Type: | ENHANCEMENT |
Severity: | NA |
Release Date: | 2017-08-08 |
[1.15.2-50]
- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly
connected to AD child domain
[1.15.2-49]
- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users
from trusted domains with the same name when
shortname user resolution is enabled
[1.15.2-48]
- Resolves: rhbz#1459846 - krb5: properly handle 'password expired'
information retured by the KDC during
PKINIT/Smartcard authentication
[1.15.2-47]
- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate
most of the entries once the cleanup task kicks in
[1.15.2-46]
- Resolves: rhbz#1455254 - Make domain available as user attribute
[1.15.2-45]
- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password
[1.15.2-44]
- Resolves: rhbz#1457927 - getent failed to fetch netgroup information
after changing default_domain_suffix to
ADdomin in /etc/sssd/sssd.conf
[1.15.2-43]
- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working
properly in v 1.15
[1.15.2-42]
- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master
[1.15.2-41]
- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to
IdM user and AD user
[1.15.2-40]
- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups
does not resolve groups into names with AD
[1.15.2-39]
- Resolves: rhbz#1450094 - Properly support IPA's promptusername config
option
[1.15.2-38]
- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in
sssd.conf due to an off-by-one error when
constructing the child send buffer
- Resolves: rhbz#1456531 - Option name typos are not detected with validator
function of sssctl config-check command in domain
sections
[1.15.2-37]
- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups
for an AD user in IPA-AD trust environment.
[1.15.2-36]
- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name
might fail
- Fix Coverity issues in patches for rhbz#1445445
[1.15.2-35]
- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to
IdM user and AD user
[1.15.2-34]
- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition
between two concurrent requests
[1.15.2-33]
- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail
[1.15.2-32]
- Resolves: rhbz#1306707 - Need better debug message when krb5_child
returns an unhandled error, leading to a
System Error PAM code
[1.15.2-31]
- Resolves: rhbz#1446535 - Group resolution does not work in subdomain
without ad_server option
[1.15.2-30]
- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from
multiple domains
- Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by
certificate
- Additional patch for rhbz#1440132
[1.15.2-29]
- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient
- Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4
- Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64)
scriptlet failed, exit status 3
[1.15.2-28]
- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working
properly in v 1.15
- Also apply an additional patch for rhbz#1441545
[1.15.2-25]
- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to
IdM user and AD user
[1.15.2-24]
- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain
with ad_access_filter
[1.15.2-23]
- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and
sss_ssh_knownhostsproxy manuals to be packaged
into sssd-common package
[1.15.2-22]
- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains
for group-by-GID requests, causing unnecessary
searches
[1.15.2-21]
- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not
return the users with overrides
[1.15.2-20]
- Resolves: rhbz#1441545 - With multiple subdomain sections id command
output for user is not displayed for both domains
[1.15.2-19]
- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option
in sssd.conf causes nameservice lookups to fail.
[1.15.2-18]
- Remove an unused variable from the sssd-secrets responder
- Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http
- Improve two DEBUG messages in the client trust code to aid troubleshooting
- Fix standalone application domains
- Related: rhbz#1425891 - Support delivering non-POSIX users and groups
through the IFP and PAM interfaces
[1.15.2-17]
- Allow completely server-side unqualified name resolution if the domain order is set,
do not require any client-side changes
- Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from
all domains when domain autodiscovery is used or when
IPA client resolves trusted AD domain users
[1.15.2-16]
- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate
group information for trusted AD users
[1.15.2-15]
- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long
host name
[1.15.2-14]
- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in
unprivileged container unless
selinux_provider = none is used
[1.15.2-13]
- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function():
/usr/libexec/sssd/sssd_pam killed by 6
[1.15.2-12]
- Resolves: rhbz#1432112 - sssctl config-check does not give any error
when default configuration file is not present
[1.15.2-11]
- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf():
/usr/libexec/sssd/sssd_be killed by 11
[1.15.2-10]
- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted
or machine swaps
[1.15.2-9]
- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a
failure is in SSSD or not when using layered
products like RH-SSO/CFME etc
[1.15.2-8]
- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http
[1.15.2-7]
- Fix off-by-one error in the KCM responder
- Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD
[1.15.2-6]
- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups
through the IFP and PAM interfaces
[1.15.2-5]
- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in
ssh respoder
[1.15.2-4]
- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for
users from all domains when domain autodiscovery
is used or when IPA client resolves trusted AD
domain users
- Also backport some buildtime fixes for the KCM responder
- Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD
[1.15.2-3]
- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD
[1.15.2-2]
- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for
authentication to distinct logon accounts
[1.15.2-1]
- Update to upstream 1.15.2
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html
- Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict
entries
- Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones
are configured as non-secure and secure
- Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain
in the SSSD server mode
[1.15.1-2]
- Drop 'NOUPSTREAM: Bundle http-parser' patch
Related: rhbz#1393819 - New package: http-parser
[1.15.1-1]
- Update to upstream 1.15.1
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html
- Resolves: rhbz#1327085 - Don't prompt for password if there is already
one on the stack
- Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME
request aware of UPNs and aliases
- Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider
- Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page
- Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no
conversation function is provided by the
client app
- Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are
two user entries in an ldap role with the same
sudo user
- Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case
resulting in users unable to sign in
[1.15.0-2]
- Fix several packaging issues, notably the p11_child is no longer setuid
and the libwbclient used a wrong version number in the symlink
[1.15.0-1]
- Update to upstream 1.15.0
- Resolves: rhbz#1393824 - Rebase SSSD to version 1.15
- Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL
- Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory
- Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is
writeable and readable at the same time
- Resolves: rhbz#1393085 - bz - ldap group names don't resolve after
upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0
- Resolves: rhbz#1392444 - sssd_be keeps crashing
- Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3
- Resolves: rhbz#1382602 - autofs map resolution doesn't work offline
- Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains
- Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page
- Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error
- Resolves: rhbz#1306707 - Need better handling of 'Server not found in
Kerberos database'
- Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth
plugin config
[1.14.0-46]
- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check
[1.14.0-45]
- Resolves: rhbz#1378911 - No supplementary groups are resolved for users
in nested OUs when domain stanza differs from AD
domain
[1.14.0-44]
- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local
group with the AD provider when following AGGUDLP
group structure across domains
Release/Architecture | Filename | MD5sum | Superseded By Advisory |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team