Changelog for
sssd-ad-1.13.3-60.el6.x86_64.rpm :
Tue Feb 27 13:00:00 2018 Fabiano FidĂȘncio
- 1.13.3-60
- Related: rhbz#1442703 - Smart Cards: Certificate in the ID View
- Related: rhbz# 1401546 - Please back-port fast failover from sssd 1.14 on RHEL 7 into sssd 1.13 on RHEL 6
Tue Feb 27 13:00:00 2018 Fabiano FidĂȘncio - 1.13.3-59
- Resolves: rhbz#1326007 - Memory cache corruption when rsync and/or tar to copy owner and group info from LDAP
- Resolves: rhbz#1442703 - Smart Cards: Certificate in the ID View
- Resolves: rhbz#1507435 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-6.10]
- Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results in failed user logins
Thu Dec 14 13:00:00 2017 Fabiano FidĂȘncio - 1.13.3-58
- Resolves: rhbz#1421057 - pam_sss crashes in do_pam_conversation if no conversation
function is provided by the client app
- Resolves: rhbz#1487040 - sssd does not evaluate AD UPN suffixes which results ini
failed user logins
- Resolves: rhbz#1487944 - ABRT crash - /usr/libexec/sssd/sssd_nss
- Resolves: rhbz#1489485 - sssd is not pulling groups in a trusted domain, with the
Global scope
Thu Jul 27 14:00:00 2017 Jakub Hrozek - 1.13.3-57
- Resolves: rhbz#1438360 - The originalMemberOf attribute disappears from
the cache, causing intermittent HBAC issues
Fri Jan 27 13:00:00 2017 Lukas Slebodnik - 1.13.3-56
- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present
- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory
Fri Jan 27 13:00:00 2017 Lukas Slebodnik - 1.13.3-55
- Resolves: rhbz#1415785 - ldap_child does not remove temporary files
when it\'s killed with SIGTERM
Fri Dec 16 13:00:00 2016 Jakub Hrozek - 1.13.3-54
- Apply several more smartcard-related patches.
- Related: rhbz#1300421 - Screen locks and smart card is removed - must
show a message to insert the correct smartcard
Tue Dec 13 13:00:00 2016 Jakub Hrozek - 1.13.3-53
- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP
Fri Dec 9 13:00:00 2016 Jakub Hrozek - 1.13.3-52
- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts
Wed Dec 7 13:00:00 2016 Jakub Hrozek - 1.13.3-51
- Revert the ding-libs requirement
- Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.
Tue Dec 6 13:00:00 2016 Jakub Hrozek - 1.13.3-50
- Related: rhbz#1369921 - Members of nested netgroups configured in IdM
cannot be seen by getent on clients
Thu Dec 1 13:00:00 2016 Jakub Hrozek - 1.13.3-49
- Require the matching version of ding-libs
- Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.
Thu Nov 24 13:00:00 2016 Jakub Hrozek - 1.13.3-48
- Fix a coverity warning
- Related: rhbz#1382395 - sudo: ignore case on case insensitive domains
Thu Nov 24 13:00:00 2016 Jakub Hrozek - 1.13.3-47
- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains
Thu Nov 17 13:00:00 2016 Jakub Hrozek - 1.13.3-46
- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM
cannot be seen by getent on clients
Tue Nov 8 13:00:00 2016 Jakub Hrozek - 1.13.3-45
- Resolves: rhbz#1324428 - [RFE] Discover forest\'s root SID even if
subdomains_provider = none
Tue Nov 8 13:00:00 2016 Jakub Hrozek - 1.13.3-44
- Resolves: rhbz#1367802 - using overides causes segfault in libldb
Thu Nov 3 13:00:00 2016 Jakub Hrozek - 1.13.3-43
- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins
Mon Oct 24 14:00:00 2016 Jakub Hrozek - 1.13.3-42
- Resolves: rhbz#1382603 - autofs map resolution doesn\'t work offline
Mon Oct 24 14:00:00 2016 Jakub Hrozek - 1.13.3-41
- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention
Mon Oct 24 14:00:00 2016 Jakub Hrozek - 1.13.3-40
- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute
Mon Oct 10 14:00:00 2016 Jakub Hrozek - 1.13.3-39
- Resolves: rhbz#1299994 - ssh client checks only the first certificate
on a smartcard when the card has multiple certs
- Resolves: rhbz#1300421 - Screen locks and smart card is removed - must
show a message to insert the correct smartcard
- Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates
Mon Oct 10 14:00:00 2016 Jakub Hrozek - 1.13.3-38
- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6
- Resolves: rhbz#1329647 - IPA view: view name not stored properly with
default FreeIPA installation
Mon Oct 10 14:00:00 2016 Jakub Hrozek - 1.13.3-37
- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention
Wed Oct 5 14:00:00 2016 Jakub Hrozek - 1.13.3-36
- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users
and mixed case names
Thu Sep 29 14:00:00 2016 Jakub Hrozek - 1.13.3-35
- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD
Tue Sep 27 14:00:00 2016 Jakub Hrozek - 1.13.3-34
- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.
Tue Sep 27 14:00:00 2016 Jakub Hrozek - 1.13.3-33
- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a
subdomain, not the root domain.
