RHBA-2011:1754 - Bug Fix Advisory

Topic

Updated ipa-pki-theme packages which fix this bug are now available for Red Hat
Enterprise Linux 6.

Description

The ipa-pki-theme packages provide Red Hat Identity Management theme components
for PKI packages.

Certificate System (CS) manages enterprise Public Key Infrastructure (PKI)
deployments and requires a theme for the specific type of PKI deployment with
which it is used. This package makes a Red Hat Identity Management theme
available for CS, and therefore makes it possible for users of Red Hat
Enterprise Linux 6 to use CS as a part of Red Hat Identity Management
deployments.

These updated ipa-pki-theme packages fix the following bug:

• IPA (Identity, Policy and Audit) is an identity and access management system.

Prior to this update, Certificate System (CS), which is implemented in pki-core,
required multiple ports to be open in a firewall for IPA to work. The number of
open ports required has been reduced, and support for a proxy using Apache JServ
Protocol (AJP) ports has been added, by enhancements made in pki-core. With this
update, ipa-pki-theme has been changed to make use of the updates to CS,
including adding the proxy-ipa.conf configuration file, and fixing broken links
in certain user interface files. As a result, it is now possible for
ipa-pki-theme to support running CS behind a proxy Apache server. (BZ#712931)

Important: this theme is mutually exclusive with the PKI themes for other types
of PKI deployments, such as dogtag-pki-theme for Dogtag Certificate System
deployments and redhat-pki-theme for Red Hat Certificate System deployments.
(BZ#643543)

All users of ipa-pki-theme are advised to upgrade to these updated packages,
which fixes this bug.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 6 x86_64
• Red Hat Enterprise Linux Server 6 i386
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 x86_64
• Red Hat Enterprise Linux Server - Extended Life Cycle Support 6 i386
• Red Hat Enterprise Linux Workstation 6 x86_64
• Red Hat Enterprise Linux Workstation 6 i386
• Red Hat Enterprise Linux Desktop 6 x86_64
• Red Hat Enterprise Linux Desktop 6 i386
• Red Hat Enterprise Linux for Scientific Computing 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 x86_64
• Red Hat Enterprise Linux Server from RHUI 6 i386

Fixes

• BZ - 712931 - CS requires too many ports to be open in the FW.

CVEs

(none)

References

(none)