forked from jengelh/sssd
Accepting request 334998 from home:stroeder:branches:network:ldap
update to 1.13.1, successfully tested on openSUSE 13.2 with sssd-ldap OBS-URL: https://build.opensuse.org/request/show/334998 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=160
This commit is contained in:
parent
828ab1693b
commit
242b37bf26
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:bd1dd95165bca02a08fbd0ea8ac6aa296bc339798d6c6566aee823c536718a5a
|
|
||||||
size 4417697
|
|
@ -1,7 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iEYEABECAAYFAlWa1YEACgkQHsardTLnvCXJQACgtx+37IBGO6/nBGqBCx5Y/Eye
|
|
||||||
Su4AoIqcfMtZZnEPC/0D0TMwAGDBhv4i
|
|
||||||
=N/oh
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
sssd-1.13.1.tar.gz
Normal file
3
sssd-1.13.1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:ff6425d455a5cae2359e32c8627832e67b5cc0bbec4081a16d926b6e1b431ae7
|
||||||
|
size 4517171
|
7
sssd-1.13.1.tar.gz.asc
Normal file
7
sssd-1.13.1.tar.gz.asc
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iEYEABECAAYFAlYLta0ACgkQHsardTLnvCX0lwCgzMl3DT9BbTgcXGcM0Q2AGLUf
|
||||||
|
+8QAoK5LZJdWZ+HcXC7ZIOTJ0vv9a9FB
|
||||||
|
=z5ez
|
||||||
|
-----END PGP SIGNATURE-----
|
196
sssd.changes
196
sssd.changes
@ -1,3 +1,199 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Sep 30 11:44:21 UTC 2015 - michael@stroeder.com
|
||||||
|
|
||||||
|
- Update to new upstream release 1.13.1
|
||||||
|
- libsss_ad_common.so not installed anymore
|
||||||
|
|
||||||
|
== Highlights ==
|
||||||
|
* Initial support for Smart Card authentication was added. The feature
|
||||||
|
can be activated with the new pam_cert_auth option
|
||||||
|
* The PAM prompting was enhanced so that when Two-Factor Authentication
|
||||||
|
is used, both factors (password and token) can be entered separately
|
||||||
|
on separate prompts. At the same time, only the long-term password is
|
||||||
|
cached, so offline access would still work using the long term password
|
||||||
|
* A new command line tool sss_override is present in this release. The
|
||||||
|
tools allows to override attributes on the SSSD side. It's helpful in
|
||||||
|
environment where e.g. some hosts need to have a different view of POSIX
|
||||||
|
attributes than others. Please note that the overrides are stored in
|
||||||
|
the cache as well, so removing the cache will also remove the overrides
|
||||||
|
* New methods were added to the SSSD D-Bus interface. Notably support
|
||||||
|
for looking up a user by certificate and looking up multiple users
|
||||||
|
using a wildcard was added. Please see the interface introspection or
|
||||||
|
the design pages for full details
|
||||||
|
* Several enhancements to the dynamic DNS update code. Notably, clients
|
||||||
|
that update multiple interfaces work better with this release
|
||||||
|
* This release supports authenticating againt a KDC proxy
|
||||||
|
* The fail over code was enhanced so that if a trusted domain is not
|
||||||
|
reachable, only that domain will be marked as inactive but the backed
|
||||||
|
would stay in online mode
|
||||||
|
* Several fixes to the GPO access control code are present
|
||||||
|
|
||||||
|
== Packaging Changes ==
|
||||||
|
* The Smart Card authentication feature requires a helper process
|
||||||
|
p11_child that needs to be marked as setgid if SSSD needs to be able
|
||||||
|
to. Please note the p11_child requires the NSS crypto library at the moment
|
||||||
|
* The sss_override tool was added along with its own manpage
|
||||||
|
* The upstream RPM can now build on RHEL/CentOS 6.7
|
||||||
|
|
||||||
|
== Documentation Changes ==
|
||||||
|
* The config_file_version configuration option now defaults to 2. As
|
||||||
|
an effect, this option doesn't have to be set anymore unless the config
|
||||||
|
file format is changed again by SSSD upstream
|
||||||
|
* It is now possible to specify a comma-separated list of interfaces in
|
||||||
|
the dyndns_iface option
|
||||||
|
* The InfoPipe responder and the LDAP provider gained a new option
|
||||||
|
wildcard_lookup that specifies an upper limit on the number of entries
|
||||||
|
that can be returned with a wildcard lookup
|
||||||
|
* A new option dyndns_server was added. This option allows to attempt
|
||||||
|
a fallback DNS update against a specific DNS server. Please note this
|
||||||
|
option only works as a fallback, the first attempt will always be
|
||||||
|
performed against autodiscovered servers.
