CASA/CASA-auth-token/server-java/package/linux/CASA_auth_token_svc.changes
2008-06-05 16:47:55 +00:00

463 lines
17 KiB
Plaintext

-------------------------------------------------------------------
Thu Jun 5 10:47:01 MDT 2008 - jluciani@novell.com
- Applied Ruedigers ppc fix to other scripts that had the same
problem.
-------------------------------------------------------------------
Wed Jun 4 14:57:02 CEST 2008 - ro@suse.de
- fix build on ppc:
do not assume machine is lib64 just because that directory
exists, rather test the directory we try to access
-------------------------------------------------------------------
Tue Jun 3 10:14:36 MDT 2008 - jluciani@novell.com
- Fixed a script that I missed when making the changes to
remove the JVM version dependency for BUG 394342.
- Added License information that was missing in the spec file.
-------------------------------------------------------------------
Mon Jun 2 15:17:57 MDT 2008 - jluciani@novell.com
- Modified all the necessary scripts to become JVM version
independent in order to resolve BUG 394342.
-------------------------------------------------------------------
Fri Feb 1 13:24:05 MST 2008 - jluciani@novell.com
- Added code to override the default LDAP connect timeout to
a more reasonable value. This addresses the client timeout
issue being seen during LDAP server fail-over reported in
BUG 292598.
-------------------------------------------------------------------
Wed Jan 30 02:06:58 CET 2008 - ro@suse.de
- fix tomcat requires as well
-------------------------------------------------------------------
Mon Jan 28 13:19:43 MST 2008 - jluciani@novell.com
- Updated the way the RealmsInfo class reads the iaRealms file to
allow for extended characters in the file. This addresses BUG
338574.
-------------------------------------------------------------------
Sat Jan 26 11:55:41 CET 2008 - coolo@suse.de
- build against tomcat6
-------------------------------------------------------------------
Thu Aug 9 10:19:43 MDT 2007 - jluciani@novell.com
- Changed tomcat5 dependency to tomcat55 for SuSE versions
greater or equal to 1030 to handle changes in the distribution.
This addresses BUG 297712.
-------------------------------------------------------------------
Fri Jun 29 09:28:40 MDT 2007 - jluciani@novell.com
- Added JRE_HOME setting to the envvars file used by the
CASA_auth_token_svc rpm targeted for Zenworks. This addresses
BUG 283074.
-------------------------------------------------------------------
Wed Jun 27 10:22:33 MDT 2007 - jluciani@novell.com
- Updated server.xml file used in CASA_auth_token_svc package
delivered to Zen to resolve BUG 283074.
-------------------------------------------------------------------
Mon Jun 25 12:09:20 MDT 2007 - jluciani@novell.com
- Removed dependency to jakarta-commons-lang package added when
BUG 278396 was fixed since we found out that the package is
not in the SLES media.
- Added "ATS Access through Web Server" to resolve BUG 287279.
-------------------------------------------------------------------
Fri Jun 8 15:03:14 MDT 2007 - jluciani@novell.com
- Fixed problem where we were failing to authenticate users
residing in a container with a "&" in the name. This was
reported in BUG 278396.
-------------------------------------------------------------------
Mon Jun 4 11:14:14 MDT 2007 - jluciani@novell.com
- Changed to leverage the server key and certificate
(/etc/ssl/servercerts) if present as part of the solution
to BUG 242891.
- Added a scrip to store the Signing Certificates from trusted
ATSs in the client store. This certificate is executed by the
Yast module when completing the configured ATS trust associations.
This is part of the solution to BUG 242891.
- Changed the ATS to use the certificates in the Trusted ATS Keystore
(the client store) when verifying session tokens. This is part of
the solution to BUG 242891.
- The envvars script for the client now specifies the path that Java
should be using to load native libraries in order to work-around
the problem of the 64bit JVM trying to load 32bit libraries. This
resolves BUG 278825.
