このコンテンツは選択した言語では利用できません。

4.16. certmonger


An updated certmonger package that fixes one bug is now available for Red Hat Enterprise Linux 5.
[Updated 20 December 2011] This advisory has been updated with the correct product name (that is, Red Hat Enterprise Linux 5) in the Details section. The package included in this revised update has not been changed in any way from the package included in the original advisory.
The certmonger service monitors certificates, warning of their impending expiration, and optionally attempting to re-enroll with supported CAs (Certificate Authorities).

Bug Fix

BZ#767573
The RHSA-2011-1533 security advisory, which fixed a security vulnerability in the IPA (Identity, Policy and Audit) web-based service, caused incompatibility with older versions of certmonger. As a consequence, certmonger was unable to correctly submit enrollment requests to IPA's CA. With this update, certmonger has been modified and it now operates correctly with newer versions of IPA. Interoperability with older versions of IPA remains unaffected.
All users of certmonger are advised to upgrade to this updated package, which fixes this bug.
An updated certmonger package is now available for Red Hat Enterprise Linux 6.
The certmonger service monitors certificates, warning of their impending expiration, and optionally attempting to re-enroll with supported CAs (Certificate Authorities).

Bug Fix

BZ#729803
When submitting a signing request to a Red Hat IPA (Identity, Policy, Audit) CA, certmonger is expected to authenticate using the client's host credentials, and to delegate the client's credentials to the server. Recent updates to libraries on which certmonger depends changed delegation of client credentials from a mandatory operation to an optional operation that is no longer enabled by default, which effectively broke certmonger's support for IPA CAs.
This update gives certmonger the ability to explicitly request credential delegation when used with newer versions of these libraries, which introduce an API that allows certmonger to explicitly request that credential delegation be performed.
All certmonger users should upgrade to this updated package, which fixes this bug.
An updated certmonger package that fixes multiple bugs and adds one enhancement is now available for Red Hat Enterprise Linux 5.
The certmonger service monitors certificates as the date at which they become invalid approaches, optionally attempting to re-enroll with a supported certificate authority (CA) to keep the services which use the certificates running without incident.
The certmonger service, which was initially introduced as a Technology Preview, is now fully-supported. (BZ#665317)

Bug Fixes

BZ#712072
Prior to this update, ipa-getcert list calls from non-root users logged the misleading message ""Number of certificates and requests being tracked: 0". This update modifies the underlying code to display the correct message "Insufficient access. Please retry operation as root." when non-root users call ipa-getcert list.
BZ#756745
Prior to this update, starting the certmonger service as non-root user looged the uninformative message "Error connecting to D-Bus.". This update modifies the underlying code to display the correct message "Insufficient access. Please retry operation as root." when non-root users start the certmonger service.
BZ#757883
Prior to this update, the IPA web-based service was not compatibile with certmonger. As a consequence, certmonger was unable to correctly submit enrollment requests to IPA's CA. With this update, certmonger has been modified and it now operates correctly with newer versions of IPA.

Enhancement

BZ#727864
Prior to this update, libcurl could not delegate Kerberos tickets via XML-RPC to authenticate with Identity, Policy and Audit (IPA). This update adds support for the xmlrpc-c API to allow for Generic Security Services Application Program Interface (GSSAPI) delegation.
All users of the certmonger service are advised to upgrade to this updated package, which fixes these bugs and adds this enhancement.
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.