|
||||||
|
* The PAM responder gained a new option ca_db that allows the storage
|
||||||
|
of trusted CA certificates to be specified
|
||||||
|
* The time the p11_child is allowed to operate can be specified using
|
||||||
|
a new option p11_child_timeout
|
||||||
|
|
||||||
|
== Tickets Fixed ==
|
||||||
|
|
||||||
|
https://fedorahosted.org/sssd/ticket/546
|
||||||
|
[RFE] Support for smart cards
|
||||||
|
https://fedorahosted.org/sssd/ticket/1697
|
||||||
|
sssd: incorrect checks on length values during packet decoding
|
||||||
|
https://fedorahosted.org/sssd/ticket/1926
|
||||||
|
[RFE] Start the dynamic DNS update after the SSSD has been setup for
|
||||||
|
the first time
|
||||||
|
https://fedorahosted.org/sssd/ticket/1994
|
||||||
|
Complain loudly if backend doesn't start due to missing or invalid keytab
|
||||||
|
https://fedorahosted.org/sssd/ticket/2275
|
||||||
|
nested netgroups do not work in IPA provider
|
||||||
|
https://fedorahosted.org/sssd/ticket/2283
|
||||||
|
test dyndns failed.
|
||||||
|
https://fedorahosted.org/sssd/ticket/2335
|
||||||
|
Investigate using the krb5 responder for driving the PAM conversation
|
||||||
|
with OTPs
|
||||||
|
https://fedorahosted.org/sssd/ticket/2463
|
||||||
|
Pass error messages via the extdom plugin
|
||||||
|
https://fedorahosted.org/sssd/ticket/2495
|
||||||
|
[RFE]Allow sssd to add a new option that would specify which server
|
||||||
|
to update DNS with
|
||||||
|
https://fedorahosted.org/sssd/ticket/2549
|
||||||
|
RFE: Support multiple interfaces with the dyndns_iface option
|
||||||
|
https://fedorahosted.org/sssd/ticket/2553
|
||||||
|
RFE: Add support for wildcard-based cache updates
|
||||||
|
https://fedorahosted.org/sssd/ticket/2558
|
||||||
|
Add dualstack and multihomed support
|
||||||
|
https://fedorahosted.org/sssd/ticket/2561
|
||||||
|
Too much logging
|
||||||
|
https://fedorahosted.org/sssd/ticket/2579
|
||||||
|
TRACKER: Support one-way trusts for IPA
|
||||||
|
https://fedorahosted.org/sssd/ticket/2581
|
||||||
|
Re-check memcache after acquiring the lock in the client code
|
||||||
|
https://fedorahosted.org/sssd/ticket/2584
|
||||||
|
RFE: Support client-side overrides
|
||||||
|
https://fedorahosted.org/sssd/ticket/2597
|
||||||
|
Add index for 'objectSIDString' and maybe to other cache attributes
|
||||||
|
https://fedorahosted.org/sssd/ticket/2637
|
||||||
|
RFE: Don't mark the main domain as offline if SSSD can't connect to
|
||||||
|
a subdomain
|
||||||
|
https://fedorahosted.org/sssd/ticket/2639
|
||||||
|
RFE: Detect re-established trusts in the IPA subdomain code
|
||||||
|
https://fedorahosted.org/sssd/ticket/2652
|
||||||
|
KDC proxy not working with SSSD krb5_use_kdcinfo enabled
|
||||||
|
https://fedorahosted.org/sssd/ticket/2676
|
||||||
|
Group members are not turned into ghost entries when the user is purged
|
||||||
|
from the SSSD cache
|
||||||
|
https://fedorahosted.org/sssd/ticket/2682
|
||||||
|
sudoOrder not honored as expected
|
||||||
|
https://fedorahosted.org/sssd/ticket/2688
|
||||||
|
Default to config_file_version=2
|
||||||
|
