The SSSD team is proud to announce the second beta of our upcoming 1.9.0 release. We have revised our beta plan and will be having five betas instead of three as originally communicated. Originally, the plan was to have our next beta be the final one, at the end of July. We now have the following schedule:
Beta 3 will be released next Friday (Jun 22nd) or the following Monday and contain enhancements necessary to support Kerberos cross-realm trusts with FreeIPA, a server-side piece of which will be released a few days after. Beta 4 will be released on July 10th and include a new AD provider (wrapping the intricacies of setting up AD, configuring LDAP attributes and Kerberos realm into a simpler set of configuration options) Beta 5 will be released on July 31st and will contain a new tool for "seeding" accounts with a temporary password for sending machines to remotees as well as introducing a concept of primary vs. secondary servers. After Beta 5, no new features will be added to SSSD 1.9.0 and we will focus on stability and our backlog of bugfixes until the final release around September 1st. We will most likely issue a series of release candidate builds prior to that, but these have not yet been scheduled. As always, you can download the latest sources at https://fedorahosted.org/sssd/ == Highlights == * Add support for the Kerberos DIR cache for storing multiple TGTs automatically * Major performance enhancement when storing large groups in the cache * Major performance enhancement when performing initgroups() against Active Directory * SSSDConfig data file default locations can now be set during configure for easier packaging == Tickets Fixed == https://fedorahosted.org/sssd/ticket/974 [RFE] Support DIR: credential caches for multiple TGT support https://fedorahosted.org/sssd/ticket/984 RFE: sssd should support Netscape LDAP password expiration controls https://fedorahosted.org/sssd/ticket/1213 Warn to syslog when dereference requests fail https://fedorahosted.org/sssd/ticket/1240 sudo: contact data provider only once https://fedorahosted.org/sssd/ticket/1255 RFE: change the way we deal with fake users https://fedorahosted.org/sssd/ticket/1256 Document the expectations about ghost users showing in the lookups https://fedorahosted.org/sssd/ticket/1330 Potential NULL dereference in sss_krb5_read_etypes_for_keytab https://fedorahosted.org/sssd/ticket/1336 Please only use named parameters in translatable strings https://fedorahosted.org/sssd/ticket/1337 Minor typos in SSSD messages and man pages https://fedorahosted.org/sssd/ticket/1346 in-memory cache causes nss to segfault if it cannot be initialized properly https://fedorahosted.org/sssd/ticket/1367 Optimize AD memberOf lookups with LDAP_MATCHING_RULE_IN_CHAIN == Detailed Changelog == Ariel Barria (3): * Potential NULL dereference in proxy provider * Warn to syslog when dereference requests fail * Clarify how comments work in sssd.conf Jakub Hrozek (20): * NSS: keep a pointer to body after body is reallocated * Use sized_string correctly in FQDN domains * Use the sysdb attribute name, not LDAP attribute name * LDAP nested groups: Do not process callback with _post deep in the nested structure * Send 16bit protocol numbers from the sss_client * Revert the client packet length, too, after reverting the packet protocol * Fix the default sssd.conf path * Fix the 0.11 sysdb upgrade * sss_names_init: Report correct error code if allocation failed * Two small krb5_child fixes * Provide more debugging in krb5_child and ldap_child * Allow redefining the KRB5_CHILD path * Split parse_krb5_child_response so it can be reused * Add a krb5_child test tool * Residual util functions * Handle trailing slash in the ccname template * Add a credential cache back end structure * Add support for storing credential caches in the DIR: back end * Use Kerberos context in KRB5_DEBUG * Make krb5_ccname_template and krb5_ccachedir configurable Jan Cholasta (3): * SSH: Update sss_ssh_knownhostsproxy manual page * SSH: Supress error message output in sss_ssh_knownhostsproxy * SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are missing Jan Zeleny (20): * Fixed two minor memory leaks * Fixed issue in SELinux user maps * Ghost members - add the ghost attribute to sysdb * Ghost members - support in LDAP provider * Ghost members - support in proxy provider * Ghost members - modifications in sysdb * Ghost members - modifications in memberof plugin * Ghost members - sysdb upgrade routine * Ghost members - NSS responder changes * Ghost members - removed sdap_check_aliases() * Ghost members - modified sss_groupshow * Ghost members - various small changes * Add support for filtering atributes * Utilize attribute exclusion in LDAP initgroups * Fixed setting of debug level in test suite * IPA subdomains - ask for information about master domain * Allow fast memcache timeout to be configurable * Fix an issue in ghost users * Provide "service filter" for SELinux context * Fixed debug message in sdap_save_group() Joshua Roys (1): * Simple implementation of Netscape password warning expiration control Nick Guay (1): * added DEBUG messages to krb5_child and ldap_child Stef Walter (1): * Make re_expression and full_name_format per domain options Stephen Gallagher (27): * Bumping version ton 1.8.92 for beta 2 development * RPM: Allow running 'make rpms' on RHEL 5 machines * NSS: Expire in-memory netgroup cache before the nowait timeout * Always use positional arguments in translatable strings * KRB5: Avoid NULL-dereference with empty keytab * Update translation sources * NSS: Fix segfault when mmap cache cannot be initialized * NSS: Restore original protocol for getservbyport * SSSDConfig: Make SSSDConfig a package * SSSDConfig: Make default config and schema file locations configurable * PAM: Better pam_reply message * SYSDB: Reduce noise level of debug messages in lookups * LDAP: Remove redundant check * LDAP: Fix incorrect switch statement in sdap_get_initgr_done() * LDAP: Add helper function to get list of a user's groups from sysdb * LDAP: Make sdap_initgr_common_store() non-static * LDAP: Add ldap_*_use_matching_rule_in_chain options * LDAP: Add support for AD chain matching extension in group lookups * LDAP: Add support for AD chain matching extension in initgroups * LDAP: Auto-detect support for the ldap match rule * LDAP: Fix missing variable in debug message * SSS_CLIENT: Fix uninitialized value error * Fix compilation on older little-endian systems * KRB5: Update DEBUG macros for create_ccache_dir and find_ccdir_parent_data * KRB5: Auto-detect DIR cache support in configure * KRB5: Avoid shadowing dirname * Updating translations for 1.9.0 beta 2 release Sumit Bose (4): * Rename struct dom_sid to struct sss_dom_sid * Fix libsss_hbac library version * sss_idmap: add support for samba struct dom_sid * sss_idmap: fix typo which prevents sub auth larger then 2^31 Yuri Chornoivan (1): * Fix typos in message and man pages.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel
