Пакет sssd-kcm: Информация

    Бинарный пакет: sssd-kcm
    Версия: 2.9.4-alt1
    Архитектура: e2kv5
    Собран:  22 февраля 2024 г. 6:21
    Исходный пакет: sssd
    Категория: Система/Серверы
    Сообщить об ошибке в пакете
    Домашняя страница: https://pagure.io/SSSD/sssd
    Лицензия: GPLv3+
    О пакете: The SSSD Kerberos credentials manager
    Описание: 
    An implementation of a Kerberos KCM server is a process that stores, tracks and
manages Kerberos credential caches. It originates in the Heimdal Kerberos
project, although the MIT Kerberos library also provides client side support for
the KCM credential cache.
    Сопровождающий: Evgeny Sinelnikov
    Список участников:
    Evgeny Sinelnikov
    Ivan A. Melnikov
    Sergey V Turchin
    Stanislav Levin
    Andrew A. Vasilyev
    Alexey Shabalin
    Alexey Sheplyakov
    Sergey Bolshakov
    Andrey Cherepanov

    Последнее изменение

    17 января 2024 г. Evgeny Sinelnikov 2.9.4-alt1
    - Update to latest 2.9 major release in long-term maintenance (LTM) phase.
- Fixes from upstream:
  + A crash when PAM passkey processing incorrectly handles non-passkey data.
  + A workaround was implemented to handle gracefully misbehaving applications
    that destroy internal state of SSSD client librarires.
  + An error when rotating KCM's logs was fixed.
  + Group membership handling when members are coming from different forest
    domains and using ldap token groups is prohibited.
  + Files provider was erroneously taking into consideration local_auth_policy
    config option, thus breaking smartcard authentication of local user in
    setups that didn't explicitly specify this option.
    20 ноября 2023 г. Evgeny Sinelnikov 2.9.3-alt1
    - Update to latest 2.9 major release.
  + KCM: provide mechanism to purge expired credentials.
  + Default hardening - id_provider channel defaults unencrypted with starttls.
  + sssd-sudo missing debug statement in its .service file.
  + SSSD goes offline during initgroups of trusted user if a group is
    missing SID.
  + Incorrect handling of reverse IPv6 update results in update failure.
  + sssd-2.9.2 breaks smart card authentication (on el8).
- The proxy provider is now able to handle certificate mapping and matching
  rules and users handled by the proxy provider can be configured for local
  Smartcard authentication.
- Passkey doesn't fail when using FreeIPA server-side authentication and
  require-user-verification=false.
- When adding a new credential to KCM and the user has already reached their
  limit, the oldest expired credential will be removed to free some space.
    6 октября 2023 г. Evgeny Sinelnikov 2.9.2-alt1
    - Update to latest 2.9 major release.
- sss_simpleifp library removed due it deprecated.
- "Files provider" removed due it deprecated, using "Proxy provider" with
  proxy_lib_name = files instead.
- New passkey functionality, which will allow the use of FIDO2 compliant devices
  to authenticate a centrally managed user locally.
- Default value of cache_first option was changed to true.
- sssctl cert-show and cert-show cert-eval-rule can now be run as non-root user.
- certmap: Handle type change of x400Address (due to CVE-2023-0286).
- New option local_auth_policy is added to control which offline authentication
  methods will be enabled by SSSD.
- SSSD can be configured not to perform a DNS search during DNS name resolution.
  This behavior is governed by the new dns_resolver_use_search_list in the
  domain section. Default value is true (follows the system settings).
    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
    Версия: v24.4.2
    Наверх