- Several Java import statements specify wildcard arguments. However, due to the use of "wildcards arguments" in the import statements of the source code contained in the Red Hat Enterprise Linux 6 maintenance branch, a name space collision created the potential for a wrong class to be utilized. As a consequence, the Token Processing System (TPS) rebuild test failed with an error message. This update addresses the bug by supplying the fully named class in all of the contentious areas, and TPS rebuild test no longer fails.
- Previously, the IPA CA certificate was created with SHA1 signing algorithm, instead of SHA256. A patch has been provided to fix this bug, and the certification is now correct.
- Prior to this update, IPA Replica installation failed when using an external CA certificate. The interoperability problems have been fixed, and IPA again works with external CA certificates.
- Previously, the pki utility generated copious debug log, filling up the /var/log file system with log messages. This update implements the log rotation functionality, thus fixing the bug.
- When the LANG variable for specifying a locale was set to "tr_TR.UTF8", the installation of IPA became unresponsive. This update prevents Lightweight Directory Access Protocol (LDAP) attributes from being affected by LANG, and IPA no longer hangs.
- Previously, the setup of the IPA replica failed during external CA Certificate setup with "unable to parse xml" error message. The underlying source code has been patched, and the setup of the replica system now works flawlessly.
- Due to Access Vector Cache (AVC) denial messages in the audit.log file, the certmonger daemon could not start tracking Public Key Infrastructure (PKI) certificates. Consequently, errors during FreeIPA installation occurred. This update provides a patch for AVC, and certmonger now starts tracking PKI certificates as intended.
- While installing the IPA Server, numerous Access Vector Cache (AVC) denial messages were stored in audit.log. However, AVC messages were not a blocker and installation proceeded successfully. The problematic source code has been patched, and IPA Public Key Infrastructure (PKI) clone certificate renewal no longer produces AVC denial messages.
- With this update, the "CS.cfg" file is automatically backed up to "CS.cfg.bak" following a successful restart of any configured PKI instance.