[SSSD-users][SSSD] Announcing SSSD 2.9.8

Wed, 21 Jan 2026 05:53:52 -0800 

# SSSD 2.9.8

The SSSD team is announcing the release of version 2.9.8 of the
System Security Services Daemon. The tarball can be downloaded from:
     https://github.com/SSSD/sssd/releases/tag/2.9.8

See the full release notes at:
     https://sssd.io/release-notes/sssd-2.9.8.html
While we plan to maintain this branch providing critical bug fixes upstream, we don't commit to regular releases off this branch going forward. We recommend switching to the latest upstream release 2.12.0. 

## Feedback

Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
     https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
     https://lists.fedorahosted.org/mailman/listinfo/sssd-users

# SSSD 2.9.8 Release Notes

## Highlights

### General information
* After startup SSSD already creates a Kerberos configuration snippet typically in /var/lib/sss/pubconf/krb5.include.d/localauth_plugin if the AD or IPA providers are used. This enables SSSD's localauth plugin. Starting with this release the an2ln plugin is disabled in the configuration snippet as well. If this file or its content are included in the Kerberos configuration it will fix CVE-2025-11561. 

### Configuration changes
* An option `ipa_enable_dns_sites`, that never worked due to missing server side implementation, was removed. * The default value of session_provider option was changed to none (i.e. disabled) no matter what id_provider used. Previously session_provider was enabled by default for id_provider = ipa case. The primary tool it was intended to support, “Fleet Commander,” has become obsolete. * The option `ipa_subid_ranges_search_base` was deprecated in favor of `ldap_subid_ranges_search_base`. 


--
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to