Пакет sssd-kcm: Информация
Бинарный пакет: sssd-kcm
Версия: 2.9.4-alt1
Архитектура: e2kv5
Собран: 22 февраля 2024 г. 6:21
Исходный пакет: sssd
Категория: Система/Серверы
Сообщить об ошибке в пакетеДомашняя страница: https://pagure.io/SSSD/sssd
Лицензия: GPLv3+
О пакете: The SSSD Kerberos credentials manager
Описание:
An implementation of a Kerberos KCM server is a process that stores, tracks and manages Kerberos credential caches. It originates in the Heimdal Kerberos project, although the MIT Kerberos library also provides client side support for the KCM credential cache.
Сопровождающий: Evgeny Sinelnikov
Список участников:
Evgeny Sinelnikov
Ivan A. Melnikov
Sergey V Turchin
Stanislav Levin
Andrew A. Vasilyev
Alexey Shabalin
Alexey Sheplyakov
Sergey Bolshakov
Andrey Cherepanov
Evgeny Sinelnikov
Ivan A. Melnikov
Sergey V Turchin
Stanislav Levin
Andrew A. Vasilyev
Alexey Shabalin
Alexey Sheplyakov
Sergey Bolshakov
Andrey Cherepanov
Последнее изменение
17 января 2024 г. Evgeny Sinelnikov 2.9.4-alt1
- Update to latest 2.9 major release in long-term maintenance (LTM) phase. - Fixes from upstream: + A crash when PAM passkey processing incorrectly handles non-passkey data. + A workaround was implemented to handle gracefully misbehaving applications that destroy internal state of SSSD client librarires. + An error when rotating KCM's logs was fixed. + Group membership handling when members are coming from different forest domains and using ldap token groups is prohibited. + Files provider was erroneously taking into consideration local_auth_policy config option, thus breaking smartcard authentication of local user in setups that didn't explicitly specify this option.
20 ноября 2023 г. Evgeny Sinelnikov 2.9.3-alt1
- Update to latest 2.9 major release. + KCM: provide mechanism to purge expired credentials. + Default hardening - id_provider channel defaults unencrypted with starttls. + sssd-sudo missing debug statement in its .service file. + SSSD goes offline during initgroups of trusted user if a group is missing SID. + Incorrect handling of reverse IPv6 update results in update failure. + sssd-2.9.2 breaks smart card authentication (on el8). - The proxy provider is now able to handle certificate mapping and matching rules and users handled by the proxy provider can be configured for local Smartcard authentication. - Passkey doesn't fail when using FreeIPA server-side authentication and require-user-verification=false. - When adding a new credential to KCM and the user has already reached their limit, the oldest expired credential will be removed to free some space.
6 октября 2023 г. Evgeny Sinelnikov 2.9.2-alt1
- Update to latest 2.9 major release. - sss_simpleifp library removed due it deprecated. - "Files provider" removed due it deprecated, using "Proxy provider" with proxy_lib_name = files instead. - New passkey functionality, which will allow the use of FIDO2 compliant devices to authenticate a centrally managed user locally. - Default value of cache_first option was changed to true. - sssctl cert-show and cert-show cert-eval-rule can now be run as non-root user. - certmap: Handle type change of x400Address (due to CVE-2023-0286). - New option local_auth_policy is added to control which offline authentication methods will be enabled by SSSD. - SSSD can be configured not to perform a DNS search during DNS name resolution. This behavior is governed by the new dns_resolver_use_search_list in the domain section. Default value is true (follows the system settings).