-
Wed Jan 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-66.3
- Resolves: rhbz#782443 - Race-condition bug in LDAP auth provider
-
Tue Nov 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-66.1
- Resolves: rhbz#758696 - sssd_nss crashes when passed invalid UTF-8 for the
username in getpwnam()
- Resolves: rhbz#758713 - LDAP failover not working if server refuses
connections
-
Mon Oct 31 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-66
- Related: rhbz#750359 - Major cached entry performance regression
-
Mon Oct 31 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-65
- Resolves: rhbz#750359 - Major cached entry performance regression
-
Mon Oct 31 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-64
- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis
initgroups when groups appear in multiple nesting
levels
-
Wed Oct 26 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-63
- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade
-
Tue Oct 25 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-62
- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault
-
Tue Oct 25 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-61
- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation
-
Tue Oct 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-60
- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX
socket
-
Mon Oct 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-59
- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow
- Resolves: rhbz#746654 - SSSD backend gets killed on slow systems
- Related: rhbz#743925 - HBAC processing is very slow when dealing with
FreeIPA deployments with large numbers of hosts
Fixes a crash introduced by the earlier patch.
- Related: rhbz#733382 - SSSD should pick a user/group name when there are
multi-valued names
Fixes for internationalization
-
Fri Oct 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-58
- Related: rhbz#742278 - Rework the example config
-
Fri Oct 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-57
- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with
FreeIPA deployments with large numbers of hosts
- Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart
- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX
socket
-
Thu Oct 13 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-56
- Resolves: rhbz#742278 - Rework the example config
- Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was
initialized
- Resolves: rhbz#742526 - SSSD's man pages are missing information
- Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX
socket
-
Thu Oct 06 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-55
- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with
multi-valued uid
- Resolves: rhbz#738629 - Group lookups doesn't return it's member for
sometime when the member has multi-valued uid
- Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber
to integer
- Resolves: rhbz#733382 - SSSD should pick a user/group name when there are
multi-valued names
-
Fri Sep 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-53
- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host
groups
- Resolves: rhbz#740501 - SSSD not functional after "self" reboot
- Resolves: rhbz#742539 - HBAC: Hostname comparisons should be
case-insensitive
-
Tue Sep 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-52
- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in
- Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2
-
Mon Sep 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-51
- Resolves: rhbz#737157 - "System error" appears in log during change password
operation of a user in openldap server with ppolicy
enabled
- Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)"
messages are logged during change password operation
of a user in openldap server with ppolicy enabled
-
Wed Sep 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-50
- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple
external hosts along with managed host
- Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with
krb5_validate = True and SElinux enabled
-
Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-49
- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm
- Resolves: rhbz#733382 - SSSD should pick a user/group name when there are
multi-valued names
- Resolves: rhbz#733409 - Improve password policy error message
- Resolves: rhbz#733663 - Authentication fails when there exists an empty
hbacsvcgroup
- Resolves: rhbz#732935 - Add LDAP provider option to set
LDAP_OPT_X_SASL_NOCANON
- Resolves: rhbz#734101 - sssd blocks login of ipa-users
-
Wed Aug 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-48
- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD
-
Mon Aug 08 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-47
- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain
shells
-
Thu Aug 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-46
- Related: rhbz#728267 - When non-posix groups are skipped, initgroups
returns random GID
-
Thu Aug 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-45
- Related: rhbz#726466 - HBAC rule evaluation does not support extended
UTF-8 languages
- Related: rhbz#718250 - Remove DENY rules from the HBAC access provider
- Fixes an issue on big endian platforms
-
Thu Aug 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-44
- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by
signal 11 (SIGSEGV) when ldap_uri is misconfigured
- Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls
- Resolves: rhbz#726466 - HBAC rule evaluation does not support extended
UTF-8 languages
- Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider
- Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups
returns random GID
- Resolves: rhbz#726475 - sssd_pam leaks file descriptors
- Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0
-
Wed Jul 13 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-43
- Related: rhbz#721052 - sssd does not handle kerberos server IP change
- Use ares_search instead of ares_query to honor
- search entries in /etc/resolv.conf
-
Wed Jul 13 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-42
- Resolves: rhbz#711416 - During the change password operation the ccache is
- not replaced by a new one if the old one isn't
- active anymore
- Resolves: rhbz#715609 - Certificate validation fails with message
- "Connection error: TLS: hostname does not match CN
- in peer certificate"
- Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records
- Resolves: rhbz#721052 - sssd does not handle kerberos server IP change
- Honor TTL values when resolving hostnames
-
Fri Jun 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-41
- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP
- Resolves: rhbz#713438 - sssd shuts down if inotify crashes
-
Thu Jun 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-40
- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch
-
Thu Jun 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-39
- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups()
- Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are
- being logged multiple times when the provider comes
- back online
- Resolves: rhbz#707997 - The IPA provider does not work with IPv6
- Resolves: rhbz#677327 - [RFE] Support overriding attribute value
- Resolves: rhbz#692090 - SSSD is not populating nested groups in
- Active Directory
-
Fri May 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-38
- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man
- page
-
Wed May 25 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-37
- Resolves: rhbz#707513 - Unable to authenticate users when username
- contains "\0"
-
Tue May 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-36
- Resolves: rhbz#698723 - kpasswd fails when using sssd and
- kadmin server != kdc server
-
Tue May 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-35
- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is
- not mentioned
- Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the
- gidNumber is out of the range of min_id,max_id.
