Package sssd: Information

    Source package: sssd
    Version: 2.9.4-alt1
    Build time:  Feb 22, 2024, 06:21 AM
    Category: System/Servers
    Report package bug
    Home page: https://pagure.io/SSSD/sssd
    License: GPLv3+
    Summary: System Security Services Daemon
    Description: 
    Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.

The sssd subpackage is a meta-package that contains the deamon as well as all
the existing back ends.
    List of rpms provided by this srpm:
    libipa_hbac (e2kv6, e2kv5, e2kv4, e2k)
    libipa_hbac-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    libipa_hbac-devel (e2kv6, e2kv5, e2kv4, e2k)
    libsss_autofs (e2kv6, e2kv5, e2kv4, e2k)
    libsss_autofs-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    libsss_certmap (e2kv6, e2kv5, e2kv4, e2k)
    libsss_certmap-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    libsss_certmap-devel (e2kv6, e2kv5, e2kv4, e2k)
    libsss_idmap (e2kv6, e2kv5, e2kv4, e2k)
    libsss_idmap-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    libsss_idmap-devel (e2kv6, e2kv5, e2kv4, e2k)
    libsss_nss_idmap (e2kv6, e2kv5, e2kv4, e2k)
    libsss_nss_idmap-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    libsss_nss_idmap-devel (e2kv6, e2kv5, e2kv4, e2k)
    libsss_sudo (e2kv6, e2kv5, e2kv4, e2k)
    libsss_sudo-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    python3-module-ipa_hbac (e2kv6, e2kv5, e2kv4, e2k)
    python3-module-ipa_hbac-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    python3-module-sss (e2kv6, e2kv5, e2kv4, e2k)
    python3-module-sss-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    python3-module-sss-murmur (e2kv6, e2kv5, e2kv4, e2k)
    python3-module-sss-murmur-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    python3-module-sss_nss_idmap (e2kv6, e2kv5, e2kv4, e2k)
    python3-module-sss_nss_idmap-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    python3-module-sssd (e2kv6, e2kv5, e2kv4, e2k)
    python3-module-sssdconfig (noarch)
    sssd (e2kv6, e2kv5, e2kv4, e2k)
    sssd-ad (e2kv6, e2kv5, e2kv4, e2k)
    sssd-ad-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-client (e2kv6, e2kv5, e2kv4, e2k)
    sssd-client-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-dbus (e2kv6, e2kv5, e2kv4, e2k)
    sssd-dbus-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-idp (e2kv6, e2kv5, e2kv4, e2k)
    sssd-idp-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-ipa (e2kv6, e2kv5, e2kv4, e2k)
    sssd-ipa-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-kcm (e2kv6, e2kv5, e2kv4, e2k)
    sssd-kcm-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-krb5 (e2kv6, e2kv5, e2kv4, e2k)
    sssd-krb5-common (e2kv6, e2kv5, e2kv4, e2k)
    sssd-krb5-common-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-krb5-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-ldap (e2kv6, e2kv5, e2kv4, e2k)
    sssd-ldap-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-nfs-idmap (e2kv6, e2kv5, e2kv4, e2k)
    sssd-nfs-idmap-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-pac (e2kv6, e2kv5, e2kv4, e2k)
    sssd-pac-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-passkey (e2kv6, e2kv5, e2kv4, e2k)
    sssd-passkey-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-proxy (e2kv6, e2kv5, e2kv4, e2k)
    sssd-proxy-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-tools (e2kv6, e2kv5, e2kv4, e2k)
    sssd-tools-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    sssd-winbind-idmap (e2kv6, e2kv5, e2kv4, e2k)
    sssd-winbind-idmap-debuginfo (e2kv6, e2kv5, e2kv4, e2k)
    Maintainer: Evgeny Sinelnikov
    List of contributors:
    Evgeny Sinelnikov
    Ivan A. Melnikov
    Sergey V Turchin
    Stanislav Levin
    Andrew A. Vasilyev
    Alexey Shabalin
    Alexey Sheplyakov
    Sergey Bolshakov
    Andrey Cherepanov
      1. /dev/pts
      2. /proc
      3. adcli
      4. bind-utils
      5. cifs-utils-devel
      6. libsystemd-devel
      7. libtalloc-devel
      8. libtdb-devel >= 1.1.3
      9. libtevent-devel
      10. libunistring-devel
      11. libuuid-devel
      12. libxml2-devel
      13. diffstat
      14. docbook-dtds
      15. docbook-style-xsl
      16. doxygen
      17. findutils
      18. libxslt
      19. nscd
      20. nss-utils
      21. nss_wrapper
      22. openssh
      23. openssl
      24. pam_wrapper
      25. po4a
      26. glib2-devel
      27. gnutls-utils
      28. python3-devel
      29. libcares-devel
      30. rpm-build-python3
      31. libcheck-devel
      32. libcmocka-devel >= 1.0.0
      33. libcollection-devel >= 0.5.1
      34. libcurl-devel
      35. libdbus-devel
      36. libdhash-devel >= 0.4.2
      37. libfido2-devel
      38. libgnutls-devel
      39. libhttp-parser-devel
      40. libini_config-devel >= 1.3.0
      41. samba-devel
      42. samba-winbind
      43. libjansson-devel
      44. softhsm
      45. libjose-devel
      46. libkeyutils-devel
      47. uid_wrapper
      48. libkrb5-devel
      49. xml-utils
      50. libldap-devel
      51. libldb-devel >= 1.3.3
      52. libnfsidmap-devel >= 1:2.2.1-alt1
      53. libnl-devel
      54. libnspr-devel
      55. libnss-devel
      56. xsltproc
      57. libp11-kit-devel
      58. libpam-devel
      59. libpcre2-devel
      60. libsasl2-devel
      61. libselinux-devel
      62. libpopt-devel
      63. libsemanage-devel
      64. libsmbclient-devel
      65. libssl-devel

