Group :: Other
RPM: local-policy
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
23 janeiro 2023 Ivan A. Melnikov <iv at altlinux.org> 0.6.0-alt1.1
- NMU: ensure this package doesn't require
xmlbeans-scripts (ALT#45002).
- New directory /etc/local-policy-system with Local Group Policy Template (GPT)
- Add control local-policy-system-access
- Add control smb-conf-machine-password-timeout
- Add control sssd-ad-update-machine-password
- Adjust local policy templates
- Add control system-policy for gpupdate
- Add sssd-drop-privileges control
- Fix sssd-ad-gpo-access-control with more appropriate designations
- Add sssd-dyndns-{update,update-ptr,refresh-interval,ttl} controls
- Fix control_subst_with_file_check regression and improve default
variants of controls facilities use it
- Revert winbind service enabling by default on server and workstation
due it depends on samba configuration and could be unconsistent - Add smb-conf-idmap-backend and smb-conf-idmap-range controls
- Add requires to control with OpenSSH server PermitRootLogin configuration
- Add winbind service enabled by default on server and workstation
- Fixed controls in case appropriate configs are missing
- Add check default sssd-ad options and create it if not exists
- Add sssd-ad-gpo-access-control control
- Add sssd-cache-credentials control
- Update sssd-ad-gpo-ignore-unreadable control
- Add autofs-browse-mode and sssd-ad-gpo-ignore-unreadable controls
- Open SSH port by default for all templates
- Replace machine local Registry policy in Samba backup format
- krb5-conf-ccache control added for Kerberos client default credential cache:
+ keyring: Keyring persistent cache stored in unswappable kernel memory
+ tmpfile: Traditional, simplest and most portable cache stored in temporary file
+ rundir: Directory cache stored in run-time variable data
+ kcm: Kerberos credential manager (requires service like sssd-kcm)
+ default: Default credential cache (usualy same as temporary file) - Add ad-domain-controller policy template
- Add empty default local-policy
- Add local-policy sysconfig directory to package
- Add data directory to package
- Remove default symlink (it is a bad idea to pack it due rpm limitations)
- Multiple policy templates introduced
- Update project URL
- Add gpupdate to local.xml
- Add default policies templates in PReg format converted to XML
- Change license to GPLv2+
- sshd-allow-groups-list added
- sshd-gssapi-auth: remove kill -HUP from control
- create group "remote" for sshd allow groups list policy
- ssh-gssapi-auth added
- Package made architecture-independent
- sshd-allow-gssapi renamed to sshd-gssapi-auth
- ldap-tls-cert-check control for 'tls_reqcert' option
- Build fixes
- ldap-reverse-dns-lookup control for 'sasl_nocanon' option of OpenLDAP
- Initial release with `sshd-allow-gssapi` script