forked from pool/sssd
wrap to 66 cols as wiki demands
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=186
This commit is contained in:
parent
fb25d602fc
commit
e0d45ad549
57
sssd.changes
57
sssd.changes
@ -2,33 +2,38 @@
|
||||
Wed Mar 15 22:18:03 UTC 2017 - michael@stroeder.com
|
||||
|
||||
- Update to new upstream release 1.15.2
|
||||
* It is now possible to configure certain parameters of a trusted domain
|
||||
in a configuration file sub-section.
|
||||
* Several issues related to socket-activating the NSS service, especially
|
||||
if SSSD was configured to use a non-privileged userm were fixed.
|
||||
The NSS service now doesn't change the ownership of its log files to
|
||||
avoid triggering a name-service lookup while the NSS service is not
|
||||
running yet. Additionally, the NSS service is started before any other
|
||||
service to make sure username resolution works and the other service
|
||||
can resolve the SSSD user correctly.
|
||||
* A new option "cache_first" allows the administrator to change the way
|
||||
multiple domains are searched. When this option is enabled, SSSD will
|
||||
first try to "pin" the requested name or ID to a domain by searching
|
||||
the entries that are already cached and contact the domain that contains
|
||||
the cached entry first. Previously, SSSD would check the cache and the
|
||||
remote server for each domain. This option brings performance benefit
|
||||
for setups that use multiple domains (even auto-discovered trusted
|
||||
domains), especially for ID lookups that would previously iterate over
|
||||
all domains. Please note that this option must be enabled with care as the
|
||||
administrator must ensure that the ID space of domains does not overlap.
|
||||
* It is now possible to configure certain parameters of a
|
||||
trusted domain in a configuration file sub-section.
|
||||
* Several issues related to socket-activating the NSS service,
|
||||
especially if SSSD was configured to use a non-privileged
|
||||
userm were fixed. The NSS service now does not change the
|
||||
ownership of its log files to avoid triggering a name-service
|
||||
lookup while the NSS service is not running yet.
|
||||
Additionally, the NSS service is started before any other
|
||||
service to make sure username resolution works and the other
|
||||
service can resolve the SSSD user correctly.
|
||||
* A new option "cache_first" allows the administrator to change
|
||||
the way multiple domains are searched. When this option is
|
||||
enabled, SSSD will first try to "pin" the requested name or
|
||||
ID to a domain by searching the entries that are already
|
||||
cached and contact the domain that contains the cached entry
|
||||
first. Previously, SSSD would check the cache and the remote
|
||||
server for each domain. This option brings performance
|
||||
benefit for setups that use multiple domains (even
|
||||
auto-discovered trusted domains), especially for ID lookups
|
||||
that would previously iterate over all domains. Please note
|
||||
that this option must be enabled with care as the
|
||||
administrator must ensure that the ID space of domains does
|
||||
not overlap.
|
||||
* The SSSD D-Bus interface gained two new methods:
|
||||
"FindByNameAndCertificate" and "ListByCertificate". These methods
|
||||
will be used primarily by IPA and
|
||||
`mod_lookup_identity <https://github.com/adelton/mod_lookup_identity/>
|
||||
to correctly match multple users who use the same certificate for Smart
|
||||
Card login.
|
||||
* A bug where SSSD did not properly sanitize a username with a newline
|
||||
character in it was fixed.
|
||||
"FindByNameAndCertificate" and "ListByCertificate". These
|
||||
methods will be used primarily by IPA and
|
||||
`mod_lookup_identity
|
||||
<https://github.com/adelton/mod_lookup_identity/> to
|
||||
correctly match multple users who use the same certificate
|
||||
for Smart Card login.
|
||||
* A bug where SSSD did not properly sanitize a username with a
|
||||
newline character in it was fixed.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Mar 11 22:34:41 UTC 2017 - jengelh@inai.de
|
||||
|
Loading…
Reference in New Issue
Block a user