Package sssd-kcm: Information

    Binary package: sssd-kcm
    Version: 2.9.4-alt2
    Architecture: i586
    Build time:  Mar 15, 2024, 05:06 AM in the task #342749
    Source package: sssd
    Category: System/Servers
    Report package bug
    Gear: https://git.altlinux.org/gears/s/sssd.git?a=tree;hb=ef30bd0fa630…
    Download: sssd-kcm-2.9.4-alt2.i586.rpm
    Build log: https://git.altlinux.org/tasks/342749/build/200/i586/log
    Home page: https://pagure.io/SSSD/sssd
    License: GPLv3+
    Summary: The SSSD Kerberos credentials manager
    Description: 
    An implementation of a Kerberos KCM server is a process that stores, tracks and
manages Kerberos credential caches. It originates in the Heimdal Kerberos
project, although the MIT Kerberos library also provides client side support for
the KCM credential cache.
    Maintainer: Evgeny Sinelnikov
    List of contributors:
    Evgeny Sinelnikov
    Ivan A. Melnikov
    Sergey V Turchin
    Stanislav Levin
    Andrew A. Vasilyev
    Alexey Shabalin
    Alexey Sheplyakov
    Sergey Bolshakov
    Andrey Cherepanov

    Last changed

    March 15, 2024 Evgeny Sinelnikov 2.9.4-alt2
    - Update 2.9 major release with fixes from upstream:
  + Fix the build with Samba 4.20.
  + IFP: don't trigger backtrace in case of ACL check fail.
  + krb5_child: fix order of calloc arguments.
  + pam: fix SC auth with multiple certs and missing login name.
    Jan. 17, 2024 Evgeny Sinelnikov 2.9.4-alt1
    - Update to latest 2.9 major release in long-term maintenance (LTM) phase.
- Fixes from upstream:
  + A crash when PAM passkey processing incorrectly handles non-passkey data.
  + A workaround was implemented to handle gracefully misbehaving applications
    that destroy internal state of SSSD client librarires.
  + An error when rotating KCM's logs was fixed.
  + Group membership handling when members are coming from different forest
    domains and using ldap token groups is prohibited.
  + Files provider was erroneously taking into consideration local_auth_policy
    config option, thus breaking smartcard authentication of local user in
    setups that didn't explicitly specify this option.
    Nov. 20, 2023 Evgeny Sinelnikov 2.9.3-alt1
    - Update to latest 2.9 major release.
  + KCM: provide mechanism to purge expired credentials.
  + Default hardening - id_provider channel defaults unencrypted with starttls.
  + sssd-sudo missing debug statement in its .service file.
  + SSSD goes offline during initgroups of trusted user if a group is
    missing SID.
  + Incorrect handling of reverse IPv6 update results in update failure.
  + sssd-2.9.2 breaks smart card authentication (on el8).
- The proxy provider is now able to handle certificate mapping and matching
  rules and users handled by the proxy provider can be configured for local
  Smartcard authentication.
- Passkey doesn't fail when using FreeIPA server-side authentication and
  require-user-verification=false.
- When adding a new credential to KCM and the user has already reached their
  limit, the oldest expired credential will be removed to free some space.
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Version: v24.5.0
    Back to top