- Resolves: rhbz#699530 - Users with a local group as their primary GID are
- denied access by the simple access provider
- Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups
- Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a
- member of any group
- Resolves: rhbz#703624 - SSSD's async resolver only tries the first
- nameserver in /etc/resolv.conf
-
Tue May 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-34
- Resolves: rhbz#701700 - sssd client libraries use select() but should use
- poll() instead
-
Mon May 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-33
- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password
- Fix segfault in TGT renewal
-
Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-32
- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password
- Fix typo causing build breakage
-
Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-31
- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password
-
Fri Apr 15 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-30
- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users
-
Thu Apr 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-29
- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak
-
Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-28
- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS
- information
-
Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-27
- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is
- disabled
-
Mon Apr 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-26
- Resolves: rhbz#694444 - Unable to resolve SRV record when called with
- _srv_,<fixed ldap uri> in ldap_uri
- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is
- disabled
-
Fri Apr 08 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-25
- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is
- disabled
-
Fri Apr 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-24
- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by
- signal 11 (SIGSEGV)
- Fix is to not attempt to resolve nameless servers
-
Wed Mar 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-23
- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS
- information
-
Mon Mar 28 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-21
- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can
- cause SSSD to stop caching and responding to
- requests
-
Fri Mar 25 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-20
- Resolves: rhbz#690131 - Traceback messages seen while interrupting
- sss_obfuscate using ctrl+d
- Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process
- /usr/libexec/sssd/sssd_be was killed by signal 11
- (SIGSEGV)
-
Mon Mar 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-17
- Related: rhbz#683885 - SSSD should skip over groups with multiple names
-
Mon Mar 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-16
- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them
- Resolves: rhbz#689886 - group memberships are not populated correctly during
- IPA provider initgroups
- Resolves: rhbz#683885 - SSSD should skip over groups with multiple names
-
Wed Mar 09 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-15
- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents
- Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5
- in sssd.conf
-
Wed Mar 09 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-14
- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min
- waiting on netgroup
- Resolves: rhbz#683431 - sssd consumes 100% CPU
- Related: rhbz#680440 - sssd does not handle kerberos server IP change
-
Tue Mar 08 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-13
- Related: rhbz#680440 - sssd does not handle kerberos server IP change
- SSSD was staying with the old server if it was still online
-
Mon Mar 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-12
- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain
- for base DN
-
Mon Mar 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-11
- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on
- ipa-server
- Resolves: rhbz#680440 - sssd does not handle kerberos server IP change
- Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are
- given in ipa_server config option
- Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf
- attribute on the server
- Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups
-
Tue Feb 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-10
- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups
- Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option
-
Tue Feb 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-9
- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option
- Resolves: rhbz#677318 - Does not read renewable ccache at startup
-
Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8
- Resolves: rhbz#678593 - User information not updated on login for secondary
- domains
- Resolves: rhbz#678777 - IPA provider does not update removed group
- memberships on initgroups
-
Sat Feb 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-7
- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries
- Resolves: rhbz#678410 - name service caches names, so id command shows
- recently deleted users
- Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for
- netgroups
-
Tue Feb 08 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-6
- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login
- Resolves: rhbz#675284 - "no matching rule" message logged on all successful
- requests
- Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for
- authentication
-
Thu Feb 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-5
- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named
- "default"
- Resolves: rhbz#674515 - -p option always uses empty string to obfuscate
- password
- Resolves: rhbz#674141 - Traceback call messages displayed while
- "sss_obfuscate" command is executed as a non-root
- user
-
Tue Feb 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-4
- Resolves: rhbz#674172 - Group members are not sanitized in nested group
- processing
- Put translated tool manpages into the sssd-tools subpackage
-
Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-3
- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1
- Also add the updated ding-libs to the BuildRequires
-
Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2
- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1
- Explicitly require updated ding-libs
-
Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-1
- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1
- New upstream release 1.5.1
- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
- Vast performance improvements when enumerate = true
- All PAM actions will now perform a forced initgroups lookup instead of just
- a user information lookup
- This guarantees that all group information is available to other
- providers, such as the simple provider.
