SHA256
1
0
forked from pool/sssd

Trim changelog by smart grammatical reordering

OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=149
This commit is contained in:
Jan Engelhardt 2015-06-14 20:54:24 +00:00 committed by Git OBS Bridge
parent b39414e572
commit 48ad59e229
2 changed files with 35 additions and 57 deletions

View File

@ -2,62 +2,40 @@
Sun Jun 14 17:44:20 UTC 2015 - michael@stroeder.com Sun Jun 14 17:44:20 UTC 2015 - michael@stroeder.com
- Update to new upstream release 1.12.5 - Update to new upstream release 1.12.5
* The background refresh tasks now supports refreshing users and
== Highlights == groups as well. See the "refresh_expired_interval" parameter in
* This release adds several new enhancements and fixes many bugs the sssd.conf manpage.
* Notable new enhancements: * A new option subdomain_inherit was added.
* The background refresh tasks now supports refreshing users and groups * When an expired account attempts to log in, a configurable
as well. Please see the description of the `refresh_expired_interval` error message can be displayed with sufficient pam_verbosity
parameter in the `sssd.conf` man page. setting. See the "pam_account_expired_message" option.
* A new option subdomain_inherit was added. Options included in * OpenLDAP ppolicy can be honored even when an alternate login
the subdomain_inherit option also apply for trusted domains, if method (such as SSH key) is used. See the "ldap_access_order"
supported. This release supports inheriting ignore_group_members, option.
ldap_purge_cache_timeout, ldap_use_tokengroups and * A new option :krb5_map_user" was added, allowing the admin to
ldap_user_principal. map UNIX usernames to Kerberos principals.
* When an expired account attempts to log in, a configurable error * BUG FIXES:
message can be displayed with sufficient pam_verbosity setting. Please * Fixed AD-specific bugs that resulted in the incorrect set of
see the description of the pam_account_expired_message option for groups being displayed after the initgroups operation.
more information. * Fixes related to the IPA ID views feature. Setups using this
* OpenLDAP ppolicy can be honored even when an alternate login method should update sssd on both IPA servers and clients.
(such as SSH key) is used. Please see the description of the new * The AD provider now handles binary GUIDs correctly.
ppolicy value of the ldap_access_order option. * A bug that prevented the `ignore_group_members` parameter to be
* A new option krb5_map_user was added. This option allows the admin used with the AD provider was fixed.
to map UNIX usernames to Kerberos principals. The option would be * The failover code now reads and honors TTL value for SRV
mostly useful for setups that wish to continue using UNIX file-based queries as well.
identities together with SSSD Kerberos authentication
* The important bug fixes include:
* Several AD-specific bugs that resulted in the incorrect set of groups
being displayed after the initgroups operation were fixed
* Many fixes related to the IPA ID views feature are included. Setups
using the ID views feature should update the SSSD instance on both
IPA servers and clients.
* The AD provider now handles binary GUIDs correctly. This bug was
manifested with an error message saying ldb_modify failed: Invalid
attribute syntax.
* The AD provider no longer downloads full group objects during
initgroups request if POSIX attributes are used. This fix may speed
up the login times significantly.
* A bug that prevented the `ignore_group_members` parameter to be used
with the AD provider was fixed
* The fail over code now reads and honors TTL value for SRV queries
as well. Previously, SRV queries used a hardcoded timeout
* The SELinux context set up during login with an IPA provider is only
called if the context had changed. This fixes a performance regression
with the IPA provider.
* Race condition between setting the timeout in the back ends and * Race condition between setting the timeout in the back ends and
reading it in the front end during initgroup operation was fixed. This reading it in the front end during initgroup operation was
bug affected applications that perform the `initgroups(3)` operation fixed. This bug affected applications that perform the
in multiple processes simultaneously. initgroups(3) operation in multiple processes simultaneously.
* Setups that only want to use the domain SSSD is connected to, but not * Setups that only want to use the domain SSSD is connected to,
the autodiscovered trusted domains by setting `subdomains_provider=none` but not the autodiscovered trusted domains by setting
now work correctly as long as the domain SID is set manually in the `subdomains_provider=none` now work correctly as long as the
config file domain SID is set manually in the config file.
* In case only allow rules are used, the simple access provider is * In case only "allow" rules are used, the simple access provider
now able to skip unresolvable groups. is now able to skip unresolvable groups.
* The GPO access control code now handles situations where user and * The GPO access control code now handles situations where user
computer objects were in different domains. Previously, an attempt to and computer objects were in different domains.
log in as user from a different domain than computer always resulted
in login failure.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com

View File

@ -1,7 +1,7 @@
# #
# spec file for package sssd # spec file for package sssd
# #
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed