commit 404ff9c03406328377e587e2798fdb20a4d11797 Author: MSVSphere Packaging Team Date: Fri Mar 29 16:26:04 2024 +0300 import realmd-0.17.1-2.el8 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e0d7a4d --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/realmd-0.17.1.tar.gz diff --git a/.realmd.metadata b/.realmd.metadata new file mode 100644 index 0000000..06ce7b9 --- /dev/null +++ b/.realmd.metadata @@ -0,0 +1 @@ +681f7f532daa62a08f2f2d6c9d4a1a04c4c793a3 SOURCES/realmd-0.17.1.tar.gz diff --git a/SOURCES/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch b/SOURCES/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch new file mode 100644 index 0000000..c2c8e3e --- /dev/null +++ b/SOURCES/0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch @@ -0,0 +1,74 @@ +From 19923985b69ccd5f2a33a067bfc3ed020889377e Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Tue, 13 Jun 2023 18:02:52 +0200 +Subject: [PATCH 1/3] service: allow multiple names and _srv_ ad_server option + +realmd checks if the 'ad_server' option is set in sssd.conf before +calling adcli to remove the host from the AD server. If set the value is +used as value for dcli's '--domain-controller' option. But if multiple +names are set in sssd.conf this currently fails because the whole string +is used. + +With this patch the 'ad_server' option is properly evaluated and only +the first domain controller name is used. +--- + service/realm-sssd-ad.c | 36 +++++++++++++++++++++++++++++++++++- + 1 file changed, 35 insertions(+), 1 deletion(-) + +diff --git a/service/realm-sssd-ad.c b/service/realm-sssd-ad.c +index 2817e73..096b6c5 100644 +--- a/service/realm-sssd-ad.c ++++ b/service/realm-sssd-ad.c +@@ -649,6 +649,40 @@ realm_sssd_ad_generic_finish (RealmKerberosMembership *realm, + return g_task_propagate_boolean (G_TASK (result), error); + } + ++static gchar *get_ad_server_from_config (RealmKerberos *realm) ++{ ++ RealmSssd *sssd = REALM_SSSD (realm); ++ RealmIniConfig *config; ++ const gchar *section; ++ gchar **servers; ++ gchar *tmp; ++ size_t c; ++ gchar *value = NULL; ++ ++ config = realm_sssd_get_config (sssd); ++ section = realm_sssd_get_config_section (sssd); ++ ++ if (section == NULL) { ++ return NULL; ++ } ++ ++ servers = realm_ini_config_get_list (config, section, "ad_server", ","); ++ /* Only use the first server defined given in 'ad_server' and ignore ++ * '_srv_'. */ ++ if (servers != NULL) { ++ for (c = 0; servers[c] != NULL; c++) { ++ tmp = g_strstrip (servers[c]); ++ if (strcasecmp ("_srv_", tmp) != 0) { ++ value = g_strdup (tmp); ++ break; ++ } ++ } ++ g_strfreev (servers); ++ } ++ ++ return value; ++} ++ + static void + realm_sssd_ad_discover_myself (RealmKerberos *realm, + RealmDisco *disco) +@@ -665,7 +699,7 @@ realm_sssd_ad_discover_myself (RealmKerberos *realm, + if (section == NULL) + return; + +- value = realm_ini_config_get (config, section, "ad_server"); ++ value = get_ad_server_from_config (realm); + g_free (disco->explicit_server); + disco->explicit_server = value; + +-- +2.43.0 + diff --git a/SOURCES/0001-tools-fix-ccache-handling-for-leave-operation.patch b/SOURCES/0001-tools-fix-ccache-handling-for-leave-operation.patch new file mode 100644 index 0000000..01a3a2a --- /dev/null +++ b/SOURCES/0001-tools-fix-ccache-handling-for-leave-operation.patch @@ -0,0 +1,69 @@ +From f648ae06012d1de137f12095d1bd7aaacb382042 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Wed, 10 Jan 2024 09:18:20 +0100 +Subject: [PATCH] tools: fix ccache handling for leave operation + +krb5_cc_initialize() must be called before anything can be written into +a ccache. + +While checking the available credential types the order/preference was +not respected. + +Resolves: https://issues.redhat.com/browse/SSSD-6420 +--- + tools/realm-client.c | 25 ++++++++++++++++--------- + 1 file changed, 16 insertions(+), 9 deletions(-) + +diff --git a/tools/realm-client.c b/tools/realm-client.c +index c386e64..06420ea 100644 +--- a/tools/realm-client.c ++++ b/tools/realm-client.c +@@ -498,13 +498,16 @@ are_credentials_supported (GVariant *supported, + GVariantIter iter; + const gchar *type; + const gchar *owner; +- +- g_variant_iter_init (&iter, supported); +- while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) { +- if (g_strcmp0 (credential_type_1, type) == 0 || +- g_strcmp0 (credential_type_2, type) == 0) { +- *ret_owner = owner; +- return type; ++ const gchar *list[] = {credential_type_1, credential_type_2, NULL}; ++ size_t c; ++ ++ for (c = 0; list[c] != NULL; c++) { ++ g_variant_iter_init (&iter, supported); ++ while (g_variant_iter_loop (&iter, "(&s&s)", &type, &owner)) { ++ if (g_strcmp0 (list[c], type) == 0) { ++ *ret_owner = owner; ++ return type; ++ } + } + } + +@@ -622,8 +625,6 @@ copy_to_ccache (krb5_context krb5, + memset (&mcred, 0, sizeof (mcred)); + mcred.client = principal; + mcred.server = server; +- mcred.times.starttime = g_get_real_time () / G_TIME_SPAN_MILLISECOND; +- mcred.times.endtime = mcred.times.starttime; + + code = krb5_cc_retrieve_cred (krb5, def_ccache, KRB5_TC_MATCH_TIMES, + &mcred, &creds); +@@ -639,6 +640,12 @@ copy_to_ccache (krb5_context krb5, + return FALSE; + } + ++ code = krb5_cc_initialize (krb5, ccache, creds.client); ++ if (code != 0) { ++ g_debug ("krb5_cc_initialize failed: %s", krb5_get_error_message (krb5, code)); ++ return FALSE; ++ } ++ + code = krb5_cc_store_cred (krb5, ccache, &creds); + krb5_free_cred_contents (krb5, &creds); + +-- +2.43.0 + diff --git a/SOURCES/0002-service-fix-error-message-when-removing-host-from-AD.patch b/SOURCES/0002-service-fix-error-message-when-removing-host-from-AD.patch new file mode 100644 index 0000000..c5968d3 --- /dev/null +++ b/SOURCES/0002-service-fix-error-message-when-removing-host-from-AD.patch @@ -0,0 +1,88 @@ +From d691c679c1531b3eb457c494141bafdc4e0bc692 Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 1 Dec 2023 12:14:06 +0100 +Subject: [PATCH 2/3] service: fix error message when removing host from AD + +If there is an error while trying to remove the host from AD with the +help of adcli the error message talks about "joining" which might be +irritating when figuring out the reason for the failure. This patch +adds a better message when leaving the domain. +--- + service/realm-adcli-enroll.c | 34 +++++++++++++++++++++++++++------- + 1 file changed, 27 insertions(+), 7 deletions(-) + +diff --git a/service/realm-adcli-enroll.c b/service/realm-adcli-enroll.c +index e0d752b..c913987 100644 +--- a/service/realm-adcli-enroll.c ++++ b/service/realm-adcli-enroll.c +@@ -25,9 +25,10 @@ + #include "realm-settings.h" + + static void +-on_join_process (GObject *source, +- GAsyncResult *result, +- gpointer user_data) ++on_join_leave_process (GObject *source, ++ GAsyncResult *result, ++ gpointer user_data, ++ gboolean is_join) + { + GTask *task = G_TASK (user_data); + GError *error = NULL; +@@ -39,15 +40,18 @@ on_join_process (GObject *source, + switch (status) { + case 2: /* ADCLI_ERR_UNEXPECTED */ + g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL, +- "Internal unexpected error joining the domain"); ++ is_join ? "Internal unexpected error joining the domain" ++ : "Internal unexpected error removing host from the domain"); + break; + case 6: /* ADCLI_ERR_CREDENTIALS */ + g_set_error (&error, REALM_ERROR, REALM_ERROR_AUTH_FAILED, +- "Insufficient permissions to join the domain"); ++ is_join ? "Insufficient permissions to join the domain" ++ : "Insufficient permissions to remove the host from the domain"); + break; + default: + g_set_error (&error, REALM_ERROR, REALM_ERROR_FAILED, +- "Failed to join the domain"); ++ is_join ? "Failed to join the domain" ++ : "Failed to remove the host from the domain"); + break; + } + } +@@ -64,6 +68,22 @@ on_join_process (GObject *source, + g_object_unref (task); + } + ++static void ++on_join_process (GObject *source, ++ GAsyncResult *result, ++ gpointer user_data) ++{ ++ on_join_leave_process (source, result, user_data, TRUE); ++} ++ ++static void ++on_leave_process (GObject *source, ++ GAsyncResult *result, ++ gpointer user_data) ++{ ++ on_join_leave_process (source, result, user_data, FALSE); ++} ++ + void + realm_adcli_enroll_join_async (RealmDisco *disco, + RealmCredential *cred, +@@ -290,7 +310,7 @@ realm_adcli_enroll_delete_async (RealmDisco *disco, + g_ptr_array_add (args, NULL); + + realm_command_runv_async ((gchar **)args->pdata, environ, input, +- invocation, on_join_process, ++ invocation, on_leave_process, + g_object_ref (task)); + + g_ptr_array_free (args, TRUE); +-- +2.43.0 + diff --git a/SOURCES/0003-doc-fix-reference-in-realmd.conf-man-page.patch b/SOURCES/0003-doc-fix-reference-in-realmd.conf-man-page.patch new file mode 100644 index 0000000..a03a09a --- /dev/null +++ b/SOURCES/0003-doc-fix-reference-in-realmd.conf-man-page.patch @@ -0,0 +1,26 @@ +From 56aedbceec3e6ff0d6142a16ca0c343c523b6d7a Mon Sep 17 00:00:00 2001 +From: Sumit Bose +Date: Fri, 1 Dec 2023 13:07:10 +0100 +Subject: [PATCH 3/3] doc: fix reference in realmd.conf man page + +--- + doc/manual/realmd.conf.xml | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/doc/manual/realmd.conf.xml b/doc/manual/realmd.conf.xml +index 72b706c..ad17639 100644 +--- a/doc/manual/realmd.conf.xml ++++ b/doc/manual/realmd.conf.xml +@@ -110,7 +110,8 @@ default-client = sssd + + + Some callers of realmd such as the +- realm ++ realm ++ 8 + command line tool allow specifying which client software should + be used. Others, such as GNOME Control Center, simplify choose + the default. +-- +2.43.0 + diff --git a/SOURCES/ipa-packages.patch b/SOURCES/ipa-packages.patch new file mode 100644 index 0000000..67df543 --- /dev/null +++ b/SOURCES/ipa-packages.patch @@ -0,0 +1,13 @@ +diff --git a/service/realmd-redhat.conf b/service/realmd-redhat.conf +index da2de55..856b36d 100644 +--- a/service/realmd-redhat.conf ++++ b/service/realmd-redhat.conf +@@ -20,7 +20,7 @@ oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir + adcli = /usr/sbin/adcli + + [ipa-packages] +-freeipa-client = /usr/sbin/ipa-client-install ++ipa-client = /usr/sbin/ipa-client-install + + [commands] + winbind-enable-logins = /usr/bin/sh -c "/usr/bin/authselect select winbind with-mkhomedir --force && /usr/bin/systemctl enable oddjobd.service && /usr/bin/systemctl start oddjobd.service" diff --git a/SPECS/realmd.spec b/SPECS/realmd.spec new file mode 100644 index 0000000..658419d --- /dev/null +++ b/SPECS/realmd.spec @@ -0,0 +1,443 @@ +Name: realmd +Version: 0.17.1 +Release: 2%{?dist} +Summary: Kerberos realm enrollment service +License: LGPL-2.1-or-later +URL: https://gitlab.freedesktop.org/realmd/realmd +Source0: https://gitlab.freedesktop.org/realmd/realmd/uploads/204d05bd487908ece2ce2705a01d2b26/realmd-%{version}.tar.gz + +Patch0001: 0001-service-allow-multiple-names-and-_srv_-ad_server-opt.patch +Patch0002: 0002-service-fix-error-message-when-removing-host-from-AD.patch +Patch0003: 0003-doc-fix-reference-in-realmd.conf-man-page.patch +Patch0004: 0001-tools-fix-ccache-handling-for-leave-operation.patch + +### Downstream Patches ### +# In RHEL the RHEL the FreeIPA packages are call only ipa-* while upstream is +# using freeipa-*, the following patch applies the needed changes. +Patch0100: ipa-packages.patch + +BuildRequires: make +BuildRequires: gcc +BuildRequires: automake +BuildRequires: autoconf +BuildRequires: intltool pkgconfig +BuildRequires: gettext-devel +BuildRequires: glib2-devel >= 2.32.0 +BuildRequires: openldap-devel +BuildRequires: polkit-devel +BuildRequires: krb5-devel +BuildRequires: systemd-devel +BuildRequires: libxslt +BuildRequires: xmlto +BuildRequires: samba-common-tools +BuildRequires: python3 + +Requires: authselect +Requires: polkit +Conflicts: realmd-devel-docs < %{version}-%{release} +# This build will use Samba's new command line options so it cannot be used +# with older versions of Samba. +Conflicts: samba-common-tools < 4.15 + +%description +realmd is a DBus system service which manages discovery and enrollment in realms +and domains like Active Directory or IPA. The control center uses realmd as the +back end to 'join' a domain simply and automatically configure things correctly. + +%package devel-docs +Summary: Developer documentation files for %{name} +Conflicts: realmd < %{version}-%{release} + +%description devel-docs +The %{name}-devel package contains developer documentation for developing +applications that use %{name}. + +%define _hardened_build 1 + +%prep +%autosetup -p1 + +%build +autoreconf -fi +%configure --disable-silent-rules \ + --with-new-samba-cli-options=yes \ +%if 0%{?rhel} + --with-vendor-error-message='Please check\n https://red.ht/support_rhel_ad \nto get help for common issues.' \ +%endif + %{nil} + +%make_build + +%check +make check + +%install +%make_install + +%find_lang realmd + +%post +%systemd_post realmd.service + +%preun +%systemd_preun realmd.service + +%postun +%systemd_postun_with_restart realmd.service + +%files -f realmd.lang +%doc AUTHORS COPYING NEWS README +%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.freedesktop.realmd.conf +%{_sbindir}/realm +%dir %{_prefix}/lib/realmd +%{_libexecdir}/realmd +%{_prefix}/lib/realmd/realmd-defaults.conf +%{_prefix}/lib/realmd/realmd-distro.conf +%{_unitdir}/realmd.service +%{_datadir}/dbus-1/system-services/org.freedesktop.realmd.service +%{_datadir}/polkit-1/actions/org.freedesktop.realmd.policy +%{_mandir}/man8/realm.8.gz +%{_mandir}/man5/realmd.conf.5.gz +%{_localstatedir}/cache/realmd/ + +%files devel-docs +%doc %{_datadir}/doc/realmd/ +%doc ChangeLog + +%changelog +* Tue Feb 20 2024 Sumit Bose - 0.17.1-2 +- Use make macros https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro +- migrated to SPDX license +- allow multiple names and _srv_ ad_server option + Resolves: RHEL-12113 +- fix ccache handling for leave operation + Resolves: RHEL-26166 + +* Fri Oct 21 2022 Sumit Bose - 0.17.1-1 +- Update to upstream release 0.17.1 + Resolves: rhbz#2133841 + +* Mon Jan 10 2022 Sumit Bose - 0.16.3-25 +- add LDAP socket timeout + Resolves: rhbz#2037864 + +* Wed Dec 15 2021 Sumit Bose - 0.16.3-24 +- Avoid duplicated log messages