Accepting request 1296905 from network:ldap

- Update to release 2.11.1

OBS-URL: https://build.opensuse.org/request/show/1296905
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=144

_scmsync.obsinfo

@@ -0,0 +1,4 @@
+mtime: 1753994117
+commit: 0e0d1361c8452d81d3f95f3e2e6ee1170e16356d1e2c4145af472ea204b6b873
+url: https://src.opensuse.org/jengelh/sssd
+revision: master

build.specials.obscpio

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:a31e4d0a5d8f6b3d45219c049e9bb6f29dc8d630ca5dbc7f9e4e89be2ae35fa2
+size 256

harden_sssd-kcm.service.patch

@@ -2,10 +2,10 @@
  src/sysv/systemd/sssd-kcm.service.in |   13 +++++++++++++
  1 file changed, 13 insertions(+)
 
-Index: sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in
+Index: sssd-2.10.2/src/sysv/systemd/sssd-kcm.service.in
 ===================================================================
---- sssd-2.10.0.orig/src/sysv/systemd/sssd-kcm.service.in
+--- sssd-2.10.2.orig/src/sysv/systemd/sssd-kcm.service.in
-+++ sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in
++++ sssd-2.10.2/src/sysv/systemd/sssd-kcm.service.in
 @@ -8,6 +8,19 @@ After=sssd-kcm.socket
  Also=sssd-kcm.socket
  
@@ -24,5 +24,5 @@ Index: sssd-2.10.0/src/sysv/systemd/sssd-kcm.service.in
 +RestrictRealtime=true
 +# end of automatic additions 
  Environment=DEBUG_LOGGER=--logger=files
- ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@
+ # '-H' is used with @sssdconfdir@ to support use case where /etc/sssd is a symlink.
- ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@
+ # '-H' only allows following a command line argument itself, everything else encountered due to '-R' isn't followed.

logrotate.patch

@@ -0,0 +1,48 @@
+From: Jan Engelhardt <ej@inai.de>
+Date: 2025-07-18 11:02:24.078457348 +0200
+References: https://bugzilla.suse.com/show_bug.cgi?id=1246537
+References: https://github.com/SSSD/sssd/issues/8041
+
+---
+ src/examples/logrotate.in            |    3 +--
+ src/sysv/systemd/sssd-kcm.service.in |    1 +
+ src/sysv/systemd/sssd.service.in     |    1 +
+ 3 files changed, 3 insertions(+), 2 deletions(-)
+
+Index: sssd-2.11.1/src/examples/logrotate.in
+===================================================================
+--- sssd-2.11.1.orig/src/examples/logrotate.in
++++ sssd-2.11.1/src/examples/logrotate.in
+@@ -8,7 +8,6 @@
+     delaycompress
+     su @SSSD_USER@ @SSSD_USER@
+     postrotate
+-        /bin/kill -HUP `cat @pidpath@/sssd.pid 2>/dev/null` 2> /dev/null || true
+-        /bin/pkill -HUP sssd_kcm 2> /dev/null || true
++        /usr/bin/systemctl try-reload-or-restart sssd sssd_kcm
+     endscript
+ }
+Index: sssd-2.11.1/src/sysv/systemd/sssd-kcm.service.in
+===================================================================
+--- sssd-2.11.1.orig/src/sysv/systemd/sssd-kcm.service.in
++++ sssd-2.11.1/src/sysv/systemd/sssd-kcm.service.in
+@@ -32,6 +32,7 @@ ExecStartPre=+-/bin/chmod -f g+x @sssdco
+ ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @secdbpath@/*.ldb"
+ ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_kcm.log*"
+ ExecStart=@libexecdir@/sssd/sssd_kcm ${DEBUG_LOGGER}
++ExecReload=kill -HUP $MAINPID
+ CapabilityBoundingSet= CAP_DAC_READ_SEARCH CAP_SETGID CAP_SETUID
+ SecureBits=noroot noroot-locked
+ User=@SSSD_USER@
+Index: sssd-2.11.1/src/sysv/systemd/sssd.service.in
+===================================================================
+--- sssd-2.11.1.orig/src/sysv/systemd/sssd.service.in
++++ sssd-2.11.1/src/sysv/systemd/sssd.service.in
+@@ -21,6 +21,7 @@ ExecStartPre=+-/bin/sh -c "/bin/chown -f
+ ExecStartPre=+-/bin/chown -f -R -h @SSSD_USER@:@SSSD_USER@ @gpocachepath@
+ ExecStartPre=+-/bin/sh -c "/bin/chown -f -h @SSSD_USER@:@SSSD_USER@ @logpath@/*.log*"
+ ExecStart=@sbindir@/sssd -i ${DEBUG_LOGGER}
++ExecReload=kill -HUP $MAINPID
+ Type=notify
+ NotifyAccess=main
+ Restart=on-abnormal

sssd-2.10.1.tar.gz.asc

@@ -1,16 +0,0 @@
------BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmdYSb4ACgkQ09IbKRDP
-Z1kRyRAAmkKhCUcBs4h2mDg7uzz7DfYFkHXEiY8EMoVP5Iw6ZsNL/V9fwF9xhj49
-XbnCfxj2zFfVWZd5VYnTpl86Hg3NrxuPehgM+iMAXS6U/55TvRPunCtTiRwoTZ4t
-zSgiBaSg3I2hmSN2cnSU8PpilEDCIeSP3uafmGXI1KUxEQltVbp0EeJ5CL5GP3xU
-rFgI1pKdTySlw6jZ3vjkAaHwdsJGB0MKtjiBJYtqvHmIzbUdSNN/iE5Wf5xsdtez
-KKLUrnKeQFuNyYWpjipJvbs7i9+E5VKFvCfrqFb6vQbp+Rgd98epVjp2VKovNy8p
-gZQmgfbi5GCWKuBx+dbaRSFa8hWemEwnBNboV6JKq4+CoPsMkI367utZV5gd58V5
-RHgLsrZfjahAXgG4ytwPhgKDV+sX+sSn4aXIdaSgc+vP7+ykLMxyzyR2GXyG+y11
-WrnovdR0HywHfzvlUnKQmcLUjCkXKVwIMw0oBRa8+YLTD08EeYgu+oXXDpGD0oL1
-YJLLBdr6ycR9Rk/sUqbZgEnzQZPYXazIraUrd71Ry8CaNvqi86Of7sX6SgSQQeg/
-ZPLNcPWPadG/9jpMNJNsXXEZicNJXznQczlXKvRXINOJzknJYwwgH+/55otbzNzq
-EjlOmFEn07bGAHCsHTfydlCeYqD9x+WV/X8CReMFjcaaBH4TDms=
-=S0c5
------END PGP SIGNATURE-----

sssd-2.11.1.tar.gz.asc

@@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCgAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmiLT74ACgkQ09IbKRDP
+Z1nIIQ/+NjryrInjiH9LmBZKa5wgYE8d49aHxtOc4pySV3CFhVMM0cUT0rO1umy3
++4xlvxDs/7OYdZkJapotcpf8CJDyLttxsA4/0gfBDGoCRsRLAXxnoZ9K7+0PgV5j
+2DbB6+0Ay0JJ9IYjJwoIMbSKiWm2/KuqLBicNoaxvYK/OJc/K+3AkPIyqVmOItl8
+23UOMuMn6NRBJP6m0R+LUEJQ4rW6cej1lc+mqsPYlerHY8BmRFzRcFjVqhsgUpQj
+hCTJwq5iUpbhiyDIpYzGeS5Jr0bxAVeAZbo4YcN2GQVawOjLQYOP7UPWFm80JLbQ
+GEvQHHo2YDBxcZEma6Z614/8aQI6nVzc/DMq3ffPb4E5snMJ+/v9LCGN1jjmCPWo
+TSiYZrt33zeJrmsmnImWT4ejErkt7dLV9qOQS6BTjHGtgNgl4qrbiFLSZZk2oJp6
+1eJERF/uqBmBYJ2Bq7Fq0Gp4u90TK6kgLV8pkz71Tl+BUPjoD8H9b6VMrwY0jiux
+FfE9ZjWDDAlaLqRlbpd6lVHiQfkgCUflw7o5E+jSL96S4X+6e1aCcL3vdkLxFSCa
+PCQggDD+Ng2HvNsqQ8Z1eA0k2wNuYUNLKab2eUcc4siIKmoMsPQkgmLUBINiPMyR
+GR6ZQ6xdiQkBFBC+JplQM5AsVddJ7UZ2DCzUzFkriyqua58Cuyo=
+=DoFI
+-----END PGP SIGNATURE-----

