forked from jengelh/sssd
Accepting request 311988 from home:stroeder:branches:network:ldap
update to 1.12.5 OBS-URL: https://build.opensuse.org/request/show/311988 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=148
This commit is contained in:
parent
7a747e45df
commit
b39414e572
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:ea3be3a40b20284bd3126481dd0747cd07e39d5ef7ef7026d4902d96fc3e9edf
|
||||
size 4226841
|
@ -1,7 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iEYEABECAAYFAlTk1dAACgkQHsardTLnvCWfnwCg4JrLxP6Jjm9GYlTAqQS5N5cb
|
||||
ufYAniGjhC+1IBPQVJYiYiCkzjoYDpq3
|
||||
=XPd1
|
||||
-----END PGP SIGNATURE-----
|
3
sssd-1.12.5.tar.gz
Normal file
3
sssd-1.12.5.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:243d8db7c72ecb21aa9db8a09fe9f9b10049dbdb35a1cc2f55e214f21e3ce256
|
||||
size 4300869
|
7
sssd-1.12.5.tar.gz.asc
Normal file
7
sssd-1.12.5.tar.gz.asc
Normal file
@ -0,0 +1,7 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iEYEABECAAYFAlV6uQEACgkQHsardTLnvCWZCwCdEWMU5ry/swLp5y/DGPXp6GkH
|
||||
4U4AnjTVtz1Vj1R7hyzVKKL6uqsR6kdR
|
||||
=dk0K
|
||||
-----END PGP SIGNATURE-----
|
61
sssd.changes
61
sssd.changes
@ -1,3 +1,64 @@
|
||||
-------------------------------------------------------------------
|
||||
Sun Jun 14 17:44:20 UTC 2015 - michael@stroeder.com
|
||||
|
||||
- Update to new upstream release 1.12.5
|
||||
|
||||
== Highlights ==
|
||||
* This release adds several new enhancements and fixes many bugs
|
||||
* Notable new enhancements:
|
||||
* The background refresh tasks now supports refreshing users and groups
|
||||
as well. Please see the description of the `refresh_expired_interval`
|
||||
parameter in the `sssd.conf` man page.
|
||||
* A new option subdomain_inherit was added. Options included in
|
||||
the subdomain_inherit option also apply for trusted domains, if
|
||||
supported. This release supports inheriting ignore_group_members,
|
||||
ldap_purge_cache_timeout, ldap_use_tokengroups and
|
||||
ldap_user_principal.
|
||||
* When an expired account attempts to log in, a configurable error
|
||||
message can be displayed with sufficient pam_verbosity setting. Please
|
||||
see the description of the pam_account_expired_message option for
|
||||
more information.
|
||||
* OpenLDAP ppolicy can be honored even when an alternate login method
|
||||
(such as SSH key) is used. Please see the description of the new
|
||||
ppolicy value of the ldap_access_order option.
|
||||
* A new option krb5_map_user was added. This option allows the admin
|
||||
to map UNIX usernames to Kerberos principals. The option would be
|
||||
mostly useful for setups that wish to continue using UNIX file-based
|
||||
identities together with SSSD Kerberos authentication
|
||||
* The important bug fixes include:
|
||||
* Several AD-specific bugs that resulted in the incorrect set of groups
|
||||
being displayed after the initgroups operation were fixed
|
||||
* Many fixes related to the IPA ID views feature are included. Setups
|
||||
using the ID views feature should update the SSSD instance on both
|
||||
IPA servers and clients.
|
||||
* The AD provider now handles binary GUIDs correctly. This bug was
|
||||
manifested with an error message saying ldb_modify failed: Invalid
|
||||
attribute syntax.
|
||||
* The AD provider no longer downloads full group objects during
|
||||
initgroups request if POSIX attributes are used. This fix may speed
|
||||
up the login times significantly.
|
||||
* A bug that prevented the `ignore_group_members` parameter to be used
|
||||
with the AD provider was fixed
|
||||
* The fail over code now reads and honors TTL value for SRV queries
|
||||
as well. Previously, SRV queries used a hardcoded timeout
|
||||
* The SELinux context set up during login with an IPA provider is only
|
||||
called if the context had changed. This fixes a performance regression
|
||||
with the IPA provider.
|
||||
* Race condition between setting the timeout in the back ends and
|
||||
reading it in the front end during initgroup operation was fixed. This
|
||||
bug affected applications that perform the `initgroups(3)` operation
|
||||
in multiple processes simultaneously.
|
||||
* Setups that only want to use the domain SSSD is connected to, but not
|
||||
the autodiscovered trusted domains by setting `subdomains_provider=none`
|
||||
now work correctly as long as the domain SID is set manually in the
|
||||
config file
|
||||
* In case only allow rules are used, the simple access provider is
|
||||
now able to skip unresolvable groups.
|
||||
* The GPO access control code now handles situations where user and
|
||||
computer objects were in different domains. Previously, an attempt to
|
||||
log in as user from a different domain than computer always resulted
|
||||
in login failure.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user