forked from pool/sssd
Trim changelog. The attention span of users is a exponentially decreasing curve.
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=161
This commit is contained in:
parent
242b37bf26
commit
d60438c424
211
sssd.changes
211
sssd.changes
@ -2,197 +2,26 @@
|
||||
Wed Sep 30 11:44:21 UTC 2015 - michael@stroeder.com
|
||||
|
||||
- Update to new upstream release 1.13.1
|
||||
- libsss_ad_common.so not installed anymore
|
||||
|
||||
== Highlights ==
|
||||
* Initial support for Smart Card authentication was added. The feature
|
||||
can be activated with the new pam_cert_auth option
|
||||
* The PAM prompting was enhanced so that when Two-Factor Authentication
|
||||
is used, both factors (password and token) can be entered separately
|
||||
on separate prompts. At the same time, only the long-term password is
|
||||
cached, so offline access would still work using the long term password
|
||||
* A new command line tool sss_override is present in this release. The
|
||||
tools allows to override attributes on the SSSD side. It's helpful in
|
||||
environment where e.g. some hosts need to have a different view of POSIX
|
||||
attributes than others. Please note that the overrides are stored in
|
||||
the cache as well, so removing the cache will also remove the overrides
|
||||
* New methods were added to the SSSD D-Bus interface. Notably support
|
||||
for looking up a user by certificate and looking up multiple users
|
||||
using a wildcard was added. Please see the interface introspection or
|
||||
the design pages for full details
|
||||
* Several enhancements to the dynamic DNS update code. Notably, clients
|
||||
that update multiple interfaces work better with this release
|
||||
* This release supports authenticating againt a KDC proxy
|
||||
* The fail over code was enhanced so that if a trusted domain is not
|
||||
reachable, only that domain will be marked as inactive but the backed
|
||||
would stay in online mode
|
||||
* Several fixes to the GPO access control code are present
|
||||
|
||||
== Packaging Changes ==
|
||||
* The Smart Card authentication feature requires a helper process
|
||||
p11_child that needs to be marked as setgid if SSSD needs to be able
|
||||
to. Please note the p11_child requires the NSS crypto library at the moment
|
||||
* The sss_override tool was added along with its own manpage
|
||||
* The upstream RPM can now build on RHEL/CentOS 6.7
|
||||
|
||||
== Documentation Changes ==
|
||||
* The config_file_version configuration option now defaults to 2. As
|
||||
an effect, this option doesn't have to be set anymore unless the config
|
||||
file format is changed again by SSSD upstream
|
||||
* It is now possible to specify a comma-separated list of interfaces in
|
||||
the dyndns_iface option
|
||||
* The InfoPipe responder and the LDAP provider gained a new option
|
||||
wildcard_lookup that specifies an upper limit on the number of entries
|
||||
that can be returned with a wildcard lookup
|
||||
* A new option dyndns_server was added. This option allows to attempt
|
||||
a fallback DNS update against a specific DNS server. Please note this
|
||||
option only works as a fallback, the first attempt will always be
|
||||
performed against autodiscovered servers.
|
||||
* The PAM responder gained a new option ca_db that allows the storage
|
||||
of trusted CA certificates to be specified
|
||||
* The time the p11_child is allowed to operate can be specified using
|
||||
a new option p11_child_timeout
|
||||
|
||||
== Tickets Fixed ==
|
||||
|
||||
https://fedorahosted.org/sssd/ticket/546
|
||||
[RFE] Support for smart cards
|
||||
https://fedorahosted.org/sssd/ticket/1697
|
||||
sssd: incorrect checks on length values during packet decoding
|
||||
https://fedorahosted.org/sssd/ticket/1926
|
||||
[RFE] Start the dynamic DNS update after the SSSD has been setup for
|
||||
the first time
|
||||
https://fedorahosted.org/sssd/ticket/1994
|
||||
Complain loudly if backend doesn't start due to missing or invalid keytab
|
||||
https://fedorahosted.org/sssd/ticket/2275
|
||||
nested netgroups do not work in IPA provider
|
||||
https://fedorahosted.org/sssd/ticket/2283
|
||||
test dyndns failed.
