-
Fri Oct 08 2021 EL Errata <el-errata_ww@oracle.com> - 2.5.2-2.0.1
- Restore default debug level for sss_cache [Orabug: 32810448]
- Restore default debug level for shadow-utils tools [Orabug: 32810448]
- Revert Redhat's change of disallowing duplicated incomplete gid
when "id_provider=ldap" is used, which caused regression in AD
environment. [Orabug: 29286774] [Doc ID 2605732.1]
-
Mon Aug 02 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-2
- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8]
- Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization
-
Mon Jul 12 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-1
- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5
- Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU
- Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber`
- Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling
- Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address
- Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group
- Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade
-
Mon Jun 21 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.1-2
- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken
- Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument
- Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)
-
Tue Jun 08 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.1-1
- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5
- Resolves: rhbz#1942387 - Wrong default debug level of sssd tools
- Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory
- Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file
- Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout
- Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests
- Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust
- Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection
- Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found
- Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group
- Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable
- Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory.
- Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf
-
Mon May 10 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.0-1
- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5
- Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11
- Resolves: rhbz#1942387 - Wrong default debug level of sssd tools
- Resolves: rhbz#1945888 - Inconsistant debug level for connection logging
- Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets
- Resolves: rhbz#1949149 - [RFE] Poor man's backtrace
- Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR
- Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail.
- Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs
- Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path
- Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm
- Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries
- Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection
- Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries
- Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries
- Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains.
- Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable
- Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used
- Resolves: rhbz#1703436 - sssd not thread-safe in innetgr()
- Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen
- Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page
- Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page
- Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp
- Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3)
- Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7
- Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login
- Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive
-
Fri Feb 12 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.4.0-8
- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss
- Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0.
- Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)
-
Tue Jan 26 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.4.0-7
- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules
- Resolves: rhbz#1918433 - sssd unable to lookup certmap rules
- Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11
-
Mon Jan 18 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.4.0-6
- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched
- Resolves: rhbz#1915395 - Memory leak in the simple access provider
- Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup
- Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)
-
Mon Dec 28 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.4.0-5
- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value
- Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches)
- Resolves: rhbz#1893159 - Default debug level should report all errors / failures
- Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication