The Dogtag team is proud to announce version Dogtag v10.0.0 beta 2.
A build is available for Fedora 18 in the updates-testing repo. Please
try it out and provide karma to move it to the F18 stable repo.
Daily developer builds for Fedora 17 and 18 are available at
http://nkinder.fedorapeople.org/dogtag-devel/fedora/
== Build Versions ==
pki-core-10.0.0-0.48.b2.fc18
pki-ra-10.0.0-0.10.b2.fc18
pki-tps-10.0.0-0.10.b2.fc18
dogtag-pki-10.0.0-0.13.b2.fc18
dogtag-pki-theme-10.0.0-0.4.b2.fc18
pki-console-10.0.0-0.10.b2.fc18
== Highlights since Dogtag v. 10.0.0 beta 1 (Oct 9 2012) ==
* Selinux policy moved into system selinux policy. For F18, pki-selinux
will no longer be built and delivered by the dogtag team. The PKI
policy will instead be managed by the selinux base packages team.
* Added option to install schema on a clone, rather than simply
replicating it. This is to resolve an IPA issue when replicating from a
non-merged to a merged database.
* Restricted AJP to allow access from localhost only by default. This
is an IPA reported issue.
* Changes to allow the TPS and RA to install and configure correctly.
* Enabled Tomcat security manager and added mechanism to configure
custom security policy.
* Added CLI tools to obtain security domain information and install
tokens.
* Refactored REST client classes to support multiple operations over
authenticated HTTP session.
* Added automatic recovery to the LDAP modification listener.
* Added login service to protect REST services including certificate
operations, key operations, security domain, TKS and OCSP.
* Added option to pkispawn to exit before configuration, in case the
installer wants to go through the UI configuration panels. In this way,
pkispawn can be operated like pkicreate/pkisilent.
* Removed version numbers from jar files to comply with Fedora packaging
recommendations.
== Notes for F17 ==
* Only developer builds are available for F17.
* F17 tomcat used to have a bug in the way it handles pid files.
https://bugzilla.redhat.com/show_bug.cgi?id=863307. Make sure that you
have at least tomcat-7.0.32-1.fc17.
== Feedback ==
Please provide comments, bugs and other feedback via the pki-devel
mailing list:
http://www.redhat.com/mailman/listinfo/pki-devel
== Detailed Changelog ==
akoneru (1):
1485a05 Fix for ticket 384 - Incorrect profiles path referenced
alee (15):
80ac796 Fix symkey build dependency
65c17da Update to b2 release
7c105a6 Restrict AJP to localhost only by default
3908d96 Added obsoletes for pki-selinux
278ee60 changes to remove pki-selinux from f18 build
1c45197 Provide option to install, rather than replicate schema to clone
40bcc2c Reorder VLV indexing for clones to avoid errors
643c089 Fixes to get TPS to configure correctly
d6634a7 Reverted to old interface and httpclient for installation token.
2a43f48 Added net-tools dependency
35eb608 changes to remind folks not to use pkicreate/pkiremove
8a2d342 Update tomcatjss dependency
283af42 Added pki_tomcat_script_t type and rules for upgraded instances
c7c2b6c New selinux interface needed for certmonger directory access
c494bd0 Added pki_tomcat_cert_t type and interface to access it
edewata (16):
c1aa8b2 Enabled authentication for key services.
748605a Fixed synchronization problem in CertificateRepository.
5eab7fe Enabled Tomcat security manager.
9c17ef4 Refactored GetDomainXML servlet.
5bb7933 Added REST interface to get domain info.
6359021 Enabled account service for TKS and OCSP.
8687740 Added conditions for security domain REST service.
7ec6c91 Fixed error handling in RetrieveModificationsTask.
2d3d561 Fixed KRA test.
c1f9b39 Enabled realm authentication for certificate requests.
1723a2e Added REST account service.
98ad9c1 Added PKIPrincipal.
4300459 Added PKIConnection.
8973480 Refactored GetCookie servlet.
168d954 Enabled authentication for security domain REST interface.
212ab82 Return to d9 behavior for RetrieveModificationsTask
mharmsen (2):
a957a3d Allow a PKI instance to be installed/configured independently
8d77b52 Removal of version numbers from jar file names