Thu Sep 22 14:00:00 2016 Jakub Hrozek - 1.13.3-32
- Resolves: rhbz#1365218 - SSSD does not fail over to next GC
Thu Sep 22 14:00:00 2016 Jakub Hrozek - 1.13.3-31
- Resolves: rhbz#1367435 - Intermittent sssd auth failures
Mon Sep 19 14:00:00 2016 Jakub Hrozek - 1.13.3-30
- Resolves: rhbz#1369079 - sssd runs out of available child slots and
starts queuing requests in proxy mode
Mon Sep 19 14:00:00 2016 Jakub Hrozek - 1.13.3-29
- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to
sssd-1.13.3-22.el6.x86_64 when upgrading cache
Mon Sep 19 14:00:00 2016 Jakub Hrozek - 1.13.3-28
- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.
Mon Sep 19 14:00:00 2016 Jakub Hrozek - 1.13.3-27
- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD
Tue Jun 21 14:00:00 2016 Jakub Hrozek - 1.13.3-26
- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap
Thu Jun 9 14:00:00 2016 Jakub Hrozek - 1.13.3-25
- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor
Thu Jun 2 14:00:00 2016 Jakub Hrozek - 1.13.3-24
- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted
to AD user even if the user is disabled on AD.
Thu Jun 2 14:00:00 2016 Jakub Hrozek - 1.13.3-23
- Resolves: rhbz#1336453 - sssd_be doesn\'t terminate forked child process
if adcli is not installed
Thu Mar 17 13:00:00 2016 Jakub Hrozek - 1.13.3-22
- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo
Wed Mar 16 13:00:00 2016 Jakub Hrozek - 1.13.3-21
- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple
password prompts (e.g. Password + Token) with sudo
Wed Mar 16 13:00:00 2016 Jakub Hrozek - 1.13.3-20
- Actually apply patches from previous build
- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider
Mon Mar 14 13:00:00 2016 Jakub Hrozek - 1.13.3-19
- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider
Fri Mar 11 13:00:00 2016 Jakub Hrozek - 1.13.3-18
- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe
with 1.11.6
Tue Mar 1 13:00:00 2016 Jakub Hrozek - 1.13.3-17
- Backport of a more minimal dependency patch to avoid changes to AD
provider behaviour
- Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD
account lockout
Tue Mar 1 13:00:00 2016 Jakub Hrozek - 1.13.3-16
- Resolves: rhbz#1308939 - After removing certificate from user in IPA
and even after sss_cache, FindByCertificate
still finds the user
Tue Feb 16 13:00:00 2016 Jakub Hrozek - 1.13.3-15
- Require a newer selinux-policy to avoid issues when prompting for SC PIN
- Related: rhbz#1299066 - smartcard login does not prompt for pin when
ocsp checking is enabled (default config)
Wed Feb 10 13:00:00 2016 Jakub Hrozek - 1.13.3-14
- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD
account lockout
Thu Feb 4 13:00:00 2016 Jakub Hrozek - 1.13.3-14
- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on
sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when
trying to retrieve non-existing netgroups
Thu Feb 4 13:00:00 2016 Jakub Hrozek - 1.13.3-13
- Update sssd-ldap man page for the recent ID mapping changes
- Related: rhbz#1268902 - SSSD doesn\'t set the ID mapping range automatically
Wed Jan 27 13:00:00 2016 Jakub Hrozek - 1.13.3-12
- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache
from working
Thu Jan 21 13:00:00 2016 Jakub Hrozek - 1.13.3-11
- Resolves: rhbz#1268902 - SSSD doesn\'t set the ID mapping range automatically
Thu Jan 21 13:00:00 2016 Jakub Hrozek - 1.13.3-10
- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password
and not smartcard pin when logged in using smartcard
pin
Wed Jan 20 13:00:00 2016 Jakub Hrozek - 1.13.3-9
- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record
Tue Jan 19 13:00:00 2016 Jakub Hrozek - 1.13.3-8
- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output
error
Tue Jan 19 13:00:00 2016 Jakub Hrozek - 1.13.3-7
- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos
Host Keytabs
Tue Jan 19 13:00:00 2016 Jakub Hrozek - 1.13.3-6
- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema
Mon Jan 18 13:00:00 2016 Jakub Hrozek - 1.13.3-5
- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12
to 1.13
Mon Jan 18 13:00:00 2016 Jakub Hrozek - 1.13.3-4
- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn\'t work
Tue Jan 12 13:00:00 2016 Jakub Hrozek - 1.13.3-3
- Resolves: rhbz#1273802 - ad_site parameter does not work
Tue Jan 12 13:00:00 2016 Jakub Hrozek - 1.13.3-2
- Fix memory leak in the NFS plugin
- Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8
- Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in
SSSD cache if user has no secondary groups anymore
- Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service
discovery
Tue Dec 15 13:00:00 2015 Jakub Hrozek - 1.13.3-1
- Rebase to 1.13.3
- Remove setuid bit from proxy_child, RHEL-6 doesn\'t support running
SSSD as a non-privileged user
- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8
Thu Dec 10 13:00:00 2015 Jakub Hrozek - 1.13.2-7
- Don\'t own files as the SSSD user
- Resolves: rhbz#1289482 - warning: user sssd does not exist - using root
Mon Nov 30 13:00:00 2015 Jakub Hrozek - 1.13.2-6
- Resolves: rhbz#1279971 - groups get deleted from the cache
Fri Nov 27 13:00:00 2015 Jakub Hrozek - 1.13.2-5
- The p11_child doesn\'t have to run privileged anymore, remove the
setuid bit
- Related: rhbz#1270027 - [RFE] Support for smart cards
Thu Nov 26 13:00:00 2015 Jakub Hrozek - 1.13.2-4
- Resolves: rhbz#1266108 - Check next certificate on smart card if first
is not valid
- Also enable OCSP checks
Thu Nov 26 13:00:00 2015 Jakub Hrozek - 1.13.2-3
- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17
(File exists)
Thu Nov 26 13:00:00 2015 Jakub Hrozek - 1.13.2-2
- Silence compilation warnings and Coverity issues
- Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8
Thu Nov 19 13:00:00 2015 Jakub Hrozek - 1.13.2-1
- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8
- Squash in packaging review changes by lslebodnAATTredhat.com
Thu Oct 29 13:00:00 2015 Jakub Hrozek - 1.13.1-1
- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8
- The rebase also resolves the following bugzillas:
- Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC
identity certificates
- Resolves: rhbz#1270027 - [RFE] Support for smart cards
- Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients
- Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups
- Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is
not taken into account.
- Resolves: rhbz#1254193 - Fix for cyclic dependencies between
sssd-{krb5,}-common
- Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected
- Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD
- Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do
not queue requests
- Resolves: rhbz#1227804 - Group members are not turned into ghost entries
when the user is purged from the SSSD cache
- Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log
- Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers
- Resolves: rhbz#1215195 - Override for IPA users with login does not list
user all groups
- Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not
the alpha group name representation
- Resolves: rhbz#1194039 - [RFE] User\'s home directories are not
taken from AD when there is an IPA trust with AD
Mon Oct 5 14:00:00 2015 Jakub Hrozek - 1.12.4-51
- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.
Mon Oct 5 14:00:00 2015 Jakub Hrozek - 1.12.4-50
- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict
Mon Oct 5 14:00:00 2015 Jakub Hrozek - 1.12.4-49
- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups
Mon Aug 31 14:00:00 2015 Jakub Hrozek - 1.12.4-48
- Resolves: rhbz#1251349 - sysdb sudo search doesn\'t escape special
characters
Mon Jun 22 14:00:00 2015 Jakub Hrozek - 1.12.4-47
- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from
ldap server
Mon Jun 8 14:00:00 2015 Jakub Hrozek - 1.12.4-46
- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task
- Resolves: rhbz#1227863 - ignore_group_members doesn\'t work for subdomains
Wed Jun 3 14:00:00 2015 Jakub Hrozek - 1.12.4-45
- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn\'t
return all groups on first attempt
Tue Jun 2 14:00:00 2015 Jakub Hrozek - 1.12.4-44
- Resolves: rhbz#1225614 - IPA enumeration provider crashes
Sun May 31 14:00:00 2015 Jakub Hrozek - 1.12.4-43
- Resolves: rhbz#1212610 - sssd ad groups work intermittently
Mon May 25 14:00:00 2015 Jakub Hrozek - 1.12.4-42
- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of
secondary groups
Mon May 25 14:00:00 2015 Jakub Hrozek - 1.12.4-41
- Resolves: rhbz#1221358 - SSSD doesn\'t work with ID mapping and disabled
subdomains
Fri May 15 14:00:00 2015 Jakub Hrozek - 1.12.4-40
- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD
users when using sssd-1.12.2-58.el7_1.6.x86_64
client in combination with
ipa-server-3.0.0-42.el6.x86_64 with AD Trust
Fri May 15 14:00:00 2015 Jakub Hrozek - 1.12.4-39
- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and
gets avc denial when ssh
Wed May 6 14:00:00 2015 Jakub Hrozek - 1.12.4-38
- Include several upstream fixes related to ID views
- Resolves: rhbz#1215195 - Override for IPA users with login does not list
user all groups
- Resolves: rhbz#1213947 - Group resolution is inconsistent with group
overrides
- Resolves: rhbz#1213822 - Overrides with --login work in second attempt
Thu Apr 30 14:00:00 2015 Jakub Hrozek - 1.12.4-37
- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix
and use_fully_qualified_names set
Thu Apr 30 14:00:00 2015 Jakub Hrozek - 1.12.4-36
- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad
src/providers/ad/ad_gpo.c:843
Wed Apr 29 14:00:00 2015 Jakub Hrozek - 1.12.4-35
- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers
group membership resolution
Tue Apr 28 14:00:00 2015 Jakub Hrozek - 1.12.4-34
- Resolves: rhbz#1170910 - SSSD should not fail authentication when only
allow rules are used
Mon Apr 27 14:00:00 2015 Jakub Hrozek - 1.12.4-33
- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name
does not work
- Resolves: rhbz#1213822 - Overrides with --login work in second attempt
Thu Apr 23 14:00:00 2015 Jakub Hrozek - 1.12.4-32
- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users
and filter_groups
Wed Apr 15 14:00:00 2015 Jakub Hrozek - 1.12.4-31
- Resolves: rhbz#1203642 - GPO access control looks for computer object
in user\'s domain only
Wed Apr 15 14:00:00 2015 Jakub Hrozek - 1.12.4-30
- Related: rhbz#1211728 - Only set the selinux context if the context
differs from the local one
Tue Apr 14 14:00:00 2015 Jakub Hrozek - 1.12.4-29
- Package the localauth plugin
- Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12
Tue Apr 14 14:00:00 2015 Jakub Hrozek - 1.12.4-28
- Resolves: rhbz#1207720 - id lookup resolves \"Domain Local\" group and
errors appear in domain log
Tue Apr 14 14:00:00 2015 Jakub Hrozek - 1.12.4-27
- BuildRequire the proper libkrb5 version for correct localauth plugin build
- Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12
Tue Apr 14 14:00:00 2015 Jakub Hrozek - 1.12.4-26
- Resolves: rhbz#1194367 - sssd_be dumping core
Fri Mar 27 13:00:00 2015 Jakub Hrozek - 1.12.4-25
- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in
manpage that unsupported time specification will
lead to sssd denying access
Fri Mar 27 13:00:00 2015 Jakub Hrozek - 1.12.4-24
- Resolves: rhbz#1205382 - Properly handle AD\'s binary objectGUID
Thu Mar 26 13:00:00 2015 Jakub Hrozek - 1.12.4-23
- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might
install with wrong user account (root)
Thu Mar 26 13:00:00 2015 Jakub Hrozek - 1.12.4-22
- Fix a typo in DEBUG message
- Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when
account naturally expires
Thu Mar 26 13:00:00 2015 Jakub Hrozek - 1.12.4-21
- Handle TTL=0 in SRV queries correctly
- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a
SRV query
Thu Mar 26 13:00:00 2015 Jakub Hrozek - 1.12.4-20
- Cherry-pick unit test changes from upstream to allow cherry-picking
sssd-1-12 patches
- Remove unused LDAP provider code to avoid static analyser warnings
- Related: rhbz#1168347 - Rebase sssd to 1.12.x
Thu Mar 26 13:00:00 2015 Jakub Hrozek - 1.12.4-19
- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code
Fri Mar 20 13:00:00 2015 Jakub Hrozek - 1.12.4-18
- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad
requires samba4
Fri Mar 20 13:00:00 2015 Jakub Hrozek - 1.12.4-17
- Resolves: rhbz#1203630 - SSSD doesn\'t own the GPO cache directory
Fri Mar 20 13:00:00 2015 Jakub Hrozek - 1.12.4-16
- Fix warning in SELinux code
- Handle setups with empty default and no SELinux maps
- Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security
context on client is staff_u
- Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD
trusted domain) client at
src/providers/ipa/ipa_s2n_exop.c:1605
- Resolves: rhbz#1201847 - SSSD downloads too much information when fetching
information about groups
Fri Mar 13 13:00:00 2015 Jakub Hrozek - 1.12.4-15
- Fix PAM responder initgroups cache for subdomain users
- Log extop failures better
- Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync
solution to the trust solution
Fri Mar 13 13:00:00 2015 Jakub Hrozek - 1.12.4-14
- Fix internal error codes broken when fixing rhbz#1036745
- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration
warning even if alternate authentication method
is used
Fri Mar 13 13:00:00 2015 Jakub Hrozek - 1.12.4-13
- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by
UPN and doesn\'t find anything
Fri Mar 13 13:00:00 2015 Jakub Hrozek - 1.12.4-12
- Fix Coverity warning in ldap_child
- Add better debugging
- Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error
Sun Mar 8 13:00:00 2015 Jakub Hrozek - 1.12.4-11
- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users,
groups or other cache objects
Fri Mar 6 13:00:00 2015 Jakub Hrozek - 1.12.4-10
- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when
account naturally expires
Fri Mar 6 13:00:00 2015 Jakub Hrozek - 1.12.4-9
- Initialize a pointer in ldap_child to NULL
- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error
Fri Mar 6 13:00:00 2015 Jakub Hrozek - 1.12.4-8
- Relax the ldb requirement
- Related: rhbz#1168347 - Rebase sssd to 1.12.x
Wed Mar 4 13:00:00 2015 Jakub Hrozek - 1.12.4-7
- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security
context on client is staff_u
Wed Mar 4 13:00:00 2015 Jakub Hrozek - 1.12.4-6
- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error
Wed Mar 4 13:00:00 2015 Jakub Hrozek - 1.12.4-5
- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a
SRV query
Tue Mar 3 13:00:00 2015 Jakub Hrozek - 1.12.4-4
- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a
SRV query
- Rebuild against latest krb5, add a versioned BuildRequires
- Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12
Tue Mar 3 13:00:00 2015 Jakub Hrozek - 1.12.4-3
- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration
warning even if alternate authentication method
is used
Wed Feb 18 13:00:00 2015 Jakub Hrozek - 1.12.4-2
- Do not mark the selinux_child helper as setuid, we don\'t support rootless
SSSD in 6.7
- Related: rhbz#1168347 - Rebase sssd to 1.12.x
Wed Feb 18 13:00:00 2015 Jakub Hrozek - 1.12.4-1
- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x
- The rebase resolves the following RHEL bugzillas
- Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about
domains parameter
- Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not
be fatal (backport fix from upstream)
- Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user
uid field
- Resolves: rhbz#1170910 - SSSD should not fail authentication when only
allow rules are used
- Resolves: rhbz#1168377 - [RFE] User\'s home directories and shells are
not taken from AD when there is an IPA trust with AD
- Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss
- Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync
solution to the trust solution
- Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option:
kerberos discovery is not using this option