sssd-rpmlintrc

@@ -0,0 +1,2 @@
+# See https://github.com/SSSD/sssd/pull/7794 for details
+addFilter("E: missing-call-to-setgroups-before-setuid")

sssd.changes

@@ -1,3 +1,58 @@
+-------------------------------------------------------------------
+Thu Jul 31 16:15:46 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 2.11.1
+  * Fixed AD users in external groups not being cleared once the
+    cache expires.
+  * Fixed `cache_credentials=true` not having any effect.
+  * Fixed socket activation not having an effect for sssd_pam.
+
+-------------------------------------------------------------------
+Fri Jul 18 09:03:19 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Add logrotate.patch [boo#1246537]
+
+-------------------------------------------------------------------
+Wed Jun 11 14:53:26 UTC 2025 - Samuel Cabrero <scabrero@suse.de>
+
+- Install file in krb5.conf.d to include sssd krb5 config snippets;
+  (bsc#1244325);
+
+-------------------------------------------------------------------
+Thu Jun  5 12:14:03 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 2.11
+  * The deprecated tool `sss_ssh_knownhostsproxy` was finally
+    removed.
+  * Support for `id_provider = files` was removed.
+  * SSSD doesn't create any more missing path components of
+    DIR:/FILE: ccache types while acquiring user's TGT.
+  * New generic id and auth provider for Identity Providers (IdPs)
+    for Keycloak/EntraID. [Not enabled in openSUSE for now.]
+
+-------------------------------------------------------------------
+Tue Mar 11 21:35:32 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Run mkdir/rm with verbose mode for the build log
+
+-------------------------------------------------------------------
+Thu Jan 30 14:24:04 UTC 2025 - Jan Engelhardt <jengelh@inai.de>
+
+- Update to release 2.10.2
+  * If the ssh responder is not running, sss_ssh_knownhosts will
+    not fail (but it will not return the keys).
+  * SSSD is now capable of handling multiple services associated
+    with the same port.
+  * sssd_pam, being a privileged binary, now clears the
+    environment and does not allow configuration of the
+    PR_SET_DUMPABLE flag as a precaution.
+
+-------------------------------------------------------------------
+Wed Jan 22 09:21:43 UTC 2025 - Dominique Leuenberger <dimstar@opensuse.org>
+
+- Drop build dependency on ncsd, which has been deprecated
+  (boo#1239262).
+
 -------------------------------------------------------------------
 Tue Jan 21 16:33:00 UTC 2025 - Samuel Cabrero <scabrero@suse.de>
 
@@ -1874,7 +1929,6 @@ Wed Apr  4 16:13:33 PDT 2012 - ben.kevan@gmail.com
   connect to an auth server
 
 -------------------------------------------------------------------
-
 Sun Mar 11 18:36:44 UTC 2012 - jengelh@medozas.de
 
 - Update to new upstream release 1.8.0

sssd.spec

@@ -17,7 +17,7 @@
 
 
 Name:           sssd
-Version:        2.10.1
+Version:        2.11.1
 Release:        0
 Summary:        System Security Services Daemon
 License:        GPL-3.0-or-later AND LGPL-3.0-or-later
@@ -28,11 +28,13 @@ Source:         https://github.com/SSSD/sssd/releases/download/%version/%name-%v
 Source2:        https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc
 Source3:        baselibs.conf
 Source5:        %name.keyring
+Source6:        %name-rpmlintrc
 Patch1:         0001-TOOL-Fix-build-parameter-name-omitted.patch
 Patch11:        krb-noversion.diff
 Patch12:        harden_sssd-ifp.service.patch
 Patch13:        harden_sssd-kcm.service.patch
 Patch14:        symvers.patch
+Patch15:        logrotate.patch
 BuildRequires:  autoconf >= 2.59
 BuildRequires:  automake
 BuildRequires:  bind-utils
@@ -50,7 +52,6 @@ BuildRequires:  libunistring-devel
 BuildRequires:  libxml2-tools
 BuildRequires:  libxslt-tools
 BuildRequires:  libopenssl-3-devel
-BuildRequires:  nscd
 BuildRequires:  nss_wrapper
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel
@@ -89,6 +90,7 @@ BuildRequires:  pkgconfig(p11-kit-1) >= 0.23.3
 BuildRequires:  pkgconfig(popt)
 BuildRequires:  pkgconfig(python3)
 BuildRequires:  pkgconfig(smbclient)
+BuildRequires:  pkgconfig(systemd)
 BuildRequires:  pkgconfig(talloc)
 BuildRequires:  pkgconfig(tdb) >= 1.1.3
 BuildRequires:  pkgconfig(tevent)
@@ -130,10 +132,6 @@ Obsoletes:      sssd-common < %version-%release
 %define permissions_path %_sysconfdir/permissions.d/
 %endif
 
