21
      p11helper: standardize indentation and other visual aspects of the code
      p11helper: use sizeof() instead of magic constants
      p11helper: clarify error message

Rob Crittenden (3):
      No longer generate a machine certificate on client installs
      Search using proper scope when connecting CA instances
      Use NSS protocol range API to set available TLS protocols

Simo Sorce (9):
      Add UTC date to GIT snapshot version generation
      Fix filtering of enctypes in server code.
      Add asn1c generated code for keytab controls
      Use asn1c helpers to encode/decode the getkeytab control
      Avoid calling ldap functions without a context
      Remove the removal of the ccache
      Handle DAL ABI change in MIT 1.13
      Add a clear OpenSSL exception.
      Stop including the DES algorythm from openssl.

Stephen Gallagher (1):
      Change BuildRequires for Java

Sumit Bose (11):
      ipa-kdb: fix unit tests
      extdom: add support for new version
      extdom: add support for sss_nss_getorigbyname()
      extdom: remove unused dependency to libsss_idmap
      ipa-range-check: do not treat missing objects as error
      Add configure check for cwrap libraries
      extdom: handle ERANGE return code for getXXYYY_r() calls
      extdom: make nss buffer configurable
      extdom: return LDAP_NO_SUCH_OBJECT to the client
      extdom: fix memory leak
      extdom: fix wrong realloc size

Thierry bordaz (tbordaz) (1):
      Deadlock in schema compat plugin (between automember_update_membership task and dse update)

Thorsten Scherf (1):
      Add help string on how to configure multiple DNS forwards for various cli tools

Timo Aaltonen (34):
      Merge branch 'upstream' into master-next
      Merge branch 'master' into master-next
      add a TODO file
      Merge branch 'master' into master-next
      Merge branch 'experimental' into master-next
      disable dnssec, refresh patches
      control: Add python-usb to build-depends and to python-freeipa depends.
      Merge branch 'master' into master-next
      control: Bump libsss-nss-idmap-dev build-dep.
      control: Add gnupg-agent to python-freeipa depends, and change gnupg to gnupg2.
      control: Add libsofthsm2-dev to build-depends and softhsm2 to server depends.
      freeipa-{server,client}.install: Add new files.
      wrap-and-sort -s
      control: Bump Depends on slapi-nis for CVE fixes.
      control: Bump 389-ds-base, pki-ca depends.
      control: Drop dogtag-pki-server-theme from server depends, it's not needed.
      control: Server needs newer python-ldap, bump build-dep too.
      bump sssd dependencies
      control: Bump certmonger depends.
      control: Bump python-nss depends.
      freeipa-client: Add /etc/ipa/nssdb, rework /etc/pki/nssdb handling.
      platform: Add DebianNamedService.
      platform, disable-dnssec-support.patch: Fix named.conf template.
      close a few bugs on LP
      disable dnssec some more
      server.postinst: Run ipa-ldap-updater and ipa-upgradeconfig on postinst.
      client.postrm: make rmdir non-fatal
      Merge branch 'master' into master-next
      Revert DNSSEC changes to schema and ACI, makes upgrade tools fail.
      begone, dnssec
      Add some verbosity to server postinst
      server.postinst: Run upgraders only if IPA is configured
      server.postrm: Clean logs on purge and disable apache modules on remove/purge.
      releasing package freeipa version 4.1.4-1

Tomáš Babej (53):
      baseldap: Remove redundant search from LDAPAddReverseMember and LDAPRemoveReverseMember
      ipalib: idrange: Make non-implemented range types fail the validation
      ipatests: test_trust: Add test to cover lookup of trusdomains
      ipa-client-install: Do not add already configured sources to nsswitch.conf entries
      ipalib: host_del: Extend LDAPDelete's takes_options instead of overriding
      Set the default attributes for RootDSE
      baseldap: Properly handle the case of renaming object to the same name
      idviews: Add necessary schema for the ID views
      idviews: Create container for ID views under cn=accounts
      idviews: Add ipaAssignedIDVIew reference to the host object
      ipalib: Remove redundant and star imports from host plugin
      ipalib: PEP8 fixes for host plugin
      idviews: Create basic idview plugin structure
      idvies: Add managed permissions for idview and idoverride objects
      hostgroup: Add helper that returns all members of a hostgroup
      hostgroup: Remove redundant and star imports
      hostgroup: Selected PEP8 fixes for the hostgroup plugin
      idviews: Add ipa idview-apply and idview-unapply commands
      idviews: Extend idview-show command to display assigned idoverrides and hosts
      trusts: Add conversion from SID to object name
      idviews: Support specifying object names instead of raw anchors only
      idviews: Split the idoverride object into iduseroverride and idgroupoverride
      idviews: Split the idoverride commands into iduseroverride and idgroupoverride
      idviews: Alter idoverride methods to work with splitted objects
      idviews: Change format of IPA anchor to include domain
      idviews: Raise NotFound errors if object to override could not be found
      idviews: Resolve anchors to object names in idview-show
      ipatests: Add xmlrpc tests for idviews plugin
      idviews: Add ipaOriginalUid
      idviews: Update the referential plugin config to watch for ipaAssignedIDView
      idviews: Fix casing of ID Views to be consistent
      idviews: Make description optional for the ID View object
      idviews: Add Default Trust View as part of adtrustinstall
      idviews: Handle Default Trust View properly in the framework
      idviews: Make sure the dict.get method is not abused for MUST attributes
      idviews: Catch errors on unsuccessful AD object lookup when resolving object name to anchor
      idviews: Display the list of hosts when using --all
      idviews: Make sure only regular IPA objects are allowed to be overriden
      idviews: Create Default Trust View for upgraded servers
      idviews: Fix typo in upgrade handling of the Default Trust View
      spec: Bump SSSD requires to 1.12.2
      Re-initialize NSS database after otptoken plugin tests
      certs: Fix incorrect flag handling in load_cacert
      hosts: Display assigned ID view by default in host-find and show commands
      idviews: Complain if host is already assigned the ID View in idview-apply
      idviews: Ignore host or hostgroup options set to None
      baseldap: Handle missing parent objects properly in *-find commands
      ipatests: Add coverage for referential integrity plugin applied on ipaAssignedIDView
      ipatests: Fix old command references in the ID views tests
      ipatests: Fix incorrect assumptions in idviews tests
      ipatests: Add coverage for adding and removing sshpubkeys in ID overrides
      ipalib: Make sure correct attribute name is referenced for fax
      idviews: Use case-insensitive detection of Default Trust View

root (1):
      Limit deadlocks between DS plugin DNA and slapi-nis

 .gitignore                                                           |    2 
 .mailmap                                                             |    2 
 ACI.txt                                                              |   48 
 API.txt                                                              |  457 +
 COPYING.openssl                                                      |   16 
 Contributors.txt                                                     |   94 
 Makefile                                                             |   17 
 VERSION                                                              |   25 
 asn1/Makefile.am                                                     |    8 
 asn1/README                                                          |   17 
 asn1/asn1c/BIT_STRING.c                                              |  188 
 asn1/asn1c/BIT_STRING.h                                              |   33 
 asn1/asn1c/GKCurrentKeys.c                                           |   61 
 asn1/asn1c/GKCurrentKeys.h                                           |   37 
 asn1/asn1c/GKNewKeys.c                                               |  126 
 asn1/asn1c/GKNewKeys.h                                               |   47 
 asn1/asn1c/GKReply.c                                                 |  115 
 asn1/asn1c/GKReply.h                                                 |   51 
 asn1/asn1c/GetKeytabControl.c                                        |   77 
 asn1/asn1c/GetKeytabControl.h                                        |   52 
 asn1/asn1c/INTEGER.c                                                 |  835 +++
 asn1/asn1c/INTEGER.h                                                 |   65 
 asn1/asn1c/Int32.c                                                   |  127 
 asn1/asn1c/Int32.h                                                   |   38 
 asn1/asn1c/KrbKey.c                                                  |   81 
 asn1/asn1c/KrbKey.h                                                  |   46 
 asn1/asn1c/Makefile.am                                               |   93 
 asn1/asn1c/NativeEnumerated.c                                        |  204 
 asn1/asn1c/NativeEnumerated.h                                        |   32 
 asn1/asn1c/NativeInteger.c                                           |  314 +
 asn1/asn1c/NativeInteger.h                                           |   37 
 asn1/asn1c/OCTET_STRING.c                                            | 1550 ++++++
 asn1/asn1c/OCTET_STRING.h                                            |   80 
 asn1/asn1c/TypeValuePair.c                                           |   71 
 asn1/asn1c/TypeValuePair.h                                           |   39 
 asn1/asn1c/asn_SEQUENCE_OF.c                                         |   41 
 asn1/asn1c/asn_SEQUENCE_OF.h                                         |   52 
 asn1/asn1c/asn_SET_OF.c                                              |   88 
 asn1/asn1c/asn_SET_OF.h                                              |   62 
 asn1/asn1c/asn_application.h                                         |   47 
 asn1/asn1c/asn_codecs.h                                              |  109 
 asn1/asn1c/asn_codecs_prim.c                                         |  295 +
 asn1/asn1c/asn_codecs_prim.h                                         |   53 
 asn1/asn1c/asn_internal.h                                            |  111 
 asn1/asn1c/asn_system.h                                              |  104 
 asn1/asn1c/ber_decoder.c                                             |  283 +
 asn1/asn1c/ber_decoder.h                                             |   63 
 asn1/asn1c/ber_tlv_length.c                                          |  178 
 asn1/asn1c/ber_tlv_length.h                                          |   50 
 asn1/asn1c/ber_tlv_tag.c                                             |  144 
 asn1/asn1c/ber_tlv_tag.h                                             |   60 
 asn1/asn1c/constr_CHOICE.c                                           | 1101 ++++
 asn1/asn1c/constr_CHOICE.h                                           |   57 
 asn1/asn1c/constr_SEQUENCE.c                                         | 1251 +++++
 asn1/asn1c/constr_SEQUENCE.h                                         |   60 
 asn1/asn1c/constr_SEQUENCE_OF.c                                      |  208 
 asn1/asn1c/constr_SEQUENCE_OF.h                                      |   33 
 asn1/asn1c/constr_SET_OF.c                                           |  942 +++
 asn1/asn1c/constr_SET_OF.h                                           |   42 
 asn1/asn1c/constr_TYPE.c                                             |   77 
 asn1/asn1c/constr_TYPE.h                                             |  180 
 asn1/asn1c/constraints.c                                             |   93 
 asn1/asn1c/constraints.h                                             |   63 
 asn1/asn1c/der_encoder.c                                             |  199 
 asn1/asn1c/der_encoder.h                                             |   67 
 asn1/asn1c/ipa.asn1                                                  |   37 
 asn1/asn1c/per_decoder.c                                             |   55 
 asn1/asn1c/per_decoder.h                                             |   44 
 asn1/asn1c/per_encoder.c                                             |   95 
 asn1/asn1c/per_encoder.h                                             |   49 
 asn1/asn1c/per_support.c                                             |  318 +
 asn1/asn1c/per_support.h                                             |  105 
 asn1/asn1c/xer_decoder.c                                             |  363 +