|
||||
https://fedorahosted.org/sssd/ticket/2335
|
||||
Investigate using the krb5 responder for driving the PAM conversation
|
||||
with OTPs
|
||||
https://fedorahosted.org/sssd/ticket/2463
|
||||
Pass error messages via the extdom plugin
|
||||
https://fedorahosted.org/sssd/ticket/2495
|
||||
[RFE]Allow sssd to add a new option that would specify which server
|
||||
to update DNS with
|
||||
https://fedorahosted.org/sssd/ticket/2549
|
||||
RFE: Support multiple interfaces with the dyndns_iface option
|
||||
https://fedorahosted.org/sssd/ticket/2553
|
||||
RFE: Add support for wildcard-based cache updates
|
||||
https://fedorahosted.org/sssd/ticket/2558
|
||||
Add dualstack and multihomed support
|
||||
https://fedorahosted.org/sssd/ticket/2561
|
||||
Too much logging
|
||||
https://fedorahosted.org/sssd/ticket/2579
|
||||
TRACKER: Support one-way trusts for IPA
|
||||
https://fedorahosted.org/sssd/ticket/2581
|
||||
Re-check memcache after acquiring the lock in the client code
|
||||
https://fedorahosted.org/sssd/ticket/2584
|
||||
RFE: Support client-side overrides
|
||||
https://fedorahosted.org/sssd/ticket/2597
|
||||
Add index for 'objectSIDString' and maybe to other cache attributes
|
||||
https://fedorahosted.org/sssd/ticket/2637
|
||||
RFE: Don't mark the main domain as offline if SSSD can't connect to
|
||||
a subdomain
|
||||
https://fedorahosted.org/sssd/ticket/2639
|
||||
RFE: Detect re-established trusts in the IPA subdomain code
|
||||
https://fedorahosted.org/sssd/ticket/2652
|
||||
KDC proxy not working with SSSD krb5_use_kdcinfo enabled
|
||||
https://fedorahosted.org/sssd/ticket/2676
|
||||
Group members are not turned into ghost entries when the user is purged
|
||||
from the SSSD cache
|
||||
https://fedorahosted.org/sssd/ticket/2682
|
||||
sudoOrder not honored as expected
|
||||
https://fedorahosted.org/sssd/ticket/2688
|
||||
Default to config_file_version=2
|
||||
https://fedorahosted.org/sssd/ticket/2691
|
||||
GPO: PAM system error returned for PAM_ACCT_MGMT and offline mode
|
||||
https://fedorahosted.org/sssd/ticket/2692
|
||||
GPO: Access denied due to using wrong sam_account_name
|
||||
https://fedorahosted.org/sssd/ticket/2694
|
||||
CI: Fix ramshackle test_ipa_subdomains_server (FAIL:
|
||||
test_ipa_subdom_server)
|
||||
https://fedorahosted.org/sssd/ticket/2699
|
||||
SSSDConfig: wrong return type returned on python3
|
||||
https://fedorahosted.org/sssd/ticket/2700
|
||||
krb5_child should always consider online state to allow use of
|
||||
MS-KKDC proxy
|
||||
https://fedorahosted.org/sssd/ticket/2708
|
||||
Logging messages from user point of view
|
||||
https://fedorahosted.org/sssd/ticket/2711
|
||||
[RFE] Provide interface for SSH to fetch user certificate
|
||||
https://fedorahosted.org/sssd/ticket/2712
|
||||
Initgroups memory cache does not work with fq names
|
||||
https://fedorahosted.org/sssd/ticket/2716
|
||||
Initgroups mmap cache needs update after db changes
|
||||
https://fedorahosted.org/sssd/ticket/2717
|
||||
well-known SID check is broken for NetBIOS prefixes
|
||||
https://fedorahosted.org/sssd/ticket/2718
|
||||
SSSD keytab validation check expects root ownership
|
||||
https://fedorahosted.org/sssd/ticket/2719
|
||||
IPA: returned unknown dp error code with disabled migration mode
|
||||
https://fedorahosted.org/sssd/ticket/2722
|
||||
Missing config options in gentoo init script
|
||||
https://fedorahosted.org/sssd/ticket/2723
|
||||
Could not resolve AD user from root domain
|
||||
https://fedorahosted.org/sssd/ticket/2724
|
||||
getgrgid for user's UID on a trust client prevents getpw*
|
||||
https://fedorahosted.org/sssd/ticket/2725
|
||||
If AD site detection fails, not even ad_site override skipped
|
||||
https://fedorahosted.org/sssd/ticket/2729
|
||||
Do not send SSS_OTP if both factors were entered separately
|
||||
https://fedorahosted.org/sssd/ticket/2731
|
||||
searching SID by ID always checks all domains
|
||||
