CHG000000013739[capath] section of krb5.conf will be updated. In order to perform direct (non-hierarchical) cross-realm authentication, configuration is needed to determine the authentication paths between realms. [capath] section provides this configuration. The proposed change will not change existing trust relationships between realms, it will only update krb5.conf to reflect existing trust relationships. [domain_realm] section will be updated. The [domain_realm] section provides a translation from a domain name or hostname to a Kerberos realm name. We need to map pingdev.fnal.gov to FERMI domain. Additionally 38 translations will be removed since these hostnames no longer exist in DNS. [instancemapping] section will be removed, since there is no AFS at Fermilab anymore.Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_kerberos-5.3-1.6.1.noarch.rpmd24182df0ee3c8a27c3fe54be47e0926a5e877fa0c58654380545f681624575aCHG000000016174Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-util_k5push-1.0-4.noarch.rpm093a5d2f511308d391778ba9108d14b7f4e81802bdaedfe17c47f8e28a6a3e80CHG000000016873Currently the krb5.conf file has SULLY as the first DC and this machine is located in Accelerator Division's server room. As a group, we have decided to move the servers around so that the first server is ELMO, which is located in FCC.Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_kerberos-5.4-1.1.noarch.rpm7fecc269342fb764f155f155b0986cb7c806bd76bd6f465a57b5644c7586bb2fCHG000000016874Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_kerberos-5.5-1.noarch.rpm9da52d02e2bcb62c4bca94c152048e16b6545fce366a3f215eb08a2fc9a93c75CHG000000017316In some instances the /etc/kdc.list entries were not automatically inserted into the correct place within /etc/krb5.confScientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_kerberos-5.5-2.noarch.rpm2b308604d99a213e5dff01417d940e25ff2100b16609b3cfd1699c14adb8bbf2CHG000000017540The change is to add 2 lines to the [realms] FNAL.GOV = section: [realms] FNAL.GOV = { ... auth_to_local = RULE:[1:$1@$0](.*@FERMI\.WIN\.FNAL\.GOV)s/@.*// auth_to_local = DEFAULT } The first line maps principal name 'username@FERMI.WIN.FNAL.GOV' into local use 'username'. The second line does the default behavior for the FNAL.GOV realm. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_kerberos-5.7-1.el7.noarch.rpma5c5f80e95cc217e4a8a5224d13a9671421d6e18f3c2a0fcef04bf795f1d950dCHG000000018746Update krb5.conf libdefaults to remove DES and 3DES. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_kerberos-5.6-2.el7.noarch.rpm54e590967a6b01863036ed60f657f52f0226ffe3f4893fa87d2301ec747f7ac7DFCT0001736Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_doe-banner-login-screen-1.0-3.noarch.rpmf49caf8434644f8d655055db26ced1c2b3d3deeed3c596598a847636fe2c5077ENHC0001971The DOE requests that we publish a login banner on all systems so that people understand their rights and restrictions on the systems.Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_doe-banner-console-1.0-3.noarch.rpm4e5c3776d60428e56d3a944d7f21dd400aa968d7a7d7ddb22cc9fb40e366f981ENHC0001972The DOE requests that we publish a login banner on all systems so that people understand their rights and restrictions on the systems.Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_doe-banner-login-screen-1.0-2.3.noarch.rpm5015ee48e807b97b103db64fe38ab3dafef06652908371eacd7a8b6e572c8e85ENHC0001974Yum repository file that point to the Scientific Linux 7 Fermilab Context.Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextyum-conf-context-fermilab-1.0-6.el7.noarch.rpm8d41a5f3ad52c46d3620c93e3eb49e3ff872359604179354448f594915ad2ee9ENHC0001975This package configures a time daemon correctly for use at Fermilab. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_timesync-1.0-3.noarch.rpmda85bad2de8d3fa46209470cc4c7eb61b6b728c959abe02e3fa86231cb23ad6dENHC0001977Open Computer and Software Inventory Next Generation is an application designed to help a network or system administrator keep track of the computer configuration and software installed on the network. This version has been customized for Fermilab Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-util_ocsinventory-0.9.9-26.noarch.rpm7be0cf596424f761322978892407f329c0df840769def80ea9ed2a6c218abfe8ENHC0001978This modifies the /etc/httpd/conf/httpd.conf and /etc/httpd/conf.d/userdir.conf files using augeas so that mod_autoindex does not list your directories out by default. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_apache-no-browsable-directory-1.2-3.noarch.rpm2a70aa9a69bd33e89c13812b93904bcdaa5b0a9f45a68e904a1442ceec3e1b87ENHC0001979This package will reconfigure the default /etc/httpd/conf/httpd.conf to use clogger in addition to the traditional /var/log/httpd/ logging.Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_apache-use-syslog-1.1-3.1.noarch.rpmd7b126c0d66f28204d4fef68c60511fbf6868ac94bc1ce86b25fbfa6190326faENHC0001982The default configuration for openssh-client is not suitable for Fermilab. This RPM will update /etc/ssh/ssh_config to meet Fermilab standards. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_ssh-client-1.0-3.noarch.rpmbd35859da9aed10bbd0eda2012b92c6703bff4584e0be598a0a367f1f151f8c1ENHC0001983The default configuration for openssh-server is not suitable for Fermilab. This RPM will update /etc/ssh/sshd_config to meet Fermilab standards. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_ssh-server-1.0-4.1.noarch.rpm15ef914ae2ef39a68008365f501fc7f5795d857ad2b622084c7a21ef2d5dbb8eENHC0001984-2Scientific Linux Fermilab ContextScientific Linux 7 Fermilab ContextSL_gdm_no_user_list-1.0-3.sl7.noarch.rpm03fdda6ee009121b805f5d54a828ffd4657c5133bba4384ba4af7dcf94423f41ENHC0001985Email sent from Fermilab's network must route through an authorized SMTP server. This rpm will configure postfix to utilize an authorized gateway. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_email-gateway-1.1-3.noarch.rpm2190b7dfc6ddaceb412fcaee89bb00593daaf8f75570ca8a602cd90a5b1792b4ENHC0001986Set a default screensaver for Gnome3, KDE, and MATE. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_screenlock-1.0-2.noarch.rpmfc6c8e484d841e657fd439981792f90666f92188ed8b2044932af6546bc4f08dENHC0001987This package will add entries in /etc/hosts.allow and /etc/hosts.deny which are Fermi specific. By limiting access to certain services to Fermi sites only, it increases security. Specifically, we disallow everyone outside of .fnal.gov all service on the machine and allow virtually everything within .fnal.gov domain. If you're at an off-site institution, you'll have to edit the hosts.allow file accordingly for your domain. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_tcp-wrappers-1.0-2.noarch.rpmb860fc9fa9852b677297862cc96bb749a1c0dd0e7c5d970b45926cc858b210c6ENHC0001988This package will change your rsyslog configuration that will send all of your logs to the Fermilab central logger. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_system-logger-1.1-5.1.noarch.rpm7deebd6577bb41a1c24f8685255acd37fab0f5a89610257a92af8ab03029c061ENHC0001992This RPM will update the system pam configuration to allow FNAL.GOV KERBEROS passwords to be used in addition to any local passwords.Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_kerberos-local-passwords-1.0-2.1.noarch.rpmf18cee46747aef338e867a8e0737bbd924db6b56ce105b04afa7e7fa0d2a9b1bENHC0002013Provides the Fermilab krb5.conf Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_kerberos-5.2-1.4.noarch.rpmc3e59c26beab6cdf7916399596ecce4a5c397033fb0aa66906d399a4e8a1272dENHC0002464Depends on basic Kerberos Packages for FermilabScientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-util_k5push-1.0-3.noarch.rpm7a71ebbdc0c6aa2d407f264312626afee1493ab660bd2d422646107eddf5ad18fermilab-util_kcron-1.0-0.el7.x86_64.rpm7a71ebbdc0c6aa2d407f264312626afee1493ab660bd2d422646107eddf5ad18fermilab-util_makehostkeys-1.0-3.noarch.rpm66a6eb4e6f884f04306bb40b55b67a96766423d66ada935d30882dc219fadfd2fermilab-base_kerberos-1.0-2.el7.noarch.rpm9b65a5bfd46ee05ecc102fd6c0fc6cd1bbf84fcf1e2f411934f89b23a2bb4876ENHC0002466Depends on basic Packages for on site at FermilabScientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-base_on-site-1.0-3.noarch.rpma05c20ea15c33fb9af5482205b33e0453ec9b8fa4b7804cac82062d66ec8e460ENHC0002481fermilab-util_kx509 contains a kx509 command which gets an X.509 certificate for Fermilab using cigetcert with kerberos authentication.Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-util_kx509-3.1-1.el7.noarch.rpm6fe882dde2aa7a4c7924da7810b5660ad86fe826fba846f61b061528ce8030bfcigetcert-1.0-1.el7.noarch.rpm22089774dcc2e76050142c69e10709dcd2fe64a99b35dcd689e2d8936743f7d0ENHC0002554RGANG is a tool which allows one to execute commands on or distribute files to many nodes (computers). It incorporates an algorithm to build a tree-like structure (or "worm" structure) to allow the distribution processing time to scale very well to 1000 or more nodes. When executing a command, output is buffered and presented in node specification order Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-util_rgang-3.8.0-0.noarch.rpm25f91c12e5a5c156be5b9ed87cc908ef7f60d1f2c38c5021b4a8dcc077152c69ENHC0002659Update cigetcert to version 1.2 Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextcigetcert-1.2-1.el7.noarch.rpm8f3bd6836dfb275133898794dc71cd4f8e2d7b2d726d4a6668b74b77bdc04b03ENHC0002852Update cigetcert to version 1.16 Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextcigetcert-1.16-1.el7.noarch.rpmf2b3b5d554c575bd2224ed52b516706df26317c747632da929b49eba0dbe8defENHC0002853The makehostkeys script now shows created encryption types. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-util_makehostkeys-1.0-4.noarch.rpmb331659a8be36cee5c9a9d5dea34f57897a040e5a909c3fbba1aeb4a3511d9c2ENHC0002973The wrapper script of cigetcert to unsets more variables such as PYTHONHOME, in response to a user bug report. Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextcigetcert-1.16-2.el7.noarch.rpm64442feb63fdd68b077c2e7cf1d758092268bf0248fc829dcfb2f5a436661405ENHC0003071When building the default hosts.allow, a stub for SSH access should be added as with previous versions of SLFScientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_tcp-wrappers-1.0-3.noarch.rpm650224aa6c0eddc8c584528a47ea0276369c5f9db0839c897f15dce0c2fd6e02ENHC0003224Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextxtrlock-2.8-1.el7.x86_64.rpm2e1144df77a6049fcee36e588a5f33d421cbfdfa24a89a2883f21758bae1e8b2ENHC0004153Authentication Services operates a non-accredited CA that is integrated with the FERMI and SERVICES domains.Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_ca-certs-2019.01-2.el7.noarch.rpmc8b933cf73ad0c6348522abd52e80bdd7af6b0676286effaeabffa01f006db82ENHC0004341Publish the Fermilab Real-Time Software Infrastructure kmodScientific Linux Fermilab ContextScientific Linux 7 Fermilab ContextTRACE-utils-v3_13_12-r1088.1.el7.x86_64.rpm8c07de3105fc1bf8d39e60e6342936b8b20b23a212d6f7cc9f695ff43a1bad30kmod-TRACE-v3_13_12-r1088.1.el7.x86_64.rpma70001cd70a391549caf30c624c35ad0bd87ce611807e8f16728cd873f6ddd16ENHC0005100Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_doe-banner-console-1.0-5.noarch.rpmb7e905baba53a6a0770c91fee6c3e927c042d38a894f1b3a3cec91db5237fcd6ENHC0005109Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_sssd-1.0-3.noarch.rpmd6327fb82c6a50bebaed14525972aa8ae501f9cfe59a3ccbcbac202b2b9b0699ENHC0006222Make sssd config work under more conditions Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_sssd-1.0-8.3.noarch.rpme4ed34e003aac70c00a640b2c8683f84813fb9c40aa6f0950560645e33fb4764ENHC0006223Update syslog tweak for new augeas Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_system-logger-1.1-5.2.noarch.rpmd960088163834b28b9ff7942d6f03ba534a216ddf9b108c942582e013e940bc7ENHC0006224Better support for running in a container Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_timesync-1.0-3.1.noarch.rpmc013e1b76a6ed5ea47d21d889bfaf892b1851636360befe98fd87e4a3250bdf5RITM0546615Restore defaults upon uninstall of packageScientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextfermilab-conf_doe-banner-console-1.0-4.noarch.rpm2a77468ebaeab21b319d448aa354a74246a53b5460d2b9ef5abb1721a118ac32RITM0946554Update TRACE to track the latest KABIScientific Linux Fermilab ContextScientific Linux 7 Fermilab ContextTRACE-utils-3.15.07-r1273.1.el7.x86_64.rpm2c69efdeecf79996a4d99812f605c53d287958b209219b3d53f1b0726daa0b0akmod-TRACE-3.15.07-r1273.1.el7.x86_64.rpm9d92360c9a6018b4bcd5d475df0de7be6b67b0f4210f0fb4fdea21bb37555ac4RITM1385892Update cigetcert to version 1.20Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextcigetcert-1.20-1.el7.noarch.rpm8319b441fd1979302a2bcc8407f786789f31265d511ca2afc2394de59c2e090eSLEA-2018:1377-2The ca-certificates packages have been upgraded to upstream version 2.22, which provides a number of bug fixes and enhancements over the previous version.Scientific Linux Fermilab ContextScientific Linux 7 Fermilab Contextca-certificates-2018.2.22-70.0.el7_5.noarch.rpm27a07f7675e95c9c28cf76f1a7312937b0fcf68fc157f8e9a01f67580aeead1c