and use Samba's new CLI options + Resolves: rhbz#2024248 + Resolves: rhbz#2028528 + +* Tue May 11 2021 Sumit Bose - 0.16.3-23 +- Add restart macro and vendor message to spec file + Resolves: rhbz#1926046 + +* Thu Dec 03 2020 Sumit Bose - 0.16.3-22 +- Add fixes LDAPS functionality + Resolves: rhbz#1826964 + +* Thu Nov 26 2020 Sumit Bose - 0.16.3-21 +- Add missing patch for LDAPS functionality + Resolves: rhbz#1826964 + +* Thu Nov 05 2020 Sumit Bose - 0.16.3-20 +- realmd should handle default_realm in krb5.conf + Resolves: rhbz#1791016 +- [RFE] Enable LDAPS functionality in realmd join + Resolves: rhbz#1826964 + +* Thu Aug 13 2020 Sumit Bose - 0.16.3-19 +- Realm join fails with error 'Failed to join domain: failed to lookup + DC info ...' + Resolves: rhbz#1859503 +- realm command to use option like dnshostname=fqdn + Resolves: rhbz#1867912 + +* Fri Feb 21 2020 Sumit Bose - 0.16.3-18 +- Fix kerberos method + Resolves: rhbz#1801195 + +* Sun Dec 01 2019 Sumit Bose - 0.16.3-17 +- rebuild fails if DISTRO variable is exported + Resolves: rhbz#1747454 +- realmd.conf user-principal RFE and clarification + Resolves: rhbz#1747452 +- realmd.conf documentation incorrect + Resolves: rhbz#1747457 +- Document realmd.conf and how realmd reads the configuration + Resolves: rhbz#1747456 + +* Thu Sep 27 2018 Sumit Bose - 0.16.3-16 +- Do not call authselect for IPA domains + Resolves: rhbz#1633572 + +* Wed Aug 22 2018 Sumit Bose - 0.16.3-15 +- Change IPA defaults + Resolves: rhbz#1619162 + +* Tue Aug 14 2018 Sumit Bose - 0.16.3-14 +- Fix python BuildRequires + Resolves: rhbz#1615564 +- Add RHEL specific patch for IPA + Resolves: rhbz#1615320 +- Fix issues found by Coverity + Resolves: rhbz#1602677 + +* Wed Jul 04 2018 Sumit Bose - 0.16.3-13 +- Add latests patches from RHEL7 +- Add polkit runtime dependency + Resolves: rhbz#1577179 +- Drop python2 build dependency + Resolves: rhbz#1595813 +- Fix documentation reference in systemd unit file + Resolves: rhbz#1596325 +* Sun Mar 18 2018 René Genz - 0.16.3-12 +- use correct authselect syntax for *-disable-logins to fix rhbz#1558245 +- Iryna Shcherbina + Update Python 2 dependency declarations to new packaging standards + (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3) + +* Thu Mar 01 2018 Sumit Bose - 0.16.3-11 +- Require authselect instead of authconfig, related: rhbz#1537246 + +* Tue Feb 20 2018 Sumit Bose - 0.16.3-10 +- added BuildRequires gcc +- Use authselect instead of authconfig, related: rhbz#1537246 + +* Fri Feb 09 2018 Fedora Release Engineering - 0.16.3-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Sep 05 2017 Petr Pisar - 0.16.3-8 +- Update all m4 macros to prevent from mismatching between Automake versions + +* Thu Aug 03 2017 Fedora Release Engineering - 0.16.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Thu Jul 27 2017 Fedora Release Engineering - 0.16.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Apr 25 2017 Sumit Bose - 0.16.3-5 +- Resolves: rhbz#1445017 + +* Sat Feb 11 2017 Fedora Release Engineering - 0.16.3-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Thu Jan 19 2017 Merlin Mathesius - 0.16.3-3 +- Add BuildRequires: python to fix FTBFS (BZ#1415000). + +* Tue Dec 13 2016 Sumit Bose - 0.16.3-2 +- Resolves: rhbz#1401605 + +* Wed Nov 30 2016 Sumit Bose - 0.16.3-1 +- Updated to upstream 0.16.3 plus patches from git master + +* Fri Jun 03 2016 Sumit Bose - 0.16.2-5 +- properly apply patch for rhbz#1330766 +- Resolves: rhbz#1330766 + +* Wed May 18 2016 Sumit Bose - 0.16.2-4 +- Resolves: rhbz#1330766 + +* Thu Feb 04 2016 Fedora Release Engineering - 0.16.