https://fedorahosted.org/sssd/ticket/2733
|
||||
Don't use deprecated libraries (libsystemd-*)
|
||||
https://fedorahosted.org/sssd/ticket/2737
|
||||
sss_override: add import and export commands
|
||||
https://fedorahosted.org/sssd/ticket/2738
|
||||
Cannot build rpms from upstream spec file on rawhide
|
||||
https://fedorahosted.org/sssd/ticket/2742
|
||||
When certificate is added via user-add-cert, it cannot be looked up
|
||||
via org.freedesktop.sssd.infopipe.Users.FindByCertificate
|
||||
https://fedorahosted.org/sssd/ticket/2743
|
||||
memory cache can work intermittently
|
||||
https://fedorahosted.org/sssd/ticket/2744
|
||||
cleanup_groups should sanitize dn of groups
|
||||
https://fedorahosted.org/sssd/ticket/2746
|
||||
the PAM srv test often fails on RHEL-7
|
||||
https://fedorahosted.org/sssd/ticket/2748
|
||||
test_memory_cache failed in invalidation cache before stop
|
||||
https://fedorahosted.org/sssd/ticket/2749
|
||||
Fix crash in nss responder
|
||||
https://fedorahosted.org/sssd/ticket/2754
|
||||
Clear environment and set restrictive umask in p11_child
|
||||
https://fedorahosted.org/sssd/ticket/2757
|
||||
sss_override does not work correctly when 'use_fully_qualified_names
|
||||
= True'
|
||||
https://fedorahosted.org/sssd/ticket/2758
|
||||
sss_override contains an extra parameter --debug but is not listed in
|
||||
the man page or in the arguments help
|
||||
https://fedorahosted.org/sssd/ticket/2762
|
||||
[RFE] sssd: better feedback form constraint password change
|
||||
https://fedorahosted.org/sssd/ticket/2768
|
||||
Test 'test_id_cleanup_exp_group' failed
|
||||
https://fedorahosted.org/sssd/ticket/2772
|
||||
sssd cannot resolve user names containing backslash with ldap provider
|
||||
https://fedorahosted.org/sssd/ticket/2773
|
||||
Make p11_child timeout configurable
|
||||
https://fedorahosted.org/sssd/ticket/2777
|
||||
Fix memory leak in GPO
|
||||
https://fedorahosted.org/sssd/ticket/2782
|
||||
sss_override : The local override user is not found
|
||||
https://fedorahosted.org/sssd/ticket/2783
|
||||
REGRESSION: Dyndns soes not update reverse DNS records
|
||||
https://fedorahosted.org/sssd/ticket/2790
|
||||
sss_override --name doesn't work with RFC2307 and ghost users
|
||||
https://fedorahosted.org/sssd/ticket/2799
|
||||
unit tests do not link correctly on Debian
|
||||
https://fedorahosted.org/sssd/ticket/2803
|
||||
Memory leak / possible DoS with krb auth.
|
||||
https://fedorahosted.org/sssd/ticket/2805
|
||||
AD: Conditional jump or move depends on uninitialised value
|
||||
* Initial support for Smart Card authentication was added. The
|
||||
feature can be activated with the new pam_cert_auth option.
|
||||
* The PAM prompting was enhanced so that when Two-Factor
|
||||
Authentication is used, both factors (password and token) can
|
||||
be entered separately on separate prompts. At the same time,
|
||||
only the long-term password is cached, so offline access would
|
||||
still work using the long term password.
|
||||
* A new command line tool sss_override is present in this
|
||||
release. The tools allows to override attributes on the SSSD
|
||||
side. It's helpful in environment where e.g. some hosts need to
|
||||
have a different view of POSIX attributes than others. Please
|
||||
note that the overrides are stored in the cache as well, so
|
||||
removing the cache will also remove the overrides.
|
||||
* Several enhancements to the dynamic DNS update code. Notably,
|
||||
clients that update multiple interfaces work better with this
|
||||
release.
|
||||
* This release supports authenticating againt a KDC proxy
|
||||
* The fail over code was enhanced so that if a trusted domain is
|
||||
not reachable, only that domain will be marked as inactive but
|
||||
the backed would stay in online mode.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 20 08:34:44 UTC 2015 - jengelh@inai.de
|
||||
|
Loading…
Reference in New Issue
Block a user