    Last changed

    Jan. 17, 2024 Evgeny Sinelnikov 2.9.4-alt1
    - Update to latest 2.9 major release in long-term maintenance (LTM) phase.
- Fixes from upstream:
  + A crash when PAM passkey processing incorrectly handles non-passkey data.
  + A workaround was implemented to handle gracefully misbehaving applications
    that destroy internal state of SSSD client librarires.
  + An error when rotating KCM's logs was fixed.
  + Group membership handling when members are coming from different forest
    domains and using ldap token groups is prohibited.
  + Files provider was erroneously taking into consideration local_auth_policy
    config option, thus breaking smartcard authentication of local user in
    setups that didn't explicitly specify this option.
    Nov. 20, 2023 Evgeny Sinelnikov 2.9.3-alt1
    - Update to latest 2.9 major release.
  + KCM: provide mechanism to purge expired credentials.
  + Default hardening - id_provider channel defaults unencrypted with starttls.
  + sssd-sudo missing debug statement in its .service file.
  + SSSD goes offline during initgroups of trusted user if a group is
    missing SID.
  + Incorrect handling of reverse IPv6 update results in update failure.
  + sssd-2.9.2 breaks smart card authentication (on el8).
- The proxy provider is now able to handle certificate mapping and matching
  rules and users handled by the proxy provider can be configured for local
  Smartcard authentication.
- Passkey doesn't fail when using FreeIPA server-side authentication and
  require-user-verification=false.
- When adding a new credential to KCM and the user has already reached their
  limit, the oldest expired credential will be removed to free some space.
    Oct. 6, 2023 Evgeny Sinelnikov 2.9.2-alt1
    - Update to latest 2.9 major release.
- sss_simpleifp library removed due it deprecated.
- "Files provider" removed due it deprecated, using "Proxy provider" with
  proxy_lib_name = files instead.
- New passkey functionality, which will allow the use of FIDO2 compliant devices
  to authenticate a centrally managed user locally.
- Default value of cache_first option was changed to true.
- sssctl cert-show and cert-show cert-eval-rule can now be run as non-root user.
- certmap: Handle type change of x400Address (due to CVE-2023-0286).
- New option local_auth_policy is added to control which offline authentication
  methods will be enabled by SSSD.
- SSSD can be configured not to perform a DNS search during DNS name resolution.
  This behavior is governed by the new dns_resolver_use_search_list in the
  domain section. Default value is true (follows the system settings).
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.4.2
    Back to top