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Sep 11 2015 Stef Walter - 0.16.2-2 +- Fixed --computer-ou regression +- Show message when installing packages + +* Fri Jul 31 2015 Stef Walter - 0.16.2-1 +- Updated to upstream 0.16.2 +- Install to $prefix/lib instead of $libdir +- Resolves: rhbz#1246741 + +* Tue Jul 14 2015 Stef Walter - 0.16.1-1 +- Updated to upstream 0.16.1 +- Resolves: rhbz#1231128 + +* Thu Jun 18 2015 Fedora Release Engineering - 0.16.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Apr 14 2015 Stef Walter - 0.16.0-1 +- Updated to upstream 0.16.0 +- Resolves: rhbz#1205753 +- Resolves: rhbz#1142190 +- Resolves: rhbz#1061091 +- Resolves: rhbz#1205752 + +* Thu Apr 09 2015 Stephen Gallagher - 0.15.2-2 +- Resolves: rhbz#1210483 + +* Mon Oct 06 2014 Stef Walter - 0.15.2-1 +- Update to upstream 0.15.2 + +* Sun Aug 17 2014 Fedora Release Engineering - 0.15.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sun Jun 08 2014 Fedora Release Engineering - 0.15.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sat May 31 2014 Peter Robinson 0.15.1-2 +- Move ChangeLog to devel-docs. NEWS is probably riveting enough for users + +* Fri May 23 2014 Stef Walter - 0.15.1-1 +- Update to upstream 0.15.1 +- Remove the packagekit patch that's now integrated upstream + +* Thu Jan 30 2014 Richard Hughes - 0.15.0-2 +- Rebuild for libpackagekit-glib soname bump + +* Tue Jan 07 2014 Stef Walter - 0.15.0-1 +- Update to upstream 0.15.0 release, fixing various bugs + +* Mon Sep 09 2013 Stef Walter - 0.14.6-1 +- Update to upstream 0.14.6 point release +- Set 'kerberos method = system keytab' in smb.conf properly +- Limit Netbios name to 15 chars when joining AD domain + +* Thu Aug 15 2013 Stef Walter - 0.14.5-1 +- Update to upstream 0.14.5 point release +- Fix regression conflicting --unattended and -U as in --user args +- Pass discovered server address to adcli tool + +* Wed Aug 07 2013 Stef Walter - 0.14.4-1 +- Update to upstream 0.14.4 point release +- Fix up the [sssd] section in sssd.conf if it's screwed up +- Add an --unattended argument to realm command line client +- Clearer 'realm permit' manual page example + +* Wed Aug 07 2013 Stef Walter - 0.14.3-1 +- Update to upstream 0.14.3 point release +- Populate LoginFormats correctly [#961442] +- Documentation clarifications +- Set sssd.conf default_shell per domain +- Notify in terminal output when installing packages +- If joined via adcli, delete computer with adcli too [#961244] +- If input is not a tty, read from stdin without getpass() [#983153] +- Configure pam_winbind.conf appropriately [#983153] +- Refer to FreeIPA as IPA +- Support use of kerberos ccache to join when winbind + +* Sun Aug 04 2013 Fedora Release Engineering - 0.14.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Mon Jul 15 2013 Stef Walter - 0.14.2-4 +- Build with verbose automake output + +* Tue Jun 11 2013 Stef Walter - 0.14.2-3 +- Run test suite when building the package +- Fix rpmlint errors + +* Thu Jun 06 2013 Stef Walter - 0.14.2-2 +- Install oddjobd and oddjob-mkhomedir when joining domains [#969441] + +* Mon May 27 2013 Stef Walter - 0.14.2-1 +- Update to upstream 0.14.2 version +- Discover FreeIPA 3.0 with AD trust correctly [#966148] +- Only allow joining one realm by default [#966650] +- Enable the oddjobd service after joining a domain [#964971] +- Remove sssd.conf allow lists when permitting all [#965760] +- Add dependency on authconfig [#964675] +- Remove