-# Both SSSD and cifs-utils provide an idmap plugin for cifs.ko
-# %%_sysconfdir/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap plugins,
-# cifs-utils or sssd. The plugins are individually packaged and conflicts with each other
-# (https://bugzilla.suse.com/show_bug.cgi?id=1235789).
 %define cifs_idmap_plugin       %_sysconfdir/cifs-utils/idmap-plugin
 %define cifs_idmap_lib          %_libdir/cifs-utils/cifs_idmap_sss.so
 
@@ -252,13 +250,19 @@ UIDs/GIDs and SIDs.
 %package cifs-idmap-plugin
 Summary:        The sssd idmap plugin for cifs.idmap
 Group:          System/Libraries
+# Conflict as per https://bugzilla.suse.com/1235789
 Provides:       cifs-idmap-plugin
 Conflicts:      cifs-idmap-plugin
 
 %description cifs-idmap-plugin
-The cifs.idmap(8) userspace helper relies on a plugin to handle the ID mapping.
+The cifs.idmap(8) userspace helper relies on a plugin to handle the
-This package contains the sssd ID mapping plugin.
+ID mapping. This package contains the ID mapping plugin that will use
+sssd.
 
+In SUSE systems, only one such plugin can be installed at a time
+(either the one from sssd, or from cifs-utils).
+Without the plugin, file objects in a mounted share have UID/GID of
+the original mounting process.
 
 %package -n libsss_certmap0
 Summary:        FreeIPA ID mapping library
@@ -415,9 +419,6 @@ Security Services Daemon (sssd).
 %autosetup -p1
 
 %build
-# help configure find nscd
-export PATH="$PATH:/usr/sbin"
-
 autoreconf -fiv
 %configure \
 	--with-db-path="%dbpath" \
@@ -440,8 +441,7 @@ autoreconf -fiv
 	--with-subid
 %else
 	--with-selinux=no \
-	--with-libsifp \
+	--with-libsifp
-	--with-files-provider
 %endif
 %make_build all
 
@@ -453,26 +453,26 @@ b="%buildroot"
 
 # Copy some defaults
 %if "%{?_distconfdir}" != ""
-install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_distconfdir/sssd/sssd.conf"
+install -Dpvm 0600 src/examples/sssd-example.conf "$b/%_distconfdir/sssd/sssd.conf"
-install -d -m 0755 "$b/%_distconfdir/sssd/conf.d"
+install -dvm 0755 "$b/%_distconfdir/sssd/conf.d"
 %else
-install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
+install -Dpm 0600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
-install -d -m 0755 "$b/%_sysconfdir/sssd/conf.d"
+install -dvm 0755 "$b/%_sysconfdir/sssd/conf.d"
 %endif
-install -d "$b/%_unitdir"
+install -dv "$b/%_unitdir"
 %if 0%{?suse_version} > 1500
-install -d "$b/%_distconfdir/logrotate.d"
+install -dv "$b/%_distconfdir/logrotate.d"
-install -m644 src/examples/logrotate "$b/%_distconfdir/logrotate.d/sssd"
+install -vm644 src/examples/logrotate "$b/%_distconfdir/logrotate.d/sssd"
-install -d "$b/%_pam_vendordir"
+install -dv "$b/%_pam_vendordir"
 mv "$b/%_pam_confdir/sssd-shadowutils" "$b/%_pam_vendordir"
 %else
-install -d "$b/%_sysconfdir/logrotate.d"
+install -dv "$b/%_sysconfdir/logrotate.d"
-install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd"
+install -vm644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd"
 %endif
 
 rm -Rfv "$b/%_initddir"
 %if 0%{?suse_version} < 1600
-ln -s service "$b/%_sbindir/rcsssd"
+ln -sv service "$b/%_sbindir/rcsssd"
 %endif
 
 mkdir -pv "$b/%sssdstatedir/mc"
@@ -480,8 +480,8 @@ find "$b" -type f -name "*.la" -print -delete
 %find_lang %name --all-name
 
