Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

sssd-idp-2.9.5-4.el9_5.1 RPM for x86_64

From AlmaLinux 9.5 AppStream for x86_64

Name: sssd-idp Distribution: AlmaLinux
Version: 2.9.5 Vendor: AlmaLinux
Release: 4.el9_5.1 Build date: Tue Nov 12 14:32:17 2024
Group: Unspecified Build host: x64-builder02.almalinux.org
Size: 77459 Source RPM: sssd-2.9.5-4.el9_5.1.src.rpm
Packager: AlmaLinux Packaging Team <packager@almalinux.org>
Url: https://github.com/SSSD/sssd/
Summary: Kerberos plugins and OIDC helper for external identity providers.
This package provides Kerberos plugins that are required to enable
authentication against external identity providers. Additionally a helper
program to handle the OAuth 2.0 Device Authorization Grant is provided.

Provides

Requires

License

GPLv3+

Changelog

* Tue Sep 24 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.5-4.1
  - Resolves: RHEL-59876 - EL9/CentOS Stream 9 lost offline smart card authentication
  - Resolves: RHEL-50912 - possible regression of rhbz#2196521
* Thu Jul 18 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.5-4
  - Resolves: RHEL-49711 - SYSDB: remove index on dataExpireTimestamp
  - Resolves: RHEL-49811 - 2FA is being enforced after upgrading 2.9.1->2.9.4
* Mon Jul 08 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.5-3
  - Resolves: RHEL-40742 - passkey_child with wrong owner
* Mon Jun 24 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.5-2
  - Resolves: RHEL-40742 - passkey_child with wrong owner
  - Resolves: RHEL-41047 - sssd is skipping GPO evaluation with auto_private_groups
  - Resolves: RHEL-40570 - GPO access the wrong memory location
* Thu May 16 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.5-1
  - Resolves: RHEL-36586 - Rebase SSSD for RHEL 9.5
  - Resolves: RHEL-27716 - SSSD fails to process AD groups with 'Global Scope' correctly causing incomplete group-membership on RHEL if cache is empty
  - Resolves: RHEL-17659 - [RfE] SSSD Failover Enhancements
  - Resolves: RHEL-35781 - Passkey errors when handling multiple altSecurityIdentities values
  - Resolves: RHEL-30142 - sssd_pac is crashing
  - Resolves: RHEL-22206 - Errors in krb5_child.log every time a user authenticates - Pre-authentication failed: No pkinit_anchors supplied
  - Resolves: RHEL-32595 - Excessive "Domain not found' messages logged to sssd_nss & sssd_be in multidomain AD forest
  - Resolves: RHEL-28666 - sssctl config-check is reporting false positive error msg
  - Resolves: RHEL-29454 - NULL dereference in inotify handling
  - Resolves: RHEL-1654 - Improve documentation for allowing e-mail address as username
* Mon Apr 29 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.4-7
  - Relates: RHEL-33645 - Rebase Samba to the latest 4.20.x release
* Thu Apr 18 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.4-6
  - Resolves: RHEL-27209 - Race condition during authorization leads to GPO policies functioning inconsistently [rhel-9.4.0]
* Mon Mar 25 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.4-5
  - Resolves: RHEL-28161 - Passkey cannot fall back to password
* Thu Mar 21 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.4-4
  - Resolves: RHEL-28161 - Passkey cannot fall back to password
* Wed Mar 13 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.4-3
  - Resolves: RHEL-22340 - socket leak
  - Resolves: RHEL-28161 - Passkey cannot fall back to password
* Mon Feb 12 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.4-2
  - Resolves: RHEL-12503 - AD users are unable to log in due to case sensitivity of user because the domain is found as an alias to the email address. 
  - Resolves: RHEL-22288 - ssh pubkey stored in ldap/AD no longer works to authenticate via sssd
  - Resolves: RHEL-22194 - gdm smartcard login fails with sssd-2.9.3 in case of multiple identities
* Fri Jan 12 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.4-1
  - Resolves: RHEL-2632 - Rebase SSSD for RHEL 9.4
  - Resolves: RHEL-18395 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users
  - Resolves: RHEL-17498 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') [rhel-9]
  - Resolves: RHEL-21079 - SSSD GPO lacks group resolution on hosts [rhel-9]
  - Resolves: RHEL-19211 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest [rhel-9]
* Mon Nov 13 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.3-2
  - Resolves: RHEL-2632 - Rebase SSSD for RHEL 9.4
* Mon Nov 13 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.3-1
  - Resolves: RHEL-2632 - Rebase SSSD for RHEL 9.4
  - Resolves: RHEL-14427 - Expected cn in RDN, got uid
  - Resolves: RHEL-12229 - HANA validation on RHEL 9.2 issue possibly related to libc/nss_sss behaviour
  - Resolves: RHEL-3925 - SSSD goes offline when, while reading a single user, misses a required attribute (i.e. SID)
  - Resolves: RHEL-2319 - Passkey authentication for centrally managed users
  - Resolves: RHEL-4146 - Incorrect handling of reverse IPv6 update results in update failure
  - Resolves: RHEL-4971 - sssd-kcm does not appear to expire Kerberos tickets (RFE: sssd_kcm should have the option to automatically delete the expired tickets)
* Thu Oct 05 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.2-2
  - Resolves: RHEL-2319 - Passkey authentication for centrally managed users
* Fri Sep 08 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.2-1
  - Resolves: RHEL-2632 - Rebase SSSD for RHEL 9.4
  - Resolves: RHEL-2319 - Passkey authentication for centrally managed users
  - Resolves: rhbz#2234829 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working)
  - Resolves: rhbz#2236119 - dbus and crond getting terminated with SIGBUS in sss_client code
* Mon Jul 10 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.1-2
  - Resolves: rhbz#2218858 - [sssd] SSSD enters failed state after heavy load in the system
* Fri Jun 23 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.1-1
  - Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3
  - Resolves: rhbz#2196816 - [RHEL9] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed'
  - Resolves: rhbz#2162552 - sssd client caches old data after removing netgroup member on IDM
  - Resolves: rhbz#2189542 - [sssd] RHEL 9.3 Tier 0 Localization
  - Resolves: rhbz#2133854 - [RHEL9] In some cases when `sdap_add_incomplete_groups()` is called with `ignore_group_members = true`, groups should be treated as complete
  - Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys
* Tue Jun 06 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.0-5
  - Related: rhbz#2190415 - Rebase Samba to the latest 4.18.x release
    Rebuild against rebased Samba libs.
* Tue May 30 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.0-4
  - Related: rhbz#2190415 - Rebase Samba to the latest 4.18.x release
    Rebuild against rebased Samba libs.
* Thu May 25 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.0-3
  - Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3
* Mon May 15 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.0-1
  - Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3
  - Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys
  - Resolves: rhbz#1913839 - filter_groups doesn't filter GID from 'id' output: AD + 'ldap_id_mapping = True' corner case
  - Resolves: rhbz#2100789 - [Improvement] sssctl config-check command does not show an error when we don't have id_provider in the domain section
  - Resolves: rhbz#2152177 - [RFE] Add support for ldapi:// URLs
  - Resolves: rhbz#2164852 - man page entry should make clear that a nested group needs a name
  - Resolves: rhbz#2166627 - Improvement: sss_client: add 'getsidbyusername()' and 'getsidbygroupname()' and corresponding python bindings
  - Resolves: rhbz#2166943 - kinit switches KCM away from the newly issued ticket
  - Resolves: rhbz#2167728 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed)
* Mon Jan 16 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.8.2-2
  - Resolves: rhbz#2160001 - Reference to 'sssd-ldap-attributes' man page is missing in 'sssd-ldap', etc man pages
  - Resolves: rhbz#2143159 - automount killed by SIGSEGV
* Fri Dec 16 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.8.2-1
  - Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2
  - Resolves: rhbz#1608496 - sssd failing to register dynamic DNS addresses against an AD server due to unnecessary DNS search
  - Resolves: rhbz#2110091 - SSSD doesn't handle changes in 'resolv.conf' properly (when started right before network service)
  - Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level.
  - Resolves: rhbz#2139684 - [sssd] RHEL 9.2 Tier 0 Localization
  - Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list
  - Resolves: rhbz#2142794 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged
  - Resolves: rhbz#2144893 - changing password with ldap_password_policy = shadow does not take effect immediately
  - Resolves: rhbz#2148737 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around
* Fri Nov 04 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.8.1-1
  - Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2
  - Resolves: rhbz#1507035 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file
  - Resolves: rhbz#1766490 - Use negative cache better and domain checks for lookup by SIDs
  - Resolves: rhbz#1964121 - RFE: Add an option to sssd config to convert home directories to lowercase (or add a new template for the 'override_homedir' option)
  - Resolves: rhbz#2074307 - reduce debug level in case well_known_sid_to_name() fails
  - Resolves: rhbz#2096031 - SSSD: sdap_handle_id_collision_for_incomplete_groups debug message missing a new line
  - Resolves: rhbz#2103325 - Supported AD group types should be explained in the docs
  - Resolves: rhbz#2111388 - authenticating against external IdP services okta (native app) with OAuth client secret failed
  - Resolves: rhbz#2115171 - SSSD: duplicate dns_resolver_* option in man sssd.conf
  - Resolves: rhbz#2127492 - sssd timezone issues sudonotafter
  - Resolves: rhbz#2128840 - [RFE] provide dbus method to find users by attr
  - Resolves: rhbz#2128883 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict)
  - Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level.
  - Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list

Files

/etc/krb5.conf.d/sssd_enable_idp
/usr/lib/.build-id
/usr/lib/.build-id/4c
/usr/lib/.build-id/4c/0e27352ecc9e0a7e261126777ee6a6e0f89ad8
/usr/lib/.build-id/e9
/usr/lib/.build-id/e9/ad00a206b07b81216cf17ae68cde3744ea0729
/usr/lib64/sssd/modules/sssd_krb5_idp_plugin.so
/usr/libexec/sssd/oidc_child
/usr/share/sssd/krb5-snippets/sssd_enable_idp


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Nov 15 09:00:43 2024