https://fedorahosted.org/sssd/ticket/2691
|
||||||
|
GPO: PAM system error returned for PAM_ACCT_MGMT and offline mode
|
||||||
|
https://fedorahosted.org/sssd/ticket/2692
|
||||||
|
GPO: Access denied due to using wrong sam_account_name
|
||||||
|
https://fedorahosted.org/sssd/ticket/2694
|
||||||
|
CI: Fix ramshackle test_ipa_subdomains_server (FAIL:
|
||||||
|
test_ipa_subdom_server)
|
||||||
|
https://fedorahosted.org/sssd/ticket/2699
|
||||||
|
SSSDConfig: wrong return type returned on python3
|
||||||
|
https://fedorahosted.org/sssd/ticket/2700
|
||||||
|
krb5_child should always consider online state to allow use of
|
||||||
|
MS-KKDC proxy
|
||||||
|
https://fedorahosted.org/sssd/ticket/2708
|
||||||
|
Logging messages from user point of view
|
||||||
|
https://fedorahosted.org/sssd/ticket/2711
|
||||||
|
[RFE] Provide interface for SSH to fetch user certificate
|
||||||
|
https://fedorahosted.org/sssd/ticket/2712
|
||||||
|
Initgroups memory cache does not work with fq names
|
||||||
|
https://fedorahosted.org/sssd/ticket/2716
|
||||||
|
Initgroups mmap cache needs update after db changes
|
||||||
|
https://fedorahosted.org/sssd/ticket/2717
|
||||||
|
well-known SID check is broken for NetBIOS prefixes
|
||||||
|
https://fedorahosted.org/sssd/ticket/2718
|
||||||
|
SSSD keytab validation check expects root ownership
|
||||||
|
https://fedorahosted.org/sssd/ticket/2719
|
||||||
|
IPA: returned unknown dp error code with disabled migration mode
|
||||||
|
https://fedorahosted.org/sssd/ticket/2722
|
||||||
|
Missing config options in gentoo init script
|
||||||
|
https://fedorahosted.org/sssd/ticket/2723
|
||||||
|
Could not resolve AD user from root domain
|
||||||
|
https://fedorahosted.org/sssd/ticket/2724
|
||||||
|
getgrgid for user's UID on a trust client prevents getpw*
|
||||||
|
https://fedorahosted.org/sssd/ticket/2725
|
||||||
|
If AD site detection fails, not even ad_site override skipped
|
||||||
|
https://fedorahosted.org/sssd/ticket/2729
|
||||||
|
Do not send SSS_OTP if both factors were entered separately
|
||||||
|
https://fedorahosted.org/sssd/ticket/2731
|
||||||
|
searching SID by ID always checks all domains
|
||||||
|
https://fedorahosted.org/sssd/ticket/2733
|
||||||
|
Don't use deprecated libraries (libsystemd-*)
|
||||||
|
https://fedorahosted.org/sssd/ticket/2737
|
||||||
|
sss_override: add import and export commands
|
||||||
|
https://fedorahosted.org/sssd/ticket/2738
|
||||||
|
Cannot build rpms from upstream spec file on rawhide
|
||||||
|
https://fedorahosted.org/sssd/ticket/2742
|
||||||
|
When certificate is added via user-add-cert, it cannot be looked up
|
||||||
|
via org.freedesktop.sssd.infopipe.Users.FindByCertificate
|
||||||
|
https://fedorahosted.org/sssd/ticket/2743
|
||||||
|
memory cache can work intermittently
|
||||||
|
https://fedorahosted.org/sssd/ticket/2744
|
||||||
|
cleanup_groups should sanitize dn of groups
|
||||||
|
https://fedorahosted.org/sssd/ticket/2746
|
||||||
|
the PAM srv test often fails on RHEL-7
|
||||||
|
https://fedorahosted.org/sssd/ticket/2748
|
||||||
|
test_memory_cache failed in invalidation cache before stop
|
||||||
|
https://fedorahosted.org/sssd/ticket/2749
|
||||||
|
Fix crash in nss responder
|
||||||
|
https://fedorahosted.org/sssd/ticket/2754
|
||||||
|
Clear environment and set restrictive umask in p11_child
|
||||||
|
https://fedorahosted.org/sssd/ticket/2757
|
||||||
|
sss_override does not work correctly when 'use_fully_qualified_names
|
||||||
|
= True'
|
||||||
|
https://fedorahosted.org/sssd/ticket/2758
|
||||||
|
sss_override contains an extra parameter --debug but is not listed in
|
||||||
|
the man page or in the arguments help
|
||||||
|
https://fedorahosted.org/sssd/ticket/2762
|
||||||
|
[RFE] sssd: better feedback form constraint password change
|
||||||
|
https://fedorahosted.org/sssd/ticket/2768
|
||||||
|
Test 'test_id_cleanup_exp_group' failed
|
||||||
|
https://fedorahosted.org/sssd/ticket/2772
|
||||||
|
sssd cannot resolve user names containing backslash with ldap provider
|
||||||
|
https://fedorahosted.org/sssd/ticket/2773
|
||||||
|
Make p11_child timeout configurable
|
||||||
|
https://fedorahosted.org/sssd/ticket/2777
|
||||||
|
Fix memory leak in GPO
|
||||||
|
https://fedorahosted.org/sssd/ticket/2782
|
||||||
|
sss_override : The local override user is not found
|
||||||
|
https://fedorahosted.org/sssd/ticket/2783
|
||||||
|
REGRESSION: Dyndns soes not update reverse DNS records
|
||||||
|
https://fedorahosted.org/sssd/ticket/2790
|
||||||
|
sss_override --name doesn't work with RFC2307 and ghost users
|
||||||
|
https://fedorahosted.org/sssd/ticket/2799
|
||||||
|
unit tests do not link correctly on Debian
|
||||||
|
https://fedorahosted.org/sssd/ticket/2803
|
||||||
|
Memory leak / possible DoS with krb auth.
|
||||||
|
https://fedorahosted.org/sssd/ticket/2805
|
||||||
|
AD: Conditional jump or move depends on uninitialised value
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 20 08:34:44 UTC 2015 - jengelh@inai.de
|
Thu Aug 20 08:34:44 UTC 2015 - jengelh@inai.de
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 1.13.0
|
Version: 1.13.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPL-3.0+ and LGPL-3.0+
|
License: GPL-3.0+ and LGPL-3.0+
|
||||||
@ -531,7 +531,6 @@ rm -f /var/lib/sss/db/*.ldb
|
|||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%dir %_libdir/%name/
|
%dir %_libdir/%name/
|
||||||
%_libdir/%name/libsss_ad.so
|
%_libdir/%name/libsss_ad.so
|
||||||
%_libdir/%name/libsss_ad_common.so
|
|
||||||
%dir %_libexecdir/%name/
|
%dir %_libexecdir/%name/
|
||||||
%_libexecdir/%name/gpo_child
|
%_libexecdir/%name/gpo_child
|
||||||
%dir %_datadir/%name/
|
%dir %_datadir/%name/
|
||||||
@ -620,6 +619,7 @@ rm -f /var/lib/sss/db/*.ldb
|
|||||||
%_sbindir/sss_useradd
|
%_sbindir/sss_useradd
|
||||||
%_sbindir/sss_userdel
|
%_sbindir/sss_userdel
|
||||||
%_sbindir/sss_usermod
|
%_sbindir/sss_usermod
|
||||||
|
%_sbindir/sss_override
|
||||||
%dir %_mandir/??/man8/
|
%dir %_mandir/??/man8/
|
||||||
%_mandir/??/man8/sss_*.8*
|
%_mandir/??/man8/sss_*.8*
|
||||||
%_mandir/man8/sss_*.8*
|
%_mandir/man8/sss_*.8*
|
||||||
|
Loading…
Reference in New Issue
Block a user