- For backwards-compatibility, DNS lookups will also fall back to trying the
- SSSD domain name as a DNS discovery domain.
- Support for more password expiration policies in LDAP
- 389 Directory Server
- FreeIPA
- ActiveDirectory
- Support for ldap_tls_{cert,key,cipher_suite} config options
- Assorted bugfixes
-
Thu Jan 13 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-2
- Add noverify to sssd.conf
- Resolves: rhbz#627165 - TPS VerifyTest failure
-
Thu Dec 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-1
- Related: rhbz#644072 - Rebase SSSD to 1.5
- New upstream release 1.5.0
- Fixed issues with LDAP search filters that needed to be escaped
- Add Kerberos FAST support on platforms that support it
- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
- Added a Kerberos access provider to honor .k5login
- Addressed several thread-safety issues in the sss_client code
- Improved support for delayed online Kerberos auth
- Significantly reduced time between connecting to the network/VPN and
- acquiring a TGT
- Added feature for automatic Kerberos ticket renewal
- Provides the kerberos ticket for long-lived processes or cron jobs
- even when the user logs out
- Added several new features to the LDAP access provider
- Support for 'shadow' access control
- Support for authorizedService access control
- Ability to mix-and-match LDAP access control features
- Added an option for a separate password-change LDAP server for those
- platforms where LDAP referrals are not supported
- Added support for manpage translations
-
Tue Dec 07 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-28.4
- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs
- Resolves: rhbz#660585 - getent passwd <username>' returns nothing if its
- uidNumber gt 2147483647
-
Thu Dec 02 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-36
- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs
-
Thu Dec 02 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-35
- Resolves: rhbz#645449 - 'getent passwd <username>' returns nothing if its
- uidNumber gt 2147483647
-
Tue Nov 30 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-28.3
- Resolves: rhbz#658374 - sssd stops on upgrade
-
Wed Nov 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-34
- Resolves: rhbz#658158 - sssd stops on upgrade
-
Wed Nov 03 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-28.2
- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache
-
Wed Nov 03 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-33
- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache
-
Mon Oct 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-28.1
- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib
- Resolves: rhbz#642412 - SSSD initgroups does not behave as expected
-
Mon Oct 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-32
- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib
- Resolves: rhbz#633487 - SSSD initgroups does not behave as expected
-
Thu Sep 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-29
- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib
-
Fri Sep 03 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-28
- Resolves: rhbz#629949 - sssd stops on upgrade
-
Wed Aug 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-27
- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password
-
Wed Aug 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-26
- Resolves: rhbz#621307 - Password changes are broken on LDAP
-
Fri Jul 30 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-23
- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on
- initgroups calls
-
Fri Jul 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-21
- Resolves: rhbz#607233 - SSSD users cannot log in through GDM
- - Real issue was that long-running services
- - do not reconnect if sssd is restarted
-
Fri Jul 09 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-20
- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with
- /etc/krb5.keytab file
-
Mon Jun 28 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-19
- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6
- final
- Resolves: rhbz#608661 - SASL with OpenLDAP server fails
- Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes
-
Fri Jun 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-15
- New upstream bugfix release 1.2.1
- Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity
- bugs.
- Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal
- Resolves: rhbz#604704 - authconfig should provide error with no trace back
- if disabling sssd when sssd is not enabled
- Resolves: rhbz#591873 - Connecting to the network after an offline kerberos
- auth logs continuous error messages to sssd_ldap.log
- Resolves: rhbz#596295 - Authentication fails for user from the second domain
- when the same user name is filtered out from the
- first domain
- Related: rhbz#598559 - Update translation files for SSSD before RHEL 6
- final
-
Thu Jun 10 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-14
- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service
- to fail while restart
- Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in
- parentheses causes ldap_search_ext to fail
- Resolves: rhbz#600468 - Segfault in krb5_child
- Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity
- bugs.
-
Wed Jun 02 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-13
- Resolves: rhbz#598670 - Ccache file of a user is removed too early
- Resolves: rhbz#599057 - Incomplete comparison of a service name in
- IPA access provider
- Resolves: rhbz#598496 - Failure with IPA access provider
- Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the
- kernel keyring
-
Mon May 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-12
- New stable upstream version 1.2.0
- Support ServiceGroups for FreeIPA v2 HBAC rules
- Fix long-standing issue with auth_provider = proxy
- Better logging for TLS issues in LDAP
- Resolves: rhbz#584001 - Rebase sssd to 1.2
- Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file
- Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf
- Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf
- Resolves: rhbz#590134 - sssd: auth_provider = proxy regression
- Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when
- going online
- Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the
- HBAC rule
-
Wed May 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11.1
- Improve DEBUG logs for STARTTLS failures
-
Tue May 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11
- New LDAP access provider allows for filtering user access by LDAP attribute
- Reduced default timeout for detecting offline status with LDAP
- GSSAPI ticket lifetime made configurable
- Better offline->online transition support in Kerberos
-
Fri May 07 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.91-10
- Release new upstream version 1.1.91
- Enhancements when using SSSD with FreeIPA v2
- Support for deferred kinit
- Support for DNS SRV records for failover
-
Fri Apr 02 2010 Simo Sorce <ssorce@redhat.com> - 1.1.1-3
- Bump up release number to avoid library sub-packages version issues with
previous releases.
-
Thu Apr 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.1-1
- New upstream release 1.1.1
- Fixed the IPA provider (which was segfaulting at start)
- Fixed a bug in the SSSDConfig API causing some options to revert to
- their defaults
- This impacted the Authconfig UI
- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal
-
Mon Mar 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2
- Release SSSD 1.1.0 final
- Fix two potential segfaults
- Fix memory leak in monitor
- Better error message for unusable confdb
-
Wed Mar 17 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1.pre20100317git0ea7f19
- Release candidate for SSSD 1.1
- Add simple access provider
- Create subpackages for libcollection, libini_config, libdhash and librefarray
- Support IPv6
- Support LDAP referrals
- Fix cache issues
- Better feedback from PAM when offline
-
Wed Feb 24 2010 Stephen Gallagehr <sgallagh@redhat.com> - 1.0.5-2
- Rebuild against new libtevent
-
Fri Feb 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.5-1
- Fix licenses in sources and on RPMs
-
Mon Jan 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
- Fix regression on 64-bit platforms
-
Fri Jan 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1
- Fixes link error on platforms that do not do implicit linking
- Fixes double-free segfault in PAM
- Fixes double-free error in async resolver
- Fixes support for TCP-based DNS lookups in async resolver
- Fixes memory alignment issues on ARM processors
- Manpage fixes
-
Thu Jan 14 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1
- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online
- Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests
- Several segfault bugfixes
-
Mon Jan 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
- Fix CVE-2010-0014
-
Mon Dec 21 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-2
- Patch SSSDConfig API to address
- https://bugzilla.redhat.com/show_bug.cgi?id=549482
-
Fri Dec 18 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
- New upstream stable release 1.0.0
-
Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1
- New upstream bugfix release 0.99.1
-
Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
- New upstream release 0.99.0
-
Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1
- Fix segfault in sssd_pam when cache_credentials was enabled
- Update the sample configuration
- Fix upgrade issues caused by data provider service removal
-
Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
-
Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
- New upstream release 0.7.0
-
Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
- Fix missing file permissions for sssd-clients
-
Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1
- Add SSSDConfig API
- Update polish translation for 0.6.0
- Fix long timeout on ldap operation
- Make dp requests more robust
-
Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1
- Ensure that the configuration upgrade script always writes the config
file with 0600 permissions
- Eliminate an infinite loop in group enumerations
-
Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
- New upstream release 0.6.0
-
Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
- New upstream release 0.5.0
-
Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4
- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
without a password. (Patch by Stephen Gallagher)
-
Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
-
Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
- Fix a couple of segfaults that may happen on reload
-
Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1
- add missing configure check that broke stopping the daemon
- also fix default config to add a missing required option
-
Mon Jun 08 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0
- latest upstream release.
- also add a patch that fixes debugging output (potential segfault)
-
Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
- release out of the official 0.3.2 tarball
-
Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1
- bugfix release 0.3.2
- includes previous release patches
- change permissions of the /etc/sssd/sssd.conf to 0600
-
Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2
- Add last minute bug fixes, found in testing the package
-
Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
- Version 0.3.1
- includes previous release patches
-
Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2
- Try to fix build adding automake as an explicit BuildRequire
- Add also a couple of last minute patches from upstream
-
Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1
- Version 0.3.0
- Provides file based configuration and lots of improvements
-
Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
- Version 0.2.1
-
Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
- Version 0.2.0
-
Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
- package git snapshot
-
Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
- fixed items found during review
- added initscript
-
Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
- added sss_client
-
Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
- Small cleanup and fixes in the spec file
-
Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
- Initial release (based on version 0.1.0 upstream code)