Package sssd-kcm: Information
Binary package: sssd-kcm
Version: 2.9.4-alt2
Architecture: i586
Build time: Mar 15, 2024, 05:06 AM in the task #342749
Source package: sssd
Category: System/Servers
Report package bugDownload: sssd-kcm-2.9.4-alt2.i586.rpm
Home page: https://pagure.io/SSSD/sssd
License: GPLv3+
Summary: The SSSD Kerberos credentials manager
Description:
An implementation of a Kerberos KCM server is a process that stores, tracks and manages Kerberos credential caches. It originates in the Heimdal Kerberos project, although the MIT Kerberos library also provides client side support for the KCM credential cache.
Maintainer: Evgeny Sinelnikov
List of contributors:
Evgeny Sinelnikov
Ivan A. Melnikov
Sergey V Turchin
Stanislav Levin
Andrew A. Vasilyev
Alexey Shabalin
Alexey Sheplyakov
Sergey Bolshakov
Andrey Cherepanov
Evgeny Sinelnikov
Ivan A. Melnikov
Sergey V Turchin
Stanislav Levin
Andrew A. Vasilyev
Alexey Shabalin
Alexey Sheplyakov
Sergey Bolshakov
Andrey Cherepanov
Last changed
March 15, 2024 Evgeny Sinelnikov 2.9.4-alt2
- Update 2.9 major release with fixes from upstream: + Fix the build with Samba 4.20. + IFP: don't trigger backtrace in case of ACL check fail. + krb5_child: fix order of calloc arguments. + pam: fix SC auth with multiple certs and missing login name.
Jan. 17, 2024 Evgeny Sinelnikov 2.9.4-alt1
- Update to latest 2.9 major release in long-term maintenance (LTM) phase. - Fixes from upstream: + A crash when PAM passkey processing incorrectly handles non-passkey data. + A workaround was implemented to handle gracefully misbehaving applications that destroy internal state of SSSD client librarires. + An error when rotating KCM's logs was fixed. + Group membership handling when members are coming from different forest domains and using ldap token groups is prohibited. + Files provider was erroneously taking into consideration local_auth_policy config option, thus breaking smartcard authentication of local user in setups that didn't explicitly specify this option.
Nov. 20, 2023 Evgeny Sinelnikov 2.9.3-alt1
- Update to latest 2.9 major release. + KCM: provide mechanism to purge expired credentials. + Default hardening - id_provider channel defaults unencrypted with starttls. + sssd-sudo missing debug statement in its .service file. + SSSD goes offline during initgroups of trusted user if a group is missing SID. + Incorrect handling of reverse IPv6 update results in update failure. + sssd-2.9.2 breaks smart card authentication (on el8). - The proxy provider is now able to handle certificate mapping and matching rules and users handled by the proxy provider can be configured for local Smartcard authentication. - Passkey doesn't fail when using FreeIPA server-side authentication and require-user-verification=false. - When adding a new credential to KCM and the user has already reached their limit, the oldest expired credential will be removed to free some space.