 asn1/asn1c/xer_decoder.h                                             |  106 
 asn1/asn1c/xer_encoder.c                                             |   67 
 asn1/asn1c/xer_encoder.h                                             |   59 
 asn1/asn1c/xer_support.c                                             |  233 
 asn1/asn1c/xer_support.h                                             |   55 
 asn1/configure.ac                                                    |   24 
 asn1/ipa_asn1.c                                                      |  238 
 asn1/ipa_asn1.h                                                      |   76 
 daemons/Makefile.am                                                  |    2 
 daemons/configure.ac                                                 |   51 
 daemons/dnssec/ipa-dnskeysync-replica                                |  165 
 daemons/dnssec/ipa-dnskeysyncd                                       |  110 
 daemons/dnssec/ipa-dnskeysyncd.service                               |   15 
 daemons/dnssec/ipa-ods-exporter                                      |  502 ++
 daemons/dnssec/ipa-ods-exporter.service                              |   15 
 daemons/dnssec/ipa-ods-exporter.socket                               |    5 
 daemons/ipa-kdb/ipa_kdb.c                                            |   19 
 daemons/ipa-kdb/ipa_kdb.h                                            |    7 
 daemons/ipa-kdb/ipa_kdb_audit_as.c                                   |    4 
 daemons/ipa-kdb/ipa_kdb_mspac.c                                      |   20 
 daemons/ipa-kdb/ipa_kdb_principals.c                                 |   77 
 daemons/ipa-sam/Makefile.am                                          |    3 
 daemons/ipa-sam/ipa_sam.c                                            |   23 
 daemons/ipa-slapi-plugins/Makefile.am                                |    1 
 daemons/ipa-slapi-plugins/ipa-cldap/Makefile.am                      |    1 
 daemons/ipa-slapi-plugins/ipa-cldap/ipa_cldap_netlogon.c             |   19 
 daemons/ipa-slapi-plugins/ipa-dns/ipa_dns.c                          |   42 
 daemons/ipa-slapi-plugins/ipa-extdom-extop/Makefile.am               |   35 
 daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom.h              |   41 
 daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_cmocka_tests.c |  226 
 daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_common.c       | 1069 +++-
 daemons/ipa-slapi-plugins/ipa-extdom-extop/ipa_extdom_extop.c        |   39 
 daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/group           |    2 
 daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/passwd          |    2 
 daemons/ipa-slapi-plugins/ipa-extdom-extop/test_data/test_setup.sh   |    3 
 daemons/ipa-slapi-plugins/ipa-otp-counter/Makefile.am                |   21 
 daemons/ipa-slapi-plugins/ipa-otp-counter/berval.c                   |   96 
 daemons/ipa-slapi-plugins/ipa-otp-counter/berval.h                   |   66 
 daemons/ipa-slapi-plugins/ipa-otp-counter/ipa-otp-counter.sym        |    1 
 daemons/ipa-slapi-plugins/ipa-otp-counter/ipa_otp_counter.c          |  462 +
 daemons/ipa-slapi-plugins/ipa-otp-counter/ldapmod.c                  |  110 
 daemons/ipa-slapi-plugins/ipa-otp-counter/ldapmod.h                  |   54 
 daemons/ipa-slapi-plugins/ipa-otp-lasttoken/Makefile.am              |    1 
 daemons/ipa-slapi-plugins/ipa-otp-lasttoken/ipa_otp_lasttoken.c      |  262 -
 daemons/ipa-slapi-plugins/ipa-pwd-extop/Makefile.am                  |   10 
 daemons/ipa-slapi-plugins/ipa-pwd-extop/authcfg.c                    |  280 -
 daemons/ipa-slapi-plugins/ipa-pwd-extop/authcfg.h                    |   82 
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c              |  325 -
 daemons/ipa-slapi-plugins/ipa-pwd-extop/ipapwd.h                     |    2 
 daemons/ipa-slapi-plugins/ipa-pwd-extop/prepost.c                    |  127 
 daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.c                    |   17 
 daemons/ipa-slapi-plugins/ipa-pwd-extop/syncreq.h                    |    4 
 daemons/ipa-slapi-plugins/ipa-range-check/ipa_range_check.c          |    5 
 daemons/ipa-slapi-plugins/ipa-uuid/ipa_uuid.c                        |    2 
 daemons/ipa-slapi-plugins/ipa-winsync/ipa-winsync-config.c           |   40 
 daemons/ipa-slapi-plugins/libotp/Makefile.am                         |   14 
 daemons/ipa-slapi-plugins/libotp/hotp.c                              |  170 
 daemons/ipa-slapi-plugins/libotp/hotp.h                              |   60 
 daemons/ipa-slapi-plugins/libotp/libotp.c                            |  583 --
 daemons/ipa-slapi-plugins/libotp/libotp.h                            |   93 
