scabrero/sssd
SHA256
1
0
Fork 1
forked from pool/sssd
Code Pull Requests Activity

Accepting request 479818 from home:stroeder:branches:network:ldap

Browse Source 
update to 1.15.2

OBS-URL: https://build.opensuse.org/request/show/479818
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=185
This commit is contained in:
Jan Engelhardt
2017-03-15 23:57:39 +00:00
committed by Git OBS Bridge
parent 96255f5760
commit fb25d602fc
6 changed files with 42 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
sssd.changes
View File

@@ -1,3 +1,35 @@
-------------------------------------------------------------------
Wed Mar 15 22:18:03 UTC 2017 - michael@stroeder.com
- Update to new upstream release 1.15.2
* It is now possible to configure certain parameters of a trusted domain
in a configuration file sub-section.
* Several issues related to socket-activating the NSS service, especially
if SSSD was configured to use a non-privileged userm were fixed.
The NSS service now doesn't change the ownership of its log files to
avoid triggering a name-service lookup while the NSS service is not
running yet. Additionally, the NSS service is started before any other
service to make sure username resolution works and the other service
can resolve the SSSD user correctly.
* A new option "cache_first" allows the administrator to change the way
multiple domains are searched. When this option is enabled, SSSD will
first try to "pin" the requested name or ID to a domain by searching
the entries that are already cached and contact the domain that contains
the cached entry first. Previously, SSSD would check the cache and the
remote server for each domain. This option brings performance benefit
for setups that use multiple domains (even auto-discovered trusted
domains), especially for ID lookups that would previously iterate over
all domains. Please note that this option must be enabled with care as the
administrator must ensure that the ID space of domains does not overlap.
* The SSSD D-Bus interface gained two new methods:
"FindByNameAndCertificate" and "ListByCertificate". These methods
will be used primarily by IPA and
`mod_lookup_identity <https://github.com/adelton/mod_lookup_identity/>
to correctly match multple users who use the same certificate for Smart
Card login.
* A bug where SSSD did not properly sanitize a username with a newline
character in it was fixed.
-------------------------------------------------------------------
Sat Mar 11 22:34:41 UTC 2017 - jengelh@inai.de