On Fri, Mar 3, 2017 at 1:07 PM, Jakub Hrozek <jhro...@redhat.com> wrote: > Hi, > > I prepared the release notes for the upcoming 1.15.1 release. You can > view them in your browser: > https://docs.pagure.org/jhrozek-doctest/users/releases/notes_1_15_1.html > > Or read the inline RST text. Comments welcome! > > SSSD 1.15.1 > =========== > > Highlights > ---------- > * Several issues related to starting the SSSD services on-demand by the > systemd service manager were fixed. In particular, it is no longer > possible to have a service started both by sssd and by systemd. Another > bug which might have caused the responder to start before SSSD started > and cause issues especially on system startup was fixed. > * A new ``files`` provider was added. This provider mirrors the contents > of ``/etc/passwd`` and ``/etc/shadow`` into the SSSD database. The purpose > of this new provider is to make it possible to use SSSD's interfaces, > such as the D-Bus interface for local users and enable leveraging the > in-memory fast cache for local users as well, as a replacement for `nscd`. > In future, we intend to extend the D-Bus interface to also provide setting > and retrieving additional custom attributes for the files users. > * SSSD now autogenerates a fallback configuration that enables the > files domain if no SSSD configuration exists. This allows distributions > to enable the ``sssd`` service when the SSSD package is installed. Please > note that SSSD must be build with the configuration option > ``--enable-files-domain`` for this functionality to be enabled. > * Support for public-key authentication with Kerberos (PKINIT) was > added. This support will enable users who authenticate with a Smart Card > to obtain a Kerberos ticket during authentication. > > Packaging Changes > ----------------- > * The new files provider comes as a new shared library ``libsss_files.so`` > and a new manual page > * A new helper binary called ``sssd_check_socket_activated_responders`` > was added. This binary is used in the ``ExecStartPre`` directive to check > if the service that corresponds to socket about to be started was also > started explicitly and abort the socket startup if it was. > > Documentation Changes > --------------------- > * A new PAM module option ``prompt_always`` was added. This option is > related to fixing `<https://pagure.io/SSSD/sssd/issue/2984>`_ which > changed the behaviour of the PAM module so that ``pam_sss`` always > uses an auth token that was on stack. The new ``prompt_always`` option > makes it possible to restore the previous behaviour. > > Tickets Fixed > ------------- > * `#3112 <https://pagure.io/SSSD/sssd/issue/3112>`_ - When sssd.conf is > missing, create one with id_provider=files > * `#3220 <https://pagure.io/SSSD/sssd/issue/3220>`_ - Improve successful > Dynamic DNS update log messages > * `#3227 <https://pagure.io/SSSD/sssd/issue/3227>`_ - sssd doesn't update > PTR records if A/PTR zones are configured as non-secure and secure > * `#3230 <https://pagure.io/SSSD/sssd/issue/3230>`_ - Use the same logic for > matching GC results in initgroups and user lookups > * `#3260 <https://pagure.io/SSSD/sssd/issue/3260>`_ - handle > default_domain_suffix for ssh requests with default_domain_suffix > * `#3262 <https://pagure.io/SSSD/sssd/issue/3262>`_ - Implement a files > provider to mirror the contents of /etc/passwd and /etc/groups > * `#3270 <https://pagure.io/SSSD/sssd/issue/3270>`_ - [RFE] Add PKINIT > support to SSSD Kerberos proivder > * `#3298 <https://pagure.io/SSSD/sssd/issue/3298>`_ - Socket activation of > SSSD doesn't work and leads to chaos > * `#3299 <https://pagure.io/SSSD/sssd/issue/3299>`_ - SSSD does not start if > using only the local provider and services line is empty > * `#3300 <https://pagure.io/SSSD/sssd/issue/3300>`_ - Avoid running two > instances of the same service > * `#3309 <https://pagure.io/SSSD/sssd/issue/3309>`_ - Coverity warns about > an unused value in IPA sudo code > * `#3313 <https://pagure.io/SSSD/sssd/issue/3313>`_ - cache_req should use > an negative cache entry for UPN based lookups > * `#2984 <https://pagure.io/SSSD/sssd/issue/2984>`_ - Don't prompt for > password if there is already one on the stack > * `#1126 <https://pagure.io/SSSD/sssd/issue/1126>`_ - Reuse cache_req() in > responder code > > Detailed Changelog > ------------------ > _______________________________________________ > sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org > To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Looks good to me! _______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
