Skip to content

sssd-2.3.0

Compare
Choose a tag to compare
@pbrezina pbrezina released this 19 May 11:21
· 2036 commits to master since this release
sssd-2_3_0

SSSD 2.3.0

Highlights

New features

  • SSSD can now handle hosts and networks nsswitch databases (see resolve_provider option)
  • By default, authentication request only refresh user's initgroups if it is expired or there is not active user's session (see pam_initgroups_scheme option)
  • OpenSSL is used as default crypto provider, NSS is deprecated
  • Active Directory provider now defaults to GSS-SPNEGO SASL mechanism (see ldap_sasl_mech option)
  • Active Directory provider can now be configured to use only ldaps port (see ad_use_ldaps option)
  • SSSD now accepts host entries from GPO's security filter
  • Format of debug messages has changed to be shorter and better sortable
  • New debug level (0x10000) was added for low level ldb messages only (see sssd.conf man page)

Packaging changes

  • New configure option --enable-gss-spnego-for-zero-maxssf

Documentation Changes

  • Default value of ldap_sasl_mech has changed to GSS-SPNEGO for AD provider
  • Return code of pam_sss.so are documented in pam_sss manpage
  • Added option ad_update_samba_machine_account_password
  • Added option ad_use_ldaps
  • Added option ldap_iphost_object_class
  • Added option ldap_iphost_name
  • Added option ldap_iphost_number
  • Added option ldap_ipnetwork_object_class
  • Added option ldap_ipnetwork_name
  • Added option ldap_ipnetwork_number
  • Added option ldap_iphost_search_base
  • Added option ldap_ipnetwork_search_base
  • Added option ldap_connection_expire_offset
  • Added option ldap_sasl_maxssf
  • Added option pam_initgroups_scheme
  • Added option entry_cache_resolver_timeout
  • Added option entry_cache_computer_timeout
  • Added option resolver_provider
  • Added option proxy_resolver_lib_name
  • Minor text improvements

See full release notes here.