Репозитории ALT
S: | 0.44.5-alt1 |
5.1: | 0.10-alt2 |
4.1: | 0.6-alt3.M41.4 |
4.0: | 0.3-alt1.M40.2 |
Группа :: Система/Настройка/Прочее
Пакет: alterator-auth
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
19 сентября 2023 Andrey Cherepanov <cas at altlinux.org> 0.44.5-alt1
- Requires pam_propperpwnam for join to AD and FreeIPA to ignore login name in different forms.
- system-auth: add --gpo to use GPO after join machine to Active Directory.
- Fix join with passwords beginning from - symbol
- Fix missing OS version for Sisyphus Regular builds
- Pass OS name and version diring join to Active Directory (ALT #46071). Thanks Sergey Sysoev.
- Fix auth in Active Directory with task-auth-ad-winbind without task-auth-ad-sssd.
- Many improvements by sin@ and kaa@:
- Disable Username and Password edit boxes activity when kerberos ccache using.
- Add support for switching between sssd and winbind during join to AD.
- Avoid to use default credential cache with password authentication and place login/password credential pair as command line option to net utility.
- Add support of using default kerberos credential cache during join to AD.
- Don't show gpupdate checkbox for ipa join (ALT#45154).
- Check Active Directory computer name condition by RFC952 and fix regression with not changing static hostname after reboot.
- Computer name and static hostname restrictions when typing into a domain.
- Support custom computer OU and Windows 2003 during join to Active Directory.
- task-auth-ad-sssd: add requires for sssd-tools and adcli for machine password
- Added functionality related to adding roles for domain groups.
- Add new parameters when setting up AD.
- Add ability to restore default configuration files.
- Enlarged sssd settings window (ALT #42008)
- Replacing the apply button with ok in the sssd settings.
- Add sssd settings.
- Add use of control libnss-role instead of write_nsswitch
- backend: fix list ldap local_bases (namingContexts) (ALT #40569)
- sbin/system-auth: fix sssd package check, old LDAP auth scheme
work again (ALT #40570)
- Add libsss_sudo to task-auth-freeipa.
- Fix an error message (the password is expired).
- Avoid dependency to gpupdate-setup due gpupdate mechanism is not mandatory.
- Enable Winbind with SSSD idmap for Active Directory secure channel.
- Synchronize SSSD and Winbind configuaration during join to AD.
- Add requires samba-winbind-clients to task-auth-ad-sssd metapackage
- Improve gpupdate enable/disable process
- Add default libnss-role roles for users, powerusers and localadmins in separated
package: alterator-roles-common - common files for alterator-roles (not implemented yet). - user-groups and admin-groups saved temporary for compatibility.
- Create aditional groups during alterator-roles-common install:
+ everyone (with prefered guid 98)
+ localadmins (with prefered guid 101)
+ powerusers (with prefered guid 102)
+ guests (with prefered guid 103)
+ accountops (with prefered guid 104)
+ serverops (with prefered guid 105)
+ printops (with prefered guid 106)
+ backupops (with prefered guid 107)
+ replicators (with prefered guid 108)
+ networkops (with prefered guid 109)
+ remote (with prefered guid 110)
- Add ad_gpo_access_control default as permissive for sssd.conf
- Add ad_gpo_ignore_unreadable and cache_credentials defaults for sssd.conf
- Add changelog from p9 allows copy from sisyphus to p9.
- Place dns source immediately after files instead of disabling avahi-daemon service (ALT #37082).
- Place dns source immediately after files instead of disabling avahi-daemon service (ALT #37082).
- Disable avahi-daemon if login to .local domain is requested (ALT #37082).
- join_ipa_domain(): adapt dm and delete obsoleted fix for nsswitch.conf.
- Fix hide user list for new version of lightdm.
- Do not remove local DNS from resolvconf.
- Hide user list in Lightdm for domain login.
- task-auth-ad-sssd now depends on sssd-dbus allowing AD domain users
to access D-Bus services like `systemctl` and etc. - system-auth now display correctly message in case of wrong password or
preauth failed. - Add Enable Group Policy checkbox in credential dialog during join to AD.
- Suppress error message during LDAP server check.
- Do not require nss-ldap by default.
- Disable nscd if sssd is used.
- Add package task-auth-ldap-sssd.
- Fix here-document blocks in system-auth for bash4.
- Do not hide user in lightdm-gtk-greeter because it hides they at all.
- Make ldap/krb5 authentication by SSSD instead on nss-ldapd.
- Use own parser to set values in /etc/krb5.conf.
- AD: configure sssd to obey the group policy
- AD: correctly update the (A) DNS record of the newly joined host
- Change entry files for ALT Domain from combobox to inputbox to support
Astra Linux Directory. - Check domain name in DNS first in AD and FreeIPA join.
- Add -d option for system-auth to show debug output.
- Do not change hostname during join process (ALT #33723).
- Fix typo in service file name (ALT #33224).
- NMU: Replace BuildRequires for guile on e2k arch.