 # dummy target for cifs-idmap-plugin
-mkdir -p %{buildroot}%{_sysconfdir}/cifs-utils
+mkdir -pv %buildroot/%_sysconfdir/cifs-utils
-ln -s -f %{cifs_idmap_lib} %{buildroot}%{cifs_idmap_plugin}
+ln -sfv %cifs_idmap_lib %buildroot/%cifs_idmap_plugin
 
 %python3_fix_shebang
 %if 0%{?suse_version} > 1600
@@ -492,16 +492,16 @@ sed -i '1s@#!.*python.*@#!%_bindir/python3.11@' "$b/%_libexecdir/%name/sss_analy
 %endif
 
 echo 'u sssd - "System Security Services Daemon" /run/sssd /sbin/nologin' >system-user-sssd.conf
-mkdir -p "$b/%_sysusersdir"
+mkdir -pv "$b/%_sysusersdir"
-cp -a system-user-sssd.conf "$b/%_sysusersdir/"
+cp -av system-user-sssd.conf "$b/%_sysusersdir/"
 %sysusers_generate_pre system-user-sssd.conf random system-user-sssd.conf
-install -Dpm 0644 contrib/sssd-tmpfiles.conf "%buildroot/%_tmpfilesdir/%name.conf"
+install -Dpvm 0644 contrib/sssd-tmpfiles.conf "%buildroot/%_tmpfilesdir/%name.conf"
 #
 # Security considerations for capabilities, chown and stuff:
 # https://www.openwall.com/lists/oss-security/2024/12/19/1
 #
 # should match entry from %%files list
-mkdir -p "$b/%permissions_path"
+mkdir -pv "$b/%permissions_path"
 cat >"$b/%permissions_path/sssd" <<-EOF
 	%_libexecdir/sssd/sssd_pam root:sssd 0750
 	 +capabilities cap_dac_read_search=p
@@ -513,6 +513,10 @@ cat >"$b/%permissions_path/sssd" <<-EOF
 	 +capabilities cap_dac_read_search=p
 EOF
 
+mkdir -pv "$b/%_sysconfdir/krb5.conf.d"
+ln -sv %_datadir/%name/krb5-snippets/enable_sssd_conf_dir \
+       "$b/%_sysconfdir/krb5.conf.d/enable_sssd_conf_dir"
+
 %check
 # sss_config-tests fails
 %make_build check || :
@@ -671,12 +675,8 @@ fi
 %_mandir/??/man1/sss_ssh_*
 %_mandir/??/man5/sss-certmap.5*
 %_mandir/??/man5/sssd-ad.5*
-%if 0%{?suse_version} < 1600
-%_mandir/??/man5/sssd-files.5*
-%endif
 %_mandir/??/man5/sssd-ldap-attributes.5*
 %_mandir/??/man5/sssd-session-recording.5*
-%_mandir/??/man5/sssd-simple.5*
 %_mandir/??/man5/sssd-sudo.5*
 %_mandir/??/man5/sssd-systemtap.5*
 %_mandir/??/man5/sssd.conf.5*
@@ -684,9 +684,6 @@ fi
 %_mandir/??/man8/sssd.8*
 %_mandir/man1/sss_ssh_*
 %_mandir/man5/sss-certmap.5*
-%if 0%{?suse_version} < 1600
-%_mandir/man5/sssd-files.5*
-%endif
 %_mandir/man5/sssd-ldap-attributes.5*
 %_mandir/man5/sssd-session-recording.5*
 %_mandir/man5/sssd-simple.5*
@@ -700,9 +697,6 @@ fi
 %_libdir/%name/libsss_cert*
 %_libdir/%name/libsss_crypt*
 %_libdir/%name/libsss_debug*
-%if 0%{?suse_version} < 1600
-%_libdir/%name/libsss_files*
-%endif
 %_libdir/%name/libsss_iface*
 %_libdir/%name/libsss_sbus*
 %_libdir/%name/libsss_simple*
@@ -729,7 +723,6 @@ fi
 %attr(755,%sssd_user,%sssd_user) %dir %pipepath/
 %attr(700,%sssd_user,%sssd_user) %dir %pipepath/private/
 %attr(755,%sssd_user,%sssd_user) %dir %pubconfpath/
-%attr(755,%sssd_user,%sssd_user) %dir %pubconfpath/krb5.include.d
 %attr(755,%sssd_user,%sssd_user) %dir %gpocachepath/
 %attr(755,%sssd_user,%sssd_user) %dir %mcpath/
 %attr(700,%sssd_user,%sssd_user) %dir %keytabdir/
@@ -756,22 +749,16 @@ fi
 %_datadir/%name/sssd.api.conf
 %dir %_datadir/%name/sssd.api.d/
 %_datadir/%name/sssd.api.d/sssd-simple.conf
-%if 0%{?suse_version} < 1600
-%_datadir/%name/sssd.api.d/sssd-files.conf
-%else
-%exclude %_mandir/*/*/sssd-files.5.gz
-%endif
 %attr(775,%sssd_user,%sssd_user) %ghost %dir %_rundir/sssd
 %doc src/examples/sssd.conf
 #
-# sssd-client
+# %%files sssd-client
 #
 %_libdir/libnss_sss.so.2
 %_pam_moduledir/pam_sss.so
 %_pam_moduledir/pam_sss_gss.so
 %_libdir/krb5/
 %_libdir/%name/modules/sssd_krb5_localauth_plugin.so
-%exclude %_libdir/%name/modules/sssd_krb5_idp_plugin.so
 %if 0%{?suse_version} >= 1600
 %_libdir/libsubid_sss.so
 %endif
@@ -783,7 +770,12 @@ fi
 %_mandir/man8/sssd_krb5_localauth_plugin.8*
 %_mandir/??/man8/sssd_krb5_localauth_plugin.8*
 %_mandir/man8/sssd_krb5_locator_plugin.8*
-
+#
+# %%files sssd-idp
+#
+%exclude %_libdir/sssd/libsss_idp.so
+%exclude %_libdir/%name/modules/sssd_krb5_idp_plugin.so
+%exclude %_mandir/man5/sssd-idp*
 
 %files ad
 %dir %_libdir/%name/
@@ -834,7 +826,6 @@ fi
 %dir %_libdir/%name/
 %_libdir/%name/libsss_krb5.so
 %dir %_datadir/%name/
-%exclude %_datadir/%name/krb5-snippets/
 %dir %_datadir/%name/sssd.api.d/
 %_datadir/%name/sssd.api.d/sssd-krb5.conf
 %dir %_mandir/??/
@@ -843,11 +834,16 @@ fi
 %_mandir/??/man5/sssd-krb5.5*
 
 %files krb5-common
+%attr(755,root,root) %dir %pubconfpath/krb5.include.d
+%config(noreplace,missingok) %{_sysconfdir}/krb5.conf.d/enable_sssd_conf_dir
 %dir %_libdir/%name/
 %_libdir/%name/libsss_krb5_common.so
 %dir %_libexecdir/%name/
 %attr(750,root,%sssd_user) %caps(cap_dac_read_search,cap_setgid,cap_setuid=p) %_libexecdir/%name/krb5_child
 %attr(750,root,%sssd_user) %caps(cap_dac_read_search=p) %_libexecdir/%name/ldap_child
+%dir %{_datadir}/sssd/krb5-snippets
+%_datadir/%name/krb5-snippets/enable_sssd_conf_dir
+%_datadir/%name/krb5-snippets/sssd_enable_idp
 
 %files ldap
 %dir %_libdir/%name/
@@ -933,16 +929,6 @@ fi
 %_libdir/libsss_nss_idmap.so
 %_libdir/pkgconfig/sss_nss_idmap.pc
 
-%if 0%{?suse_version} < 1600
-%files -n libsss_simpleifp0
-%_libdir/libsss_simpleifp.so.0*
-
-%files -n libsss_simpleifp-devel
-%_includedir/sss_sifp*.h
-%_libdir/libsss_simpleifp.so
-%_libdir/pkgconfig/sss_simpleifp.pc
-%endif
-
 %files -n python3-ipa_hbac
 %dir %python3_sitearch
 %python3_sitearch/pyhbac.so