SHA256
1
0
forked from jengelh/sssd

Accepting request 311988 from home:stroeder:branches:network:ldap

update to 1.12.5

OBS-URL: https://build.opensuse.org/request/show/311988
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=148
This commit is contained in:
Jan Engelhardt 2015-06-14 20:48:52 +00:00 committed by Git OBS Bridge
parent 7a747e45df
commit b39414e572
6 changed files with 72 additions and 11 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ea3be3a40b20284bd3126481dd0747cd07e39d5ef7ef7026d4902d96fc3e9edf
size 4226841

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlTk1dAACgkQHsardTLnvCWfnwCg4JrLxP6Jjm9GYlTAqQS5N5cb
ufYAniGjhC+1IBPQVJYiYiCkzjoYDpq3
=XPd1
-----END PGP SIGNATURE-----

3
sssd-1.12.5.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:243d8db7c72ecb21aa9db8a09fe9f9b10049dbdb35a1cc2f55e214f21e3ce256
size 4300869

7
sssd-1.12.5.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlV6uQEACgkQHsardTLnvCWZCwCdEWMU5ry/swLp5y/DGPXp6GkH
4U4AnjTVtz1Vj1R7hyzVKKL6uqsR6kdR
=dk0K
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,64 @@
-------------------------------------------------------------------
Sun Jun 14 17:44:20 UTC 2015 - michael@stroeder.com
- Update to new upstream release 1.12.5
== Highlights ==
* This release adds several new enhancements and fixes many bugs
* Notable new enhancements:
* The background refresh tasks now supports refreshing users and groups
as well. Please see the description of the `refresh_expired_interval`
parameter in the `sssd.conf` man page.
* A new option subdomain_inherit was added. Options included in
the subdomain_inherit option also apply for trusted domains, if
supported. This release supports inheriting ignore_group_members,
ldap_purge_cache_timeout, ldap_use_tokengroups and
ldap_user_principal.
* When an expired account attempts to log in, a configurable error
message can be displayed with sufficient pam_verbosity setting. Please
see the description of the pam_account_expired_message option for
more information.
* OpenLDAP ppolicy can be honored even when an alternate login method
(such as SSH key) is used. Please see the description of the new
ppolicy value of the ldap_access_order option.
* A new option krb5_map_user was added. This option allows the admin
to map UNIX usernames to Kerberos principals. The option would be
mostly useful for setups that wish to continue using UNIX file-based
identities together with SSSD Kerberos authentication
* The important bug fixes include:
* Several AD-specific bugs that resulted in the incorrect set of groups
being displayed after the initgroups operation were fixed
* Many fixes related to the IPA ID views feature are included. Setups
using the ID views feature should update the SSSD instance on both
IPA servers and clients.
* The AD provider now handles binary GUIDs correctly. This bug was
manifested with an error message saying ldb_modify failed: Invalid
attribute syntax.
* The AD provider no longer downloads full group objects during
initgroups request if POSIX attributes are used. This fix may speed
up the login times significantly.
* A bug that prevented the `ignore_group_members` parameter to be used
with the AD provider was fixed
* The fail over code now reads and honors TTL value for SRV queries
as well. Previously, SRV queries used a hardcoded timeout
* The SELinux context set up during login with an IPA provider is only
called if the context had changed. This fixes a performance regression
with the IPA provider.
* Race condition between setting the timeout in the back ends and
reading it in the front end during initgroup operation was fixed. This
bug affected applications that perform the `initgroups(3)` operation
in multiple processes simultaneously.
* Setups that only want to use the domain SSSD is connected to, but not
the autodiscovered trusted domains by setting `subdomains_provider=none`
now work correctly as long as the domain SID is set manually in the
config file
* In case only allow rules are used, the simple access provider is
now able to skip unresolvable groups.
* The GPO access control code now handles situations where user and
computer objects were in different domains. Previously, an attempt to
log in as user from a different domain than computer always resulted
in login failure.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com

View File

@ -17,7 +17,7 @@
Name: sssd Name: sssd
Version: 1.12.4 Version: 1.12.5
Release: 0 Release: 0
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPL-3.0+ and LGPL-3.0+ License: GPL-3.0+ and LGPL-3.0+