 daemons/ipa-slapi-plugins/libotp/librfc.c                            |  170 
 daemons/ipa-slapi-plugins/libotp/librfc.h                            |   63 
 daemons/ipa-slapi-plugins/libotp/otp_config.c                        |  364 +
 daemons/ipa-slapi-plugins/libotp/otp_config.h                        |   82 
 daemons/ipa-slapi-plugins/libotp/otp_token.c                         |  533 ++
 daemons/ipa-slapi-plugins/libotp/otp_token.h                         |   88 
 daemons/ipa-slapi-plugins/libotp/t_hotp.c                            |  121 
 daemons/ipa-slapi-plugins/libotp/t_librfc.c                          |  121 
 debian/TODO                                                          |    5 
 debian/changelog                                                     |   32 
 debian/control                                                       |   34 
 debian/freeipa-client.dirs                                           |    1 
 debian/freeipa-client.install                                        |    2 
 debian/freeipa-client.postinst                                       |   13 
 debian/freeipa-client.postrm                                         |    8 
 debian/freeipa-server.install                                        |    7 
 debian/freeipa-server.links                                          |    4 
 debian/freeipa-server.postinst                                       |    9 
 debian/freeipa-server.postrm                                         |   42 
 debian/patches/add-a-clear-openssl-exception.diff                    |   49 
 debian/patches/add-debian-platform.diff                              |   72 
 debian/patches/disable-dnssec-support.patch                          |  524 ++
 debian/patches/fix-bind-conf.diff                                    |   39 
 debian/patches/fix-hyphen-used-as-minus-sign.patch                   |    2 
 debian/patches/fix-manpage-has-errors-from-man.patch                 |   13 
 debian/patches/fix-pykerberos-api.diff                               |    5 
 debian/patches/no-test-lang.diff                                     |    2 
 debian/patches/port-ipa-client-automount.diff                        |    2 
 debian/patches/prefix.patch                                          |    6 
 debian/patches/revert-dnssec-aci.diff                                |   98 
 debian/patches/revert-dnssec-schema.diff                             |  131 
 debian/patches/revert-pykerberos-api-change.diff                     |    2 
 debian/patches/revert-revert-removal-of-cn-attribute.diff            |   21 
 debian/patches/series                                                |    7 
 debian/patches/work-around-apache-fail.diff                          |    4 
 freeipa.spec.in                                                      |  112 
 install/certmonger/Makefile.am                                       |    1 
 install/certmonger/dogtag-ipa-ca-renew-agent-submit                  |  246 
 install/certmonger/ipa-server-guard                                  |   55 
 install/ffextension/chrome/content/kerberosauth.js                   |   24 
 install/restart_scripts/renew_ca_cert                                |  152 
 install/restart_scripts/renew_ra_cert                                |   44 
 install/restart_scripts/restart_dirsrv                               |   10 
 install/restart_scripts/restart_httpd                                |   10 
 install/restart_scripts/stop_pkicad                                  |    4 
 install/share/05rfc2247.ldif                                         |   39 
 install/share/60basev2.ldif                                          |    4 
 install/share/60basev3.ldif                                          |   10 
 install/share/60ipadns.ldif                                          |   13 
 install/share/60ipapk11.ldif                                         |   42 
 install/share/60policyv2.ldif                                        |   30 
 install/share/65ipacertstore.ldif                                    |    8 
 install/share/70ipaotp.ldif                                          |    7 
 install/share/71idviews.ldif                                         |    8 
 install/share/Makefile.am                                            |    9 
 install/share/bind.named.conf.template                               |   15 
 install/share/bind.zone.db.template                                  |    2 
 install/share/bootstrap-template.ldif                                |    6 
 install/share/certmap.conf.template                                  |   43 
 install/share/copy-schema-to-ca.py                                   |    7 
 install/share/default-trust-view.ldif                                |    6 