glib-networking dependency now that we no longer use SSL. + +* Mon May 13 2013 Stef Walter - 0.14.1-1 +- Update to upstream 0.14.1 version +- Fix crasher/regression using passwords with joins [#961435] +- Make second Ctrl-C just quit realm tool [#961325] +- Fix critical warning when leaving IPA realm [#961320] +- Don't print out journalctl command in obvious situations [#961230] +- Document the --all option to 'realm discover' [#961279] +- No need to require sssd-tools package [#961254] +- Enable services even in install mode [#960887] +- Use the AD domain name in sssd.conf directly [#960270] +- Fix critical warning when service Release() method [#961385] + +* Mon May 06 2013 Stef Walter - 0.14.0-1 +- Work around broken krb5 with empty passwords [#960001] +- Add manual page for realmd.conf [#959357] +- Update to upstream 0.14.0 version + +* Thu May 02 2013 Stef Walter - 0.13.91-1 +- Fix regression when using one time password [#958667] +- Support for permitting logins by group [#887675] + +* Mon Apr 29 2013 Stef Walter - 0.13.90-1 +- Add option to disable package-kit installs [#953852] +- Add option to use unqualified names [#953825] +- Better discovery of domains [#953153] +- Concept of managing parts of the system [#914892] +- Fix problems with cache directory [#913457] +- Clearly explain when realm cannot be joined [#878018] +- Many other upstream enhancements and fixes + +* Wed Apr 17 2013 Stef Walter - 0.13.3-2 +- Add missing glib-networking dependency, currently used + for FreeIPA discovery [#953151] + +* Wed Apr 17 2013 Stef Walter - 0.13.3-1 +- Update for upstream 0.13.3 version +- Add dependency on systemd for installing service file + +* Tue Apr 16 2013 Stef Walter - 0.13.2-2 +- Fix problem with sssd not starting after joining + +* Mon Feb 18 2013 Stef Walter - 0.13.2-1 +- Update to upstream 0.13.2 version + +* Mon Feb 18 2013 Stef Walter - 0.13.1-1 +- Update to upstream 0.13.1 version for bug fixes + +* Thu Feb 14 2013 Fedora Release Engineering - 0.12-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Mon Nov 12 2012 Stef Walter - 0.12-1 +- Update to upstream 0.12 version for bug fixes + +* Tue Oct 30 2012 Stef Walter - 0.11-1 +- Update to upstream 0.11 version + +* Sat Oct 20 2012 Stef Walter - 0.10-1 +- Update to upstream 0.10 version + +* Wed Oct 17 2012 Stef Walter - 0.9-1 +- Update to upstream 0.9 version + +* Wed Sep 19 2012 Stef Walter - 0.8-2 +- Add openldap-devel build requirement + +* Wed Sep 19 2012 Stef Walter - 0.8-1 +- Update to upstream 0.8 version +- Add support for translations + +* Mon Aug 20 2012 Stef Walter - 0.7-2 +- Build requires gtk-doc + +* Mon Aug 20 2012 Stef Walter - 0.7-1 +- Update to upstream 0.7 version +- Remove files no longer present in upstream version +- Put documentation in its own realmd-devel-docs subpackage +- Update upstream URLs + +* Mon Aug 6 2012 Stef Walter - 0.6-1 +- Update to upstream 0.6 version + +* Tue Jul 17 2012 Stef Walter - 0.5-2 +- Remove missing SssdIpa.service file from the files list. + This file will return upstream in 0.6 + +* Tue Jul 17 2012 Stef Walter - 0.5-1 +- Update to upstream 0.5 version + +* Tue Jun 19 2012 Stef Walter - 0.4-1 +- Update to upstream 0.4 version +- Cleanup various rpmlint warnings + +* Tue Jun 19 2012 Stef Walter - 0.3-2 +- Add doc files +- Own directories +- Remove obsolete parts of spec file +- Remove explicit dependencies +- Updated License line to LGPLv2+ + +* Tue Jun 19 2012 Stef Walter - 0.3 +- Build fixes + +* Mon Jun 18 2012 Stef Walter - 0.2 +- Initial RPM