- Update to new minor upstream release 1.16.2
New Features: * The smart card authentication, or in more general certificate authentication code now supports OpenSSL in addition to previously supported NSS (#3489). In addition, the SSH responder can now return public SSH keys derived from the public keys stored in a X.509 certificate. Please refer to the ssh_use_certificate_keys option in the man pages. * The files provider now supports mirroring multiple passwd or group files. This enhancement can be used to use the SSSD files provider instead of the nss_altfiles module Bugfixes: * A memory handling issue in the nss_ex interface was fixed. This bug would manifest in IPA environments with a trusted AD domain as a crash of the ns-slapd process, because a ns-slapd plugin loads the nss_ex interface (#3715) * Several fixes for the KCM deamon were merged (see #3687, #3671, #3633) * The ad_site override is now honored in GPO code as well (#3646) * Several potential crashes in the NSS responder’s netgroup code were fixed (#3679, #3731) * A potential crash in the autofs responder’s code was fixed (#3752) * The LDAP provider now supports group renaming (#2653) * The GPO access control code no longer returns an error if one of the relevant GPO rules contained no SIDs at all (#3680) * A memory leak in the IPA provider related to resolving external AD groups was fixed (#3719) * Setups that used multiple domains where one of the domains had its ID space limited using the min_id/max_id options did not resolve requests by ID properly (#3728) * Overriding IDs or names did not work correctly when the domain OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=197
This commit is contained in:
parent
98844f4892
commit
12009674a9
49
sssd.changes
49
sssd.changes
@ -1,3 +1,52 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Jun 20 08:38:53 UTC 2018 - varkoly@suse.com
|
||||||
|
|
||||||
|
- Update to new minor upstream release 1.16.2
|
||||||
|
New Features:
|
||||||
|
* The smart card authentication, or in more general certificate
|
||||||
|
authentication code now supports OpenSSL in addition to previously
|
||||||
|
supported NSS (#3489). In addition, the SSH responder can now
|
||||||
|
return public SSH keys derived from the public keys stored in a
|
||||||
|
X.509 certificate. Please refer to the ssh_use_certificate_keys
|
||||||
|
option in the man pages.
|
||||||
|
* The files provider now supports mirroring multiple passwd or
|
||||||
|
group files. This enhancement can be used to use the SSSD files
|
||||||
|
provider instead of the nss_altfiles module
|
||||||
|
Bugfixes:
|
||||||
|
* A memory handling issue in the nss_ex interface was fixed. This
|
||||||
|
bug would manifest in IPA environments with a trusted AD domain
|
||||||
|
as a crash of the ns-slapd process, because a ns-slapd plugin
|
||||||
|
loads the nss_ex interface (#3715)
|
||||||
|
* Several fixes for the KCM deamon were merged (see #3687, #3671, #3633)
|
||||||
|
* The ad_site override is now honored in GPO code as well (#3646)
|
||||||
|
* Several potential crashes in the NSS responder’s netgroup code
|
||||||
|
were fixed (#3679, #3731)
|
||||||
|
* A potential crash in the autofs responder’s code was fixed (#3752)
|
||||||
|
* The LDAP provider now supports group renaming (#2653)
|
||||||
|
* The GPO access control code no longer returns an error if one
|
||||||
|
of the relevant GPO rules contained no SIDs at all (#3680)
|
||||||
|
* A memory leak in the IPA provider related to resolving external
|
||||||
|
AD groups was fixed (#3719)
|
||||||
|
* Setups that used multiple domains where one of the domains had
|
||||||
|
its ID space limited using the min_id/max_id options did not
|
||||||
|
resolve requests by ID properly (#3728)
|
||||||
|
* Overriding IDs or names did not work correctly when the domain
|
||||||
|
resolution order was set as well (#3595)
|
||||||
|
* A version mismatch between certain newer Samba versions (e.g.
|
||||||
|
those shipped in RHEL-7.5) and the Winbind interface provided
|
||||||
|
by SSSD was fixed. To further prevent issues like this in the
|
||||||
|
future, the correct interface is now detected at build time (#3741)
|
||||||
|
* The files provider no longer returns a qualified name in case
|
||||||
|
domain resolution order is used (#3743)
|
||||||
|
* A race condition between evaluating IPA group memberships and
|
||||||
|
AD group memberships in setups with IPA-AD trusts that would
|
||||||
|
have manifested as randomly losing IPA group memberships assigned
|
||||||
|
to an AD user was fixed (#3744)
|
||||||
|
* Setting an SELinux login label was broken in setups where the
|
||||||
|
domain resolution order was used (#3740)
|
||||||
|
* SSSD start up issue on systems that use the libldb library
|
||||||
|
with version 1.4.0 or newer was fixed.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Apr 27 14:43:58 UTC 2018 - ckowalczyk@suse.com
|
Fri Apr 27 14:43:58 UTC 2018 - ckowalczyk@suse.com
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user