Trim changelog by smart grammatical reordering
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=149
This commit is contained in:
parent
b39414e572
commit
48ad59e229
88
sssd.changes
88
sssd.changes
@ -2,62 +2,40 @@
|
|||||||
Sun Jun 14 17:44:20 UTC 2015 - michael@stroeder.com
|
Sun Jun 14 17:44:20 UTC 2015 - michael@stroeder.com
|
||||||
|
|
||||||
- Update to new upstream release 1.12.5
|
- Update to new upstream release 1.12.5
|
||||||
|
* The background refresh tasks now supports refreshing users and
|
||||||
== Highlights ==
|
groups as well. See the "refresh_expired_interval" parameter in
|
||||||
* This release adds several new enhancements and fixes many bugs
|
the sssd.conf manpage.
|
||||||
* Notable new enhancements:
|
* A new option subdomain_inherit was added.
|
||||||
* The background refresh tasks now supports refreshing users and groups
|
* When an expired account attempts to log in, a configurable
|
||||||
as well. Please see the description of the `refresh_expired_interval`
|
error message can be displayed with sufficient pam_verbosity
|
||||||
parameter in the `sssd.conf` man page.
|
setting. See the "pam_account_expired_message" option.
|
||||||
* A new option subdomain_inherit was added. Options included in
|
* OpenLDAP ppolicy can be honored even when an alternate login
|
||||||
the subdomain_inherit option also apply for trusted domains, if
|
method (such as SSH key) is used. See the "ldap_access_order"
|
||||||
supported. This release supports inheriting ignore_group_members,
|
option.
|
||||||
ldap_purge_cache_timeout, ldap_use_tokengroups and
|
* A new option :krb5_map_user" was added, allowing the admin to
|
||||||
ldap_user_principal.
|
map UNIX usernames to Kerberos principals.
|
||||||
* When an expired account attempts to log in, a configurable error
|
* BUG FIXES:
|
||||||
message can be displayed with sufficient pam_verbosity setting. Please
|
* Fixed AD-specific bugs that resulted in the incorrect set of
|
||||||
see the description of the pam_account_expired_message option for
|
groups being displayed after the initgroups operation.
|
||||||
more information.
|
* Fixes related to the IPA ID views feature. Setups using this
|
||||||
* OpenLDAP ppolicy can be honored even when an alternate login method
|
should update sssd on both IPA servers and clients.
|
||||||
(such as SSH key) is used. Please see the description of the new
|
* The AD provider now handles binary GUIDs correctly.
|
||||||
ppolicy value of the ldap_access_order option.
|
* A bug that prevented the `ignore_group_members` parameter to be
|
||||||
* A new option krb5_map_user was added. This option allows the admin
|
used with the AD provider was fixed.
|
||||||
to map UNIX usernames to Kerberos principals. The option would be
|
* The failover code now reads and honors TTL value for SRV
|
||||||
mostly useful for setups that wish to continue using UNIX file-based
|
queries as well.
|
||||||
identities together with SSSD Kerberos authentication
|
|
||||||
* The important bug fixes include:
|
|
||||||
* Several AD-specific bugs that resulted in the incorrect set of groups
|
|
||||||
being displayed after the initgroups operation were fixed
|
|
||||||
* Many fixes related to the IPA ID views feature are included. Setups
|
|
||||||
using the ID views feature should update the SSSD instance on both
|
|
||||||
IPA servers and clients.
|
|
||||||
* The AD provider now handles binary GUIDs correctly. This bug was
|
|
||||||
manifested with an error message saying ldb_modify failed: Invalid
|
|
||||||
attribute syntax.
|
|
||||||
* The AD provider no longer downloads full group objects during
|
|
||||||
initgroups request if POSIX attributes are used. This fix may speed
|
|
||||||
up the login times significantly.
|
|
||||||
* A bug that prevented the `ignore_group_members` parameter to be used
|
|
||||||
with the AD provider was fixed
|
|
||||||
* The fail over code now reads and honors TTL value for SRV queries
|
|
||||||
as well. Previously, SRV queries used a hardcoded timeout
|
|
||||||
* The SELinux context set up during login with an IPA provider is only
|
|
||||||
called if the context had changed. This fixes a performance regression
|
|
||||||
with the IPA provider.
|
|
||||||
* Race condition between setting the timeout in the back ends and
|
* Race condition between setting the timeout in the back ends and
|
||||||
reading it in the front end during initgroup operation was fixed. This
|
reading it in the front end during initgroup operation was
|
||||||
bug affected applications that perform the `initgroups(3)` operation
|
fixed. This bug affected applications that perform the
|
||||||
in multiple processes simultaneously.
|
initgroups(3) operation in multiple processes simultaneously.
|
||||||
* Setups that only want to use the domain SSSD is connected to, but not
|
* Setups that only want to use the domain SSSD is connected to,
|
||||||
the autodiscovered trusted domains by setting `subdomains_provider=none`
|
but not the autodiscovered trusted domains by setting
|
||||||
now work correctly as long as the domain SID is set manually in the
|
`subdomains_provider=none` now work correctly as long as the
|
||||||
config file
|
domain SID is set manually in the config file.
|
||||||
* In case only allow rules are used, the simple access provider is
|
* In case only "allow" rules are used, the simple access provider
|
||||||
now able to skip unresolvable groups.
|
is now able to skip unresolvable groups.
|
||||||
* The GPO access control code now handles situations where user and
|
* The GPO access control code now handles situations where user
|
||||||
computer objects were in different domains. Previously, an attempt to
|
and computer objects were in different domains.
|
||||||
log in as user from a different domain than computer always resulted
|
|
||||||
in login failure.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com
|
Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package sssd
|
# spec file for package sssd
|
||||||
#
|
#
|
||||||
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
|
Loading…
Reference in New Issue
Block a user