- Resolves: rhbz#1148582 - inconsistent group information when multiple
ad domain sections are configured in sssd
- Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider
ad support
- Resolves: rhbz#1139878 - SSSD connection terminated after failing
anonymous bind to IBM Tivoli Directory Server
- Resolves: rhbz#1135838 - Man sssd-ldap shows parameter
ldap_purge_cache_timeout with \"Default: 10800
(12 hours)\"
- Resolves: rhbz#1135432 - Dereference code errors out when dereferencing
entries protected by ACIs
- Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012
R2\'s LDAP as AD
- Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header
- Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple
attributes
Tue Nov 18 13:00:00 2014 Jakub Hrozek - 1.11.6-33
- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn\'t return all group
memberships against an IPA server
Tue Nov 18 13:00:00 2014 Jakub Hrozek - 1.11.6-32
- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner
cases
Thu Sep 25 14:00:00 2014 Jakub Hrozek - 1.11.6-31
- Resolves: rhbz#1141814 - Password expiration policies are not being
enforced by SSSD
Mon Sep 15 14:00:00 2014 Jakub Hrozek - 1.11.6-30
- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found
Thu Sep 4 14:00:00 2014 Jakub Hrozek - 1.11.6-29
- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group
membership when encountering a non-POSIX group
Tue Aug 26 14:00:00 2014 Jakub Hrozek - 1.11.6-28
- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from
other AD domains
Tue Aug 26 14:00:00 2014 Jakub Hrozek - 1.11.6-27
- Resolves: rhbz#1127270 - sssd connect to ipa-server is long
Tue Aug 26 14:00:00 2014 Jakub Hrozek - 1.11.6-26
- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD,
POSIX attributes are used and primary group contains
the user as a member
Mon Aug 25 14:00:00 2014 Jakub Hrozek - 1.11.6-25
- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0)
is not prompted for password change
Fri Aug 22 14:00:00 2014 Jakub Hrozek - 1.11.6-24
- Resolves: rhbz#1132361 - use-after-free in dyndns code
Tue Aug 19 14:00:00 2014 Jakub Hrozek - 1.11.6-23
- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap
account lock to restrict access via ssh key
Tue Aug 19 14:00:00 2014 Jakub Hrozek - 1.11.6-22
- Use the correct sudo iterator
- Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk
Tue Aug 19 14:00:00 2014 Jakub Hrozek - 1.11.6-21
- Add notes about offline mode to sssd.conf
- Related: rhbz#1110226 - Requests queued during transition from offline
to online mode
Thu Aug 14 14:00:00 2014 Jakub Hrozek - 1.11.6-20
- Resolves: rhbz#1127278 - Auth fails when space in username is
replaced with character set by
override_default_whitespace
Thu Aug 14 14:00:00 2014 Jakub Hrozek - 1.11.6-19
- Resolves: rhbz#1127757 - sssd can\'t retrieve sudo rules when using the
\"default_domain_suffix\" option
Thu Aug 14 14:00:00 2014 Jakub Hrozek - 1.11.6-18
- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base
Thu Aug 14 14:00:00 2014 Jakub Hrozek - 1.11.6-17
- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade
Thu Aug 14 14:00:00 2014 Jakub Hrozek - 1.11.6-16
- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken
Thu Aug 14 14:00:00 2014 Jakub Hrozek - 1.11.6-15
- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk
Thu Jul 31 14:00:00 2014 Jakub Hrozek - 1.11.6-14
- Resolves: rhbz#1110226 - Requests queued during transition from offline
to online mode
Thu Jul 31 14:00:00 2014 Jakub Hrozek - 1.11.6-13
- Resolves: rhbz#1122873 - Failover does not always happen from SRV
to hostname resolution(via /etc/hosts)
- Remove spurious systemctl call on %postun
Mon Jul 28 14:00:00 2014 Jakub Hrozek - 1.11.6-12
- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with
specified character in LDAP group
Fri Jul 25 14:00:00 2014 Jakub Hrozek - 1.11.6-11
- Resolves: rhbz#1109188 - dereferencing control failure against openldap
server
Thu Jul 24 14:00:00 2014 Jakub Hrozek - 1.11.6-10
- Resolves: rhbz#1084532 - sssd_sudo process segfaults
Thu Jul 24 14:00:00 2014 Jakub Hrozek - 1.11.6-9
- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping
is off and tokengroups are enabled
Thu Jul 24 14:00:00 2014 Jakub Hrozek - 1.11.6-8
- Resolves: rhbz#1118541 - Floating point exception using ldap
Thu Jul 24 14:00:00 2014 Jakub Hrozek - 1.11.6-7
- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser
is not defined and no ldap_sudorule_runasuser mapping
has been defined in SSSD
Thu Jul 24 14:00:00 2014 Jakub Hrozek - 1.11.6-6
- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap
Thu Jul 24 14:00:00 2014 Jakub Hrozek - 1.11.6-5
- Fix potential NULL dereference in IFP code
- Related: rhbz#1110369 - sssd is started before messagebus, making
sssd-ifp fail
Wed Jul 16 14:00:00 2014 Jakub Hrozek - 1.11.6-4
- BuildRequire the latest libini_config
- Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6
Mon Jul 14 14:00:00 2014 Jakub Hrozek - 1.11.6-3
- Resolves: rhbz#1110369 - sssd is started before messagebus, making
sssd-ifp fail
Tue Jun 3 14:00:00 2014 Jakub Hrozek - 1.11.6-2
- Resolves: rhbz#1104145 - public key validator is too strict and does not
allow newlines anywhere in the public key string,
not even at the end
Tue Jun 3 14:00:00 2014 Jakub Hrozek - 1.11.6-1
- Rebase to 1.11.6
- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6
Thu May 29 14:00:00 2014 Jakub Hrozek - 1.11.5.1-4
- Rebuild against new ding-libs
- Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6
Wed May 14 14:00:00 2014 Jakub Hrozek - 1.11.5.1-3
- Backport the InfoPipe patches needed for Sat6 integration
- Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6
Mon May 12 14:00:00 2014 Jakub Hrozek - 1.11.5.1-2
- Resolves: #1085412 - SSSD Crashes when storage experiences high latency
Wed Apr 16 14:00:00 2014 Jakub Hrozek - 1.11.5.1-1
- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6
Mon Feb 24 13:00:00 2014 Jakub Hrozek - 1.9.2-134
Resolves: #1036168 - sssd can\'t retrieve auto.master when using the
\"default_domain_suffix\"
Mon Feb 24 13:00:00 2014 Jakub Hrozek - 1.9.2-133
- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces
Thu Dec 19 13:00:00 2013 Jakub Hrozek - 1.9.2-132
- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups
are requested
Tue Nov 19 13:00:00 2013 Jakub Hrozek - 1.9.2-131
- Allow combination of proxy id backend and LDAP auth backend
- Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using
id_provider = proxy
Tue Nov 19 13:00:00 2013 Jakub Hrozek - 1.9.2-130
- Inherit UID limits for subdomains
- Resolves: #1020905 - Creating system accounts on a IdM client takes up
to 10 minutes when AD trust is configured in the IdM.
Tue Oct 22 14:00:00 2013 Jakub Hrozek - 1.9.2-129
- Do not crash when LDAP disconnects while a search is still in progress
- Resolves: #1019979 - sssd_be segfault when authenticating against active
directory
Thu Sep 26 14:00:00 2013 Jakub Hrozek - 1.9.2-128
- More upstream fixes to prevent memcache crashes
- Related: #997406 - sssd_nss core dumps under load
Thu Sep 12 14:00:00 2013 Jakub Hrozek - 1.9.2-127
- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out
Tue Sep 3 14:00:00 2013 Jakub Hrozek - 1.9.2-126
- Make IPA SELinux provider aware of subdomain users
- A better version of already committed patch
- Resolves: #954342 - In IPA AD trust setup, the sssd logs throws
\'sysdb_search_user_by_name failed\' error when
AD user tries to login via ipa client.
Fri Aug 30 14:00:00 2013 Jakub Hrozek - 1.9.2-125
- Resolves: #997406 - sssd_nss core dumps under load
- Resolves: #984814 - sssd_nss terminated with segmentation fault
Fri Aug 30 14:00:00 2013 Jakub Hrozek - 1.9.2-124
- Resolves: #1002161 - large number of sudo rules results in error -
Unable to create response: Invalid argument
Mon Aug 19 14:00:00 2013 Jakub Hrozek - 1.9.2-123
- Silence restorecon on clean install
- Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for
/var/lib/sss/mc context
Sun Aug 11 14:00:00 2013 Jakub Hrozek - 1.9.2-122
- Make IPA SELinux provider aware of subdomain users
- Resolves: #954342 - In IPA AD trust setup, the sssd logs throws
\'sysdb_search_user_by_name failed\' error when
AD user tries to login via ipa client.
Sun Aug 11 14:00:00 2013 Jakub Hrozek - 1.9.2-121
- Print password complexity hint when password change fails with
constraint violation
- Related: #983028 - passwd returns \"Authentication token manipulation
error\" when entering wrong current password
Sun Aug 11 14:00:00 2013 Jakub Hrozek - 1.9.2-120
- Resolves: #983028 - passwd returns \"Authentication token manipulation
error\" when entering wrong current password
Sun Aug 11 14:00:00 2013 Jakub Hrozek - 1.9.2-119
- Resolves: #948830 - sssd do too many disk writes causing delay in
\"getent netgroup allmachines-netgroup\" nested netgroups.
Sun Aug 11 14:00:00 2013 Jakub Hrozek - 1.9.2-118
- Resolves: #984814 - sssd_nss terminated with segmentation fault
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-117
- Resolves: #966757 - SSSD failover doesn\'t work if the first DNS server
in resolv.conf is unavailable
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-116
- Resolves: #963235 - sssd_be crashing with nested ldap groups
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-115
- Apply a forgotten dependency for patch #254
- Related: #916997 - getgrnam / getgrgid for large user groups
is too slow due to range retrieval functionality
- Add two fixes for better handling of faulty SRV processing
- Related: #954275 - sssd fails connect to IPA server during boot when
spanning tree is enabled in network router.
- Remove enumerate=true from example in man page
- Related: #988381 - clarify the disadvantages of enumeration in sssd.conf
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-114
- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp
file for SELinux data failed
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-113
- Resolves: #916997 - getgrnam / getgrgid for large user groups
is too slow due to range retrieval functionality
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-112
- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors
when clearing cache
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-111
- Resolves: #924113 - man sssd-sudo has wrong title
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-110
- Resolves: #924397 - document what does access_provider=ad do
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-109
- Use permissive control when adding ghost users
- Resolves: #928797 - cyclic group memberships may not work depending on
order of operations
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-108
- Set correct state of SRV servers on resolving error
- Resolves: #954275 - sssd fails connect to IPA server during boot when
spanning tree is enabled in network router.
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-107
- Resolves: #954323 - SSSD doesn\'t display warning for last grace login.
Fri Aug 9 14:00:00 2013 Jakub Hrozek - 1.9.2-106
- Format patch to configure sysv script differently
- RHEL-6 patch(1) apparently doesn\'t like the output of git format-patch
-M -C and doesn\'t properly copy files on renames
- Resolves: #971435 - Enhance sssd init script so that it would source a
configuration.
Thu Aug 8 14:00:00 2013 Jakub Hrozek - 1.9.2-105
- Resolves: #973345 - SSSD service randomly dies
Thu Aug 8 14:00:00 2013 Jakub Hrozek - 1.9.2-104
- Resolves: #971435 - Enhance sssd init script so that it would source
a configuration
Thu Aug 8 14:00:00 2013 Jakub Hrozek - 1.9.2-103
- Resolves: #961356 - SUDO is not working for users from trusted AD domain
Thu Aug 8 14:00:00 2013 Jakub Hrozek - 1.9.2-102
- Resolves: #970519 - [RFE] Add support for suppressing group members
Thu Aug 8 14:00:00 2013 Jakub Hrozek - 1.9.2-101
- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the
\"original value\"
Thu Aug 8 14:00:00 2013 Jakub Hrozek - 1.9.2-100
- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes
Thu Aug 8 14:00:00 2013 Jakub Hrozek - 1.9.2-99
- Clarify the min_id/max_id limits further
- Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero
Thu Aug 8 14:00:00 2013 Jakub Hrozek - 1.9.2-98
- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login
delays when client is under load
Thu Aug 8 14:00:00 2013 Jakub Hrozek - 1.9.2-97
- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table
in sssd_nss
Thu Aug 8 14:00:00 2013 Jakub Hrozek - 1.9.2-96
- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap
filter returns entries with multiple CNs
Thu Jul 25 14:00:00 2013 Jakub Hrozek - 1.9.2-95
- Mention that enumeration should be discouraged
- Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf
Thu Jul 25 14:00:00 2013 Jakub Hrozek - 1.9.2-94
- Call restorecon on memcache files to force the right context on upgrades
- Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for
/var/lib/sss/mc context
Wed Jul 24 14:00:00 2013 Jakub Hrozek - 1.9.2-93
- Resolves: #987479 - libsss_sudo should depend on sudo package with
sssd support
Fri Jul 19 14:00:00 2013 Jakub Hrozek - 1.9.2-92
- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck
Thu May 30 14:00:00 2013 Jakub Hrozek - 1.9.2-91
- Resolves: #967636 - SSSD frequently fails to return automount maps
from LDAP
Wed May 1 14:00:00 2013 Jakub Hrozek - 1.9.2-90
- Resolves: #953165 - Enabling enumeration causes sssd_be process to
utilize 100% of the CPU
Tue Apr 23 14:00:00 2013 Jakub Hrozek - 1.9.2-89
- Resolves: #906398 - sssd_be crashes sometimes
Mon Apr 15 14:00:00 2013 Jakub Hrozek - 1.9.2-88
- Resolves: #950874: Simple access control always denies uppercased users
in case insensitive domain
Wed Mar 20 13:00:00 2013 Jakub Hrozek - 1.9.2-87
- Resolves: #921454: Resolve local group members in LDAP groups
Tue Mar 5 13:00:00 2013 Jakub Hrozek - 1.9.2-86
- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended
ACL use when client to an AD provider
Fri Mar 1 13:00:00 2013 Jakub Hrozek - 1.9.2-85
- Fix pwd_expiration_warning=0
- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for
Kerberos
Fri Feb 22 13:00:00 2013 Jakub Hrozek - 1.9.2-84
- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for
Kerberos
Wed Jan 30 13:00:00 2013 Jakub Hrozek - 1.9.2-83
- Resolves: rhbz#872827 - Serious performance regression in sssd
Wed Jan 23 13:00:00 2013 Jakub Hrozek - 1.9.2-82
- Resolves: rhbz#888614 - Failure in memberof can lead to failed
database update
Wed Jan 23 13:00:00 2013 Jakub Hrozek - 1.9.2-81
- Resolves: rhbz#903078 - TOCTOU race conditions by copying
and removing directory trees
Wed Jan 23 13:00:00 2013 Jakub Hrozek - 1.9.2-80
- Resolves: rhbz#903078 - Out-of-bounds read flaws in
autofs and ssh services responders
Tue Jan 22 13:00:00 2013 Jakub Hrozek - 1.9.2-79
- Resolves: rhbz#902716 - Rule mismatch isn\'t noticed before smart refresh
on ppc64 and s390x
Tue Jan 22 13:00:00 2013 Jakub Hrozek - 1.9.2-78
- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning
value is higher than passwordWarning LDAP attribute.
Tue Jan 22 13:00:00 2013 Jakub Hrozek - 1.9.2-77
- Resolves: rhbz#902436 - possible segfault when backend callback is removed
Mon Jan 21 13:00:00 2013 Jakub Hrozek - 1.9.2-76
- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not
reflected in memory cache
Wed Jan 16 13:00:00 2013 Jakub Hrozek - 1.9.2-75
- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps
Wed Jan 16 13:00:00 2013 Jakub Hrozek - 1.9.2-74
- Resolves: rhbz894381 - memory cache is not updated after user is deleted
from ldb cache
Wed Jan 16 13:00:00 2013 Jakub Hrozek - 1.9.2-73
- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and
ppc64 platform
Tue Jan 15 13:00:00 2013 Jakub Hrozek - 1.9.2-72
- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups
outside the nesting limit
Tue Jan 15 13:00:00 2013 Jakub Hrozek - 1.9.2-71
- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not
reflected in memory cache
Tue Jan 15 13:00:00 2013 Jakub Hrozek - 1.9.2-70
- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache
Tue Jan 15 13:00:00 2013 Jakub Hrozek - 1.9.2-69
- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn\'t work
Wed Jan 9 13:00:00 2013 Jakub Hrozek - 1.9.2-68
- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group
memberships
Mon Jan 7 13:00:00 2013 Jakub Hrozek - 1.9.2-67
- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD
Users for commands like id and getent
Mon Jan 7 13:00:00 2013 Jakub Hrozek - 1.9.2-66
- Resolves: rhbz#874579 - sssd caching not working as expected for selinux
usermap contexts
Mon Jan 7 13:00:00 2013 Jakub Hrozek - 1.9.2-65
- Resolves: rhbz#892197 - Incorrect principal searched for in keytab
Mon Jan 7 13:00:00 2013 Jakub Hrozek - 1.9.2-64
- Resolves: rhbz#891356 - Smart refresh doesn\'t notice \"defaults\" addition
with OpenLDAP
Fri Jan 4 13:00:00 2013 Jakub Hrozek - 1.9.2-63
- Resolves: rhbz#878419 - sss_userdel doesn\'t remove entries from in-memory
cache
Fri Jan 4 13:00:00 2013 Jakub Hrozek - 1.9.2-62
- Resolves: rhbz#886848 - user id lookup fails for case sensitive users
using proxy provider
Fri Jan 4 13:00:00 2013 Jakub Hrozek - 1.9.2-61
- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn\'t work
Fri Jan 4 13:00:00 2013 Jakub Hrozek - 1.9.2-60
- Resolves: rhbz#874618 - sss_cache: fqdn not accepted
Thu Dec 20 13:00:00 2012 Jakub Hrozek - 1.9.2-59
- Resolves: rhbz#889182 - crash in memory cache
Thu Dec 20 13:00:00 2012 Jakub Hrozek - 1.9.2-58
- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable
tickets from cache
Thu Dec 20 13:00:00 2012 Jakub Hrozek - 1.9.2-57
- Resolves: rhbz#886091 - Disallow root SSH public key authentication
- Add default section to switch statement (Related: rhbz#884666)
Thu Dec 20 13:00:00 2012 Jakub Hrozek - 1.9.2-56
- Resolves: rhbz#886038 - sssd components seem to mishandle sighup
Thu Dec 20 13:00:00 2012 Jakub Hrozek - 1.9.2-55
- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function
Thu Dec 20 13:00:00 2012 Jakub Hrozek - 1.9.2-54
- Resolves: rhbz#888614 - Failure in memberof can lead to failed database
update
Thu Dec 20 13:00:00 2012 Jakub Hrozek - 1.9.2-53
- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the
enumeration is taking too long
Mon Dec 17 13:00:00 2012 Jakub Hrozek - 1.9.2-52
- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11
- Include more debugging during the sysdb upgrade
Mon Dec 17 13:00:00 2012 Jakub Hrozek - 1.9.2-51
- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal
Mon Dec 17 13:00:00 2012 Jakub Hrozek - 1.9.2-50
- Resolves: rhbz#870045 - always reread the master map from LDAP
- Resolves: rhbz#876531 - sss_cache does not work for automount maps
Mon Dec 17 13:00:00 2012 Jakub Hrozek - 1.9.2-49
- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule
another first full refresh
Mon Dec 17 13:00:00 2012 Jakub Hrozek - 1.9.2-48
- Resolves: rhbz#880956 - Primary server status is not always reset after
failover to backup server happened
- Silence a compilation warning in the memberof plugin (Related: rhbz#877974)
- Do not steal resolv result on error (Related: rhbz#882076)
Mon Dec 17 13:00:00 2012 Jakub Hrozek - 1.9.2-47