- Remove gvfs-shares from task-auth-* metapackages (ALT #33481)
- Hide non-existing services list (ALT #33371)
- Hide roleadd warnings about non-existing groups (ALT #33372)
- task-auth-ad now is provided by task-auth-ad-sssd
- Samba config cleanup, disable wins support
- Disable service nscd for sssd
- Wrap long line in warning
- Package task-auth-ad is not enough to auth with Active Directory
because it uses non-recommended winbind - [Active Directory] Fix DNS and Kerberos configuration
- Supress grep output in ipa_domain check
- Do not strict require ipa-client-install
- Support join to FreeIPA domain
- Add new metapackage task-auth-ad-sssd for configure auth by SSSD
- Support SSSD for auth in Active Directory
- Workaround to fix https://bugs.altlinux.org/32139 for system with old
libshell - [SUCCESS=merge] in nsswitch.conf is supported only in
glibc-core >= 2.23. Remove this option for earlier version
- Remove hostnamectl (systemd-services) from requirements
- Set local hostname and set krb5_ccache_type to KEYRING
- Require gvfs-shares in task-auth-ad
- Fix nss role behaviour (use domain names and place in nsswitch.conf)
- Edit existing Kerberos configuration instead of use winbind to
retrieve Kerberos config (ALT #32342, #32937) - Set winbind enum users and groups to `no` to prevent lags in large
networks - Check task-auth-ad package installed instead of winbind service to
get complete list of requirements - Map domain groups to local Unix groups
- Add gvfs stuff to task-auth-ad for shares mount
- Set time sync from dc for client
- Adapt LightDM for too many domain users: remove user list and language
chooser (such as Windows login screen)
- Wait 10 seconds for winbind to create krb5.conf file (ALT #32759)
- Support offline login and set more usable parameters for pam_winbind
- Register machine in domain DNS during Active Directory join
- Show real error from system-auth if it exists
- Fix domain name detection in resolvconf
- Add bind-utils for troubleshooting
- Add metapackage task-auth-ad to setup authentication in Active
Directory domain
- Fix join to Active Directory domain in some cases:
- Increase available idmap range from 10.000 to 20 millions
- Use system keytab for share files to domain users
- Require libnss-myhostname to prevent "DNS update failed!" error
(see https://lists.samba.org/archive/samba/2009-June/148869.html) - Check Nebios name length (shoud not be more 15 chars) both in script
and form - Inform user to succesful join to Active Directory domain
- "group: files [SUCCESS=merge] ldap" for glibc groups merging
- Fix Kerberos environment prepare by winbind
- Comment out unused parameters
- Support WINS in Samba config file
- Replace entire section [global] in /etc/samba/smb.conf by new config
- Support mapping parameters both for Samba 3.x and 4.x
- Read domain name from domain parameter of resolvconf -l
- Enable service settime-rfc867 for ALT domain
- Add settime-rfc867 to requirements
- Support both sysvinit and systemd services
- Sync time with DC before join to Active Directory domain
- Check available of /usr/bin/net for join to AD
- Set idmap range to 10000-20000 and disable master role by default for
Active Directory auth (useful for KDM using MaxShowUID=29999) - Autofill Active Directory domain name from DNS information
- Usability improvements
- system-auth: show usage infomation and program version
- Support Active Directory authentication in GUI (ALT #30021)
- [system-auth] Disable old scheme services only on scheme change
- Add support of Active Directory auth in system-auth
- Do not require ldap-user-tools for list local configured LDAP DNs (ALT #24180)
- Fix fatal exit in backend if avahi-daemon is not running
- Fix typo (ALT #25930)
- Package ini-config helper for set parameters in ini files
- Fix system-auth write with nss-ldapd
- setting ccreds checkbox state added
- add simple pam_ccreds support (without status and constraints)
- Fix check avahi-daemon under systemd
- Check avahi-daemon activity in more convinent way compatible with systemd
- Don't hide local base selection if avahi-daemon is stopped
- Autostart nslcd daemon if ldap or krb5 authentication is used
- Warning about stopped avahi-daemon
- Add avahi-daemon in requires
- Support nss-ldapd
- Add string for translation.
- Improve warning message.
- Always show warning message.
- Show warning message about reboots necessity.
- alwais ldaps if kerberos
- set ldaps:// for kerberos domain
- requres on nss_ldap added
- fixed domain selection in acc
- Refabrisched after wf="form"->wf="none" migration.
- Added Local|LDAP|KRB5 support and LDAP base selection.
- added support /etc/openldap/ldap.conf
- removed write_krb5 (unnecessary function)
- merged with Anton V. Boyarshinov
- removed /etc/krb5.conf filling (default is better)
- fixed ui bug (installer)
- rewrote qt interface
- synced html interface with qt interface
- fixed hook (now checking SERVER_ROLE)
- added role checking (hook)
- fixed nsswitch bug
- fixed simple error (auth hook)
- rewrote ui for domain auth
- added system-auth tool
- rewrote backend and ui (now using system-auth tool)
- added /etc/hooks/hostname.d/90-auth (setting auth for servers)
- removed alterator-kdc
- wrote fill_krb_conf
- fixed ui
- added krb5 support (krb5.conf)
- require alterator-kdc
- move html ui definitions from templates to ui directory
- use help and translations directly from alterator-l10n
- use new help from l10n
- update help (by azol@), rebuild with new alterator-l10n (add pt_BR.po)
- remove title and h1 from html template
- replace constraints with types
- use enumref
- remove po-files
- use module.mak
- rename: effect-update -> update-effect, effect-init -> init-effect
- use effectShow
- update backend
- update for new case-form algo
- update help
- join to common translation database
- join alterator-auth and alterator-nsswitch
- remove html-messages.po
- improve UI according alterator HIG
- fix hostname restrictions
- remove template-*
- use alterator-sh-functions
- use libshell
- update to new help system
- fix backend
- add qt ui
- html ui improvements
- help improvements from kirill@
- comment out 'host' option to avoid conflict with uri
- add help
- improve constraints
- exclude ldap from list if appropriate nss module doesn't exists
- Initial release