Hi,
I prepared the release notes for the upcoming 1.15.1 release. You can
view them in your browser:
https://docs.pagure.org/jhrozek-doctest/users/releases/notes_1_15_1.html
Or read the inline RST text. Comments welcome!
SSSD 1.15.1
===========
Highlights
----------
* Several issues related to starting the SSSD services on-demand by the
systemd service manager were fixed. In particular, it is no longer
possible to have a service started both by sssd and by systemd. Another
bug which might have caused the responder to start before SSSD started
and cause issues especially on system startup was fixed.
* A new ``files`` provider was added. This provider mirrors the contents
of ``/etc/passwd`` and ``/etc/shadow`` into the SSSD database. The purpose
of this new provider is to make it possible to use SSSD's interfaces,
such as the D-Bus interface for local users and enable leveraging the
in-memory fast cache for local users as well, as a replacement for `nscd`.
In future, we intend to extend the D-Bus interface to also provide setting
and retrieving additional custom attributes for the files users.
* SSSD now autogenerates a fallback configuration that enables the
files domain if no SSSD configuration exists. This allows distributions
to enable the ``sssd`` service when the SSSD package is installed. Please
note that SSSD must be build with the configuration option
``--enable-files-domain`` for this functionality to be enabled.
* Support for public-key authentication with Kerberos (PKINIT) was
added. This support will enable users who authenticate with a Smart Card
to obtain a Kerberos ticket during authentication.
Packaging Changes
-----------------
* The new files provider comes as a new shared library ``libsss_files.so``
and a new manual page
* A new helper binary called ``sssd_check_socket_activated_responders``
was added. This binary is used in the ``ExecStartPre`` directive to check
if the service that corresponds to socket about to be started was also
started explicitly and abort the socket startup if it was.
Documentation Changes
---------------------
* A new PAM module option ``prompt_always`` was added. This option is
related to fixing `<https://pagure.io/SSSD/sssd/issue/2984>`_ which
changed the behaviour of the PAM module so that ``pam_sss`` always
uses an auth token that was on stack. The new ``prompt_always`` option
makes it possible to restore the previous behaviour.
Tickets Fixed
-------------
* `#3112 <https://pagure.io/SSSD/sssd/issue/3112>`_ - When sssd.conf is
missing, create one with id_provider=files
* `#3220 <https://pagure.io/SSSD/sssd/issue/3220>`_ - Improve successful
Dynamic DNS update log messages
* `#3227 <https://pagure.io/SSSD/sssd/issue/3227>`_ - sssd doesn't update PTR
records if A/PTR zones are configured as non-secure and secure
* `#3230 <https://pagure.io/SSSD/sssd/issue/3230>`_ - Use the same logic for
matching GC results in initgroups and user lookups
* `#3260 <https://pagure.io/SSSD/sssd/issue/3260>`_ - handle
default_domain_suffix for ssh requests with default_domain_suffix
* `#3262 <https://pagure.io/SSSD/sssd/issue/3262>`_ - Implement a files
provider to mirror the contents of /etc/passwd and /etc/groups
* `#3270 <https://pagure.io/SSSD/sssd/issue/3270>`_ - [RFE] Add PKINIT support
to SSSD Kerberos proivder
* `#3298 <https://pagure.io/SSSD/sssd/issue/3298>`_ - Socket activation of
SSSD doesn't work and leads to chaos
* `#3299 <https://pagure.io/SSSD/sssd/issue/3299>`_ - SSSD does not start if
using only the local provider and services line is empty
* `#3300 <https://pagure.io/SSSD/sssd/issue/3300>`_ - Avoid running two
instances of the same service
* `#3309 <https://pagure.io/SSSD/sssd/issue/3309>`_ - Coverity warns about an
unused value in IPA sudo code
* `#3313 <https://pagure.io/SSSD/sssd/issue/3313>`_ - cache_req should use an
negative cache entry for UPN based lookups
* `#2984 <https://pagure.io/SSSD/sssd/issue/2984>`_ - Don't prompt for
password if there is already one on the stack
* `#1126 <https://pagure.io/SSSD/sssd/issue/1126>`_ - Reuse cache_req() in
responder code
Detailed Changelog
------------------
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