-------------------------------------------------------------------
Thu May 24 09:48:00 MDT 2007 - jluciani@novell.com
- Fixed problem in TomcatConnectorEditor utility where it was
referencing the wrong path to the server.xml file. This fixes
BUG277839.
-------------------------------------------------------------------
Thu May 10 10:55:22 MDT 2007 - jluciani@novell.com
- Removed the temporary work around made to the SPEC files
which was allowing the user casaatsd to have a shell.
- Removed the OES workaround from the CasaBasicATSSetup script
since it is no longer needed.
-------------------------------------------------------------------
Wed May 9 16:38:14 MDT 2007 - jluciani@novell.com
- Added the capability to read REALM credentials from miCASA to
avoid having the credentials in the clear in the iaRealms.xml
file. This change adds a dependency on CASA and partially
addresses BUG265414.
- Created a utility that allows users to edit the iaRealms.xml
file. This was necessary to support the CASA ATS Yast Module
enhancements.
- Fixed settings and policy utilities to output error messages
to stderr instead of stdout to avoid messing up the CASA ATS
Yast Module.
- Fixed the SPEC files to set the appropriate home folder for
the casaatsd user.
- Temporary changed the SPEC files to allow the casaatsd user
to have a shell. This change will be reverted as soon as
the CASAcli is updated to allow a root user to pass the
UID of the user being targeted.
-------------------------------------------------------------------
Fri Apr 20 15:40:01 MDT 2007 - jluciani@novell.com
- Created utilities for editing the connector entry for the
server.xml Tomcat configuration file so that it can be
easily modified so that the Tomcat instance utilized by
the ATS use a different Keystore and be able to leverage
Certificate/Keys installed for other products. This is
the first step in the resolution of BUG242891.
-------------------------------------------------------------------
Wed Apr 18 16:43:48 MDT 2007 - jluciani@novell.com
- Fixed authentication problems where extended characters are
part of either the username, password, or the information
contained in the session or authentication tokens. This
takes care of BUG263007.
-------------------------------------------------------------------
Tue Apr 17 16:35:10 MDT 2007 - jluciani@novell.com
- Fixed access rights to the /etc/CASA/authtoken/svc folder and
its sub-folders to allow members of the casaauth group to
configure themselves. This resolves BUG265580.
-------------------------------------------------------------------
Mon Apr 2 16:45:11 MDT 2007 - jluciani@novell.com
- Added pwdutils to BuildRequires to fix build issue.
-------------------------------------------------------------------
Wed Mar 21 17:19:16 MDT 2007 - jluciani@novell.com
- Fixed BUG256569. The changes allow the ATS to fail-over to another
LDAP server in the case of a communication failure.
-------------------------------------------------------------------
Mon Mar 19 10:41:50 MDT 2007 - jluciani@novell.com
- Fixed BUG242969 by removing the log files that get created by
the Windows install of the ATS.
- Fixed BUG251942 by updating the Windows install file responsible
for setting up the log4j.properties file so that it properly
escapes the path characters.
- Fixed BUG250413 by lowering the priority of the messages being
logged and by increasing the log level priority to "warn" in
the log4j.properties file.
- Fixed BUG243339 by codding directly to the classes provided by
xmlsec and taking care of building SOAP messages with the
necessary WS-Security headers.
-------------------------------------------------------------------
Mon Mar 5 11:32:37 MST 2007 - jluciani@novell.com
- Fixed logging issues under Windows.
-------------------------------------------------------------------
Thu Feb 22 15:44:28 MST 2007 - jluciani@novell.com
- Switched logging from Standard Out to using Log4j. Now the
logging and tracing levels can be adjusted via the
log4j.properties file. The changes separate logs done for
tracing Rpc processing from regular logs. These changes
take care of BUG243343.
-------------------------------------------------------------------
Tue Feb 13 16:41:46 MST 2007 - jluciani@novell.com
- Made changes to deal with recommendations given by Greg as
a result of the code review that he performed.
- Added check to protect against zero length passwords in the
Pwd authentication mechanism.
- Fixed issue that was not allowing us to associate a PID file
with the ATS service.
- Stopped deleting the user "casaatsd" during RPM un-install to
avoid problems with orphaned files.
-------------------------------------------------------------------
Mon Feb 12 09:09:56 MST 2007 - jluciani@novell.com
- Stopped deleting user casaatsd during RPM un-install to avoid
issues with orphaned files.
-------------------------------------------------------------------
Wed Jan 31 12:25:30 MST 2007 - jluciani@novell.com
- Fixed typo in iaRealms.xml file template which was keeping
the ATS from running.
-------------------------------------------------------------------
Thu Jan 25 15:18:38 MST 2007 - jluciani@novell.com
- The keystore path in the server.xml specific to Zen
installations was wrong.
-------------------------------------------------------------------
Wed Jan 24 10:55:40 MST 2007 - jluciani@novell.com
- ATS envvars file now does not rely on the environment
variable JAVA_HOME since it may not be pointed to the
JVM that we would want to use.
-------------------------------------------------------------------
Tue Jan 23 15:19:10 MST 2007 - jluciani@novell.com
- More changes to become more compatible with Zen.
- Enhanced places where exceptions are thrown to include
information about exceptions that may have been caught
to improve debugging.
-------------------------------------------------------------------
Mon Jan 22 16:10:36 MST 2007 - jluciani@novell.com
- Added the ability to explicitedly configure the type of
directory back-ending a realm.
- Added the ability to configure the search string that should
be utilized when performing contextless-login as part of
the Password authentication process.
-------------------------------------------------------------------
Fri Jan 19 16:30:03 MST 2007 - jluciani@novell.com
- Made changes to allow us to build RPMs to be consumed by
the ZenWorks installer.
-------------------------------------------------------------------
Wed Jan 17 16:52:46 MST 2007 - jluciani@novell.com
- Fixed BUG225066 (Uninstall doesn't cleanup).
- Addressed BUG190821 (CASA-AD - Display name is being used
instead of the account name).
- Added the ability to search an identity source using
more than one context (search root).
- Fixed problem that was keeping us from disabling the
auto-reconfigure feature by setting the service
reconfigure interval to 0.
- The upgrade path for the ATS was not cleaning up the
appropriate webapp folder so the new webapp was not
getting re-deployed.
-------------------------------------------------------------------
Fri Jan 12 10:23:06 MST 2007 - jluciani@novell.com
- Fix issue that was causing authentication to fail when using
Pwd authentication.
-------------------------------------------------------------------
Mon Jan 8 15:26:15 MST 2007 - jluciani@novell.com
- Applied changes to solve most issues found during my code
review of the components.
-------------------------------------------------------------------
Wed Dec 13 10:18:25 MST 2006 - jluciani@novell.com
- Made changes to deal with API changes in the identity package file.
Without these changes the component does not build successfully.
-------------------------------------------------------------------
Wed Dec 6 10:29:15 MST 2006 - jluciani@novell.com
- Added option to the command being used to import
certificate from the CasaBasicATSSetup script so
that it works correctly in conjunction with our
Yast module. This addresses BUG225428.
-------------------------------------------------------------------
Mon Dec 4 17:21:00 MST 2006 - jluciani@novell.com
- Added a workaround to the CasaBasicATSSetup script to import
eDirs CA Cert into the Java keystore if it is present. This
workaround will be removed once OES starts performing it.
This addresses BUG225428.
-------------------------------------------------------------------
Mon Dec 4 15:14:12 MST 2006 - jluciani@novell.com
- Fixed "Shutting..." init.d output script problem documented
in BUG225027.
-------------------------------------------------------------------
Mon Dec 4 10:26:16 MST 2006 - jluciani@novell.com
- Fixed ATS Setup BUG225426.
-------------------------------------------------------------------
Tue Nov 28 09:39:05 MST 2006 - jluciani@novell.com
- Fixed a dependency on IBM's Java related to bugs: BUG222541,
BUG216949, and BUG215221.
-------------------------------------------------------------------
Wed Nov 22 08:43:26 MST 2006 - jluciani@novell.com
- Resolved the following bugs: BUG222541, BUG216949, BUG215221. :-).
-------------------------------------------------------------------
Tue Nov 21 17:53:20 MST 2006 - jluciani@novell.com
- Added NOTICES file detailing the licenses and/or the copyrights
of all third party software used within the project.
-------------------------------------------------------------------
Tue Nov 21 10:36:42 MST 2006 - jluciani@novell.com
- Fixed spec file issue.
-------------------------------------------------------------------
Fri Nov 17 17:08:13 MST 2006 - jluciani@novell.com
- Removed hard dependency on IBM's JVM.
-------------------------------------------------------------------
Thu Nov 9 11:42:15 MST 2006 - jluciani@novell.com
- Completed the ATS configuration story with a tool that
sets up all of the needed configuration files and
parameters with support for a single LDAP Realm and
server.
-------------------------------------------------------------------
Tue Nov 7 10:42:24 MST 2006 - jluciani@novell.com
- The service is now only accessible via SSL.
- Created tools for editing settings and policy files.
-------------------------------------------------------------------
Fri Oct 20 09:53:55 MDT 2006 - jluciani@novell.com
- Modified the CasaAuthTokenSvc war file to no longer include the
identity-abstraction jars. The CASA_auth_token_svc rpm now requires
the installation of the identity-abstraction rpm and the service is
able to load its files from the location where they are installed
with settings set in the server.xml file of our tomcat base.
-------------------------------------------------------------------
Wed Oct 18 17:22:01 MDT 2006 - jluciani@novell.com
- Updated the RPM install of the ATS to install it as a service
and create the necessary signing keys.
- Made changes to other components to integrate with the new
RPM install changes.
-------------------------------------------------------------------
Tue Oct 10 08:45:22 MDT 2006 - jluciani@novell.com
- Brought up to date the README and TODO files.
-------------------------------------------------------------------
Thu Sep 21 15:41:18 MDT 2006 - jluciani@novell.com
- Reduced Kerberos configuration requirements. Now the ATS service
principal name defaults to "host" and there is no need to set the
"javax.security.auth.useSubjectCredsOnly" system property to "false"
in the JAVA_OPTS.
-------------------------------------------------------------------
Mon Sep 18 11:18:00 MDT 2006 - jluciani@novell.com
- Updated the Svc to reduce the configuration requirements on services
that want to leverage the infrastructure.
- Modified the WSSecurity module to not include the X509 certificate
in tokens if they are targeted to services residing on the same
box as the ATS. This is being done in order to minimize the size
of the tokens.
-------------------------------------------------------------------
Thu Sep 14 09:57:00 MDT 2006 - jluciani@novell.com
- Made changes to support the Authtoken Validate Service. This now
fixes support of "C" services.
- Switched to using IBMs java instead of SUNs. This was done in order to
gain better Kerberos support (IBMs Kerberos modul supports more
encryption types) and to get around a problem in SUN's Invocation API
that was not letting us consume our AuthToken class from a native thread
other than the thread which creates the JVM.
-------------------------------------------------------------------
Fri Aug 18 11:49:22 MDT 2006 - jluciani@novell.com
- Implemented securing Authentication and Session Tokens using WS-Security.
This change temporarily breaks support of "C" services. "C" service support
will be resumed once the necessary changes are made to the native authentication
token APIs to support the new Authentication Tokens.
-------------------------------------------------------------------
Mon Aug 14 14:25:27 MDT 2006 - jluciani@novell.com
- Added some debug statements and added the sample Jaas application into
the tar file that is submitted to autobuild.
-------------------------------------------------------------------
Mon Aug 7 10:28:32 MDT 2006 - schoi@novell.com
- This file has been created for CASA_auth_token_svc project for the first
time.
-------------------------------------------------------------------