 install/share/dns.ldif                                               |    2 
 install/share/dnssec.ldif                                            |   11 
 install/share/krb5.conf.template                                     |    1 
 install/share/opendnssec_conf.template                               |   46 
 install/share/opendnssec_kasp.template                               |  150 
 install/share/schema_compat.uldif                                    |    8 
 install/share/uuid-ipauniqueid.ldif                                  |   11 
 install/share/uuid.ldif                                              |   23 
 install/tools/Makefile.am                                            |    1 
 install/tools/ipa-adtrust-install                                    |    4 
 install/tools/ipa-ca-install                                         |  241 
 install/tools/ipa-cacert-manage                                      |   23 
 install/tools/ipa-csreplica-manage                                   |    2 
 install/tools/ipa-dns-install                                        |  148 
 install/tools/ipa-replica-conncheck                                  |    1 
 install/tools/ipa-replica-install                                    |  129 
 install/tools/ipa-replica-manage                                     |   15 
 install/tools/ipa-server-install                                     |  463 +
 install/tools/ipa-upgradeconfig                                      |  346 +
 install/tools/ipactl                                                 |   12 
 install/tools/man/Makefile.am                                        |    1 
 install/tools/man/ipa-ca-install.1                                   |   20 
 install/tools/man/ipa-cacert-manage.1                                |   88 
 install/tools/man/ipa-dns-install.1                                  |    3 
 install/tools/man/ipa-replica-install.1                              |    3 
 install/tools/man/ipa-replica-prepare.1                              |   45 
 install/tools/man/ipa-restore.1                                      |   11 
 install/tools/man/ipa-server-certinstall.1                           |    9 
 install/tools/man/ipa-server-install.1                               |   55 
 install/ui/doc/categories.json                                       |    7 
 install/ui/ipa.css                                                   |    6 
 install/ui/less/widgets.less                                         |  132 
 install/ui/reset_password.html                                       |    3 
 install/ui/reset_password.js                                         |   65 
 install/ui/src/freeipa/Application_controller.js                     |    4 
 install/ui/src/freeipa/FieldBinder.js                                |   13 
 install/ui/src/freeipa/_base/Builder.js                              |    2 
 install/ui/src/freeipa/_base/Singleton_registry.js                   |   17 
 install/ui/src/freeipa/_base/construct.js                            |    8 
 install/ui/src/freeipa/add.js                                        |    2 
 install/ui/src/freeipa/app.js                                        |    3 
 install/ui/src/freeipa/association.js                                |   40 
 install/ui/src/freeipa/certificate.js                                |    2 
 install/ui/src/freeipa/config.js                                     |   13 
 install/ui/src/freeipa/dialog.js                                     |   26 
 install/ui/src/freeipa/dns.js                                        |  170 
 install/ui/src/freeipa/facet.js                                      |  104 
 install/ui/src/freeipa/field.js                                      |   34 
 install/ui/src/freeipa/host.js                                       |   96 
 install/ui/src/freeipa/idrange.js                                    |  111 
 install/ui/src/freeipa/idviews.js                                    |  798 +++
 install/ui/src/freeipa/ipa.js                                        |   20 
 install/ui/src/freeipa/navigation/MenuItem.js                        |    2 
 install/ui/src/freeipa/navigation/menu_spec.js                       |    1 
 install/ui/src/freeipa/otptoken.js                                   |   83 
 install/ui/src/freeipa/rule.js                                       |    5 
 install/ui/src/freeipa/search.js                                     |    3 
 install/ui/src/freeipa/serverconfig.js                               |    7 
 install/ui/src/freeipa/service.js                                    |   88 
 install/ui/src/freeipa/user.js                                       |   81 
 install/ui/src/freeipa/util.js                                       |   19 
 install/ui/src/freeipa/widget.js                                     |  333 +
 install/ui/src/freeipa/widgets/LoginScreen.js                        |   80 
 install/ui/src/freeipa/widgets/LoginScreenBase.js                    |    8 
 install/ui/src/freeipa/widgets/SyncOTPScreen.js                      |    2 
 install/ui/test/data/ipa_init.json                                   |   66 
 install/updates/10-schema_compat.update                              |   16 
 install/updates/10-uniqueness.update                                 |   34 
 install/updates/20-aci.update                                        |    2 
 install/updates/20-indices.update                                    |    7 
 install/updates/20-uuid.update                                       |   11 
 install/updates/21-certstore_container.update                        |    4 
 install/updates/25-referint.update                                   |   14 
 install/updates/30-policy.update                                     |   44 
 install/updates/40-delegation.update                                 |   62 
 install/updates/40-dns.update                                        |    1 
 install/updates/40-otp.update                                        |   24 
 install/updates/40-replication.update                                |   11 
 install/updates/59-trusts-sysacount.update                           |    8 
 install/updates/60-trusts.update                                     |    6 
 install/updates/71-idviews.update                                    |    4 
 install/updates/Makefile.am                                          |    4 
 ipa-client/Makefile.am                                               |    4 
 ipa-client/configure.ac                                              |    2 
 ipa-client/ipa-getkeytab.c                                           |  248 
 ipa-client/ipa-install/Makefile.am                                   |    1 
 ipa-client/ipa-install/ipa-certupdate                                |   23 
 ipa-client/ipa-install/ipa-client-automount                          |   10 
 ipa-client/ipa-install/ipa-client-install                            |  523 +-
 ipa-client/ipa-join.c                                                |   23 
 ipa-client/ipa-rmkeytab.c                                            |    4 
 ipa-client/ipaclient/Makefile.am                                     |    1 
 ipa-client/ipaclient/ipa_certupdate.py                               |  181 
 ipa-client/ipaclient/ipachangeconf.py                                |    3 
 ipa-client/ipaclient/ipadiscovery.py                                 |    5 
 ipa-client/ipaclient/ntpconf.py                                      |    8 
 ipa-client/man/Makefile.am                                           |    1 
 ipa-client/man/default.conf.5                                        |    4 
 ipa-client/man/ipa-certupdate.1                                      |   39 
 ipa-client/man/ipa-client-install.1                                  |    4 
 ipa-client/man/ipa-rmkeytab.1                                        |    2 
 ipa.1                                                                |    3 
 ipalib/backend.py                                                    |    2 
 ipalib/certstore.py                                                  |  427 +
 ipalib/constants.py                                                  |    8 
 ipalib/errors.py                                                     |   15 
 ipalib/messages.py                                                   |   57 
 ipalib/parameters.py                                                 |   35 
 ipalib/plugins/automember.py                                         |    5 
 ipalib/plugins/baseldap.py                                           |   54 
 ipalib/plugins/cert.py                                               |   38 
 ipalib/plugins/dns.py                                                |  882 ++-
 ipalib/plugins/group.py                                              |   15 
 ipalib/plugins/hbacsvcgroup.py                                       |    2 
 ipalib/plugins/host.py                                               |  216 
 ipalib/plugins/hostgroup.py                                          |   32 
 ipalib/plugins/idrange.py                                            |   62 
 ipalib/plugins/idviews.py                                            |  894 +++
 ipalib/plugins/internal.py                                           |   68 
 ipalib/plugins/migration.py                                          |   28 

More information about the Pkg-freeipa-devel mailing list