Trim changelog. The attention span of users is a exponentially decreasing curve.

OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=161
2015-09-30 17:16:14 +00:00 · 2015-09-30 17:16:14 +00:00 · d60438c424
commit d60438c424
parent 242b37bf26
1 changed files with 20 additions and 191 deletions
--- a/sssd.changes
+++ b/sssd.changes
@ -2,197 +2,26 @@
 Wed Sep 30 11:44:21 UTC 2015 - michael@stroeder.com
 - Update to new upstream release 1.13.1
- libsss_ad_common.so not installed anymore
+* Initial support for Smart Card authentication was added. The
-
+  feature can be activated with the new pam_cert_auth option.
-== Highlights ==
+* The PAM prompting was enhanced so that when Two-Factor
-  * Initial support for Smart Card authentication was added. The feature
+  Authentication is used, both factors (password and token) can
-    can be activated with the new pam_cert_auth option
+  be entered separately on separate prompts. At the same time,
-  * The PAM prompting was enhanced so that when Two-Factor Authentication
+  only the long-term password is cached, so offline access would
-    is used, both factors (password and token) can be entered separately
+  still work using the long term password.
-    on separate prompts. At the same time, only the long-term password is
+* A new command line tool sss_override is present in this
-    cached, so offline access would still work using the long term password
+  release. The tools allows to override attributes on the SSSD
-  * A new command line tool sss_override is present in this release. The
+  side. It's helpful in environment where e.g. some hosts need to
-    tools allows to override attributes on the SSSD side. It's helpful in
+  have a different view of POSIX attributes than others. Please
-    environment where e.g. some hosts need to have a different view of POSIX
+  note that the overrides are stored in the cache as well, so
-    attributes than others. Please note that the overrides are stored in
+  removing the cache will also remove the overrides.
-    the cache as well, so removing the cache will also remove the overrides
+* Several enhancements to the dynamic DNS update code. Notably,
-  * New methods were added to the SSSD D-Bus interface. Notably support
+  clients that update multiple interfaces work better with this
-    for looking up a user by certificate and looking up multiple users
+  release.
-    using a wildcard was added. Please see the interface introspection or
+* This release supports authenticating againt a KDC proxy
-    the design pages for full details
+* The fail over code was enhanced so that if a trusted domain is
-  * Several enhancements to the dynamic DNS update code. Notably, clients
+  not reachable, only that domain will be marked as inactive but
-    that update multiple interfaces work better with this release
+  the backed would stay in online mode.
  * This release supports authenticating againt a KDC proxy
  * The fail over code was enhanced so that if a trusted domain is not
    reachable, only that domain will be marked as inactive but the backed
    would stay in online mode
  * Several fixes to the GPO access control code are present 
 == Packaging Changes ==
  * The Smart Card authentication feature requires a helper process
    p11_child that needs to be marked as setgid if SSSD needs to be able
    to. Please note the p11_child requires the NSS crypto library at the moment
  * The sss_override tool was added along with its own manpage
  * The upstream RPM can now build on RHEL/CentOS 6.7 
 == Documentation Changes ==
  * The config_file_version configuration option now defaults to 2. As
    an effect, this option doesn't have to be set anymore unless the config
    file format is changed again by SSSD upstream
  * It is now possible to specify a comma-separated list of interfaces in
    the dyndns_iface option
  * The InfoPipe responder and the LDAP provider gained a new option
    wildcard_lookup that specifies an upper limit on the number of entries
    that can be returned with a wildcard lookup
  * A new option dyndns_server was added. This option allows to attempt
    a fallback DNS update against a specific DNS server. Please note this
    option only works as a fallback, the first attempt will always be
    performed against autodiscovered servers.
  * The PAM responder gained a new option ca_db that allows the storage
    of trusted CA certificates to be specified
  * The time the p11_child is allowed to operate can be specified using
    a new option p11_child_timeout
 == Tickets Fixed ==
 https://fedorahosted.org/sssd/ticket/546
    [RFE] Support for smart cards
 https://fedorahosted.org/sssd/ticket/1697
    sssd: incorrect checks on length values during packet decoding
 https://fedorahosted.org/sssd/ticket/1926
    [RFE] Start the dynamic DNS update after the SSSD has been setup for
    the first time
 https://fedorahosted.org/sssd/ticket/1994
    Complain loudly if backend doesn't start due to missing or invalid keytab
 https://fedorahosted.org/sssd/ticket/2275
    nested netgroups do not work in IPA provider
 https://fedorahosted.org/sssd/ticket/2283
    test dyndns failed.
 https://fedorahosted.org/sssd/ticket/2335
    Investigate using the krb5 responder for driving the PAM conversation
    with OTPs
 https://fedorahosted.org/sssd/ticket/2463
    Pass error messages via the extdom plugin
 https://fedorahosted.org/sssd/ticket/2495
    [RFE]Allow sssd to add a new option that would specify which server
    to update DNS with
 https://fedorahosted.org/sssd/ticket/2549
    RFE: Support multiple interfaces with the dyndns_iface option
 https://fedorahosted.org/sssd/ticket/2553
    RFE: Add support for wildcard-based cache updates
 https://fedorahosted.org/sssd/ticket/2558
    Add dualstack and multihomed support
 https://fedorahosted.org/sssd/ticket/2561
    Too much logging
 https://fedorahosted.org/sssd/ticket/2579
    TRACKER: Support one-way trusts for IPA
 https://fedorahosted.org/sssd/ticket/2581
    Re-check memcache after acquiring the lock in the client code
 https://fedorahosted.org/sssd/ticket/2584
    RFE: Support client-side overrides
 https://fedorahosted.org/sssd/ticket/2597
    Add index for 'objectSIDString' and maybe to other cache attributes
 https://fedorahosted.org/sssd/ticket/2637
    RFE: Don't mark the main domain as offline if SSSD can't connect to
    a subdomain
 https://fedorahosted.org/sssd/ticket/2639
    RFE: Detect re-established trusts in the IPA subdomain code
 https://fedorahosted.org/sssd/ticket/2652
    KDC proxy not working with SSSD krb5_use_kdcinfo enabled
 https://fedorahosted.org/sssd/ticket/2676
    Group members are not turned into ghost entries when the user is purged
    from the SSSD cache
 https://fedorahosted.org/sssd/ticket/2682
    sudoOrder not honored as expected
 https://fedorahosted.org/sssd/ticket/2688
    Default to config_file_version=2
 https://fedorahosted.org/sssd/ticket/2691
    GPO: PAM system error returned for PAM_ACCT_MGMT and offline mode
 https://fedorahosted.org/sssd/ticket/2692
    GPO: Access denied due to using wrong sam_account_name
 https://fedorahosted.org/sssd/ticket/2694
    CI: Fix ramshackle test_ipa_subdomains_server (FAIL:
    test_ipa_subdom_server)
 https://fedorahosted.org/sssd/ticket/2699
    SSSDConfig: wrong return type returned on python3
 https://fedorahosted.org/sssd/ticket/2700
    krb5_child should always consider online state to allow use of
    MS-KKDC proxy
 https://fedorahosted.org/sssd/ticket/2708
    Logging messages from user point of view
 https://fedorahosted.org/sssd/ticket/2711
    [RFE] Provide interface for SSH to fetch user certificate
 https://fedorahosted.org/sssd/ticket/2712
    Initgroups memory cache does not work with fq names
 https://fedorahosted.org/sssd/ticket/2716
    Initgroups mmap cache needs update after db changes
 https://fedorahosted.org/sssd/ticket/2717
    well-known SID check is broken for NetBIOS prefixes
 https://fedorahosted.org/sssd/ticket/2718
    SSSD keytab validation check expects root ownership
 https://fedorahosted.org/sssd/ticket/2719
    IPA: returned unknown dp error code with disabled migration mode
 https://fedorahosted.org/sssd/ticket/2722
    Missing config options in gentoo init script
 https://fedorahosted.org/sssd/ticket/2723
    Could not resolve AD user from root domain
 https://fedorahosted.org/sssd/ticket/2724
    getgrgid for user's UID on a trust client prevents getpw*
 https://fedorahosted.org/sssd/ticket/2725
    If AD site detection fails, not even ad_site override skipped
 https://fedorahosted.org/sssd/ticket/2729
    Do not send SSS_OTP if both factors were entered separately
 https://fedorahosted.org/sssd/ticket/2731
    searching SID by ID always checks all domains
 https://fedorahosted.org/sssd/ticket/2733
    Don't use deprecated libraries (libsystemd-*)
 https://fedorahosted.org/sssd/ticket/2737
    sss_override: add import and export commands
 https://fedorahosted.org/sssd/ticket/2738
    Cannot build rpms from upstream spec file on rawhide
 https://fedorahosted.org/sssd/ticket/2742
    When certificate is added via user-add-cert, it cannot be looked up
    via org.freedesktop.sssd.infopipe.Users.FindByCertificate
 https://fedorahosted.org/sssd/ticket/2743
    memory cache can work intermittently
 https://fedorahosted.org/sssd/ticket/2744
    cleanup_groups should sanitize dn of groups
 https://fedorahosted.org/sssd/ticket/2746
    the PAM srv test often fails on RHEL-7
 https://fedorahosted.org/sssd/ticket/2748
    test_memory_cache failed in invalidation cache before stop
 https://fedorahosted.org/sssd/ticket/2749
    Fix crash in nss responder
 https://fedorahosted.org/sssd/ticket/2754
    Clear environment and set restrictive umask in p11_child
 https://fedorahosted.org/sssd/ticket/2757
    sss_override does not work correctly when 'use_fully_qualified_names
    = True'
 https://fedorahosted.org/sssd/ticket/2758
    sss_override contains an extra parameter --debug but is not listed in
    the man page or in the arguments help
 https://fedorahosted.org/sssd/ticket/2762
    [RFE] sssd: better feedback form constraint password change
 https://fedorahosted.org/sssd/ticket/2768
    Test 'test_id_cleanup_exp_group' failed
 https://fedorahosted.org/sssd/ticket/2772
    sssd cannot resolve user names containing backslash with ldap provider
 https://fedorahosted.org/sssd/ticket/2773
    Make p11_child timeout configurable
 https://fedorahosted.org/sssd/ticket/2777
    Fix memory leak in GPO
 https://fedorahosted.org/sssd/ticket/2782
    sss_override : The local override user is not found
 https://fedorahosted.org/sssd/ticket/2783
    REGRESSION: Dyndns soes not update reverse DNS records
 https://fedorahosted.org/sssd/ticket/2790
    sss_override --name doesn't work with RFC2307 and ghost users
 https://fedorahosted.org/sssd/ticket/2799
    unit tests do not link correctly on Debian
 https://fedorahosted.org/sssd/ticket/2803
    Memory leak / possible DoS with krb auth.
 https://fedorahosted.org/sssd/ticket/2805
    AD: Conditional jump or move depends on uninitialised value
 -------------------------------------------------------------------
 Thu Aug 20 08:34:44 UTC 2015 - jengelh@inai.de