Skip to content

sssd-2.7.0
Compare
Choose a tag to compare
@pbrezina pbrezina released this 14 Apr 18:03
· 1402 commits to master since this release
2.7.0
This tag was signed with the committer’s verified signature.
pbrezina Pavel Březina
GPG key ID: AFFE75DDE8508E12
Learn about vigilant mode.
f48eddc

SSSD 2.7.0 Release Notes

Highlights

New features

  • Added a new krb5 plugin idp and a new binary oidc_child which performs OAuth2 authentication against FreeIPA. This, however, can not be tested yet because this feature is still under development on the FreeIPA server side. Nevertheless, we have decided to include this in the release in order to enable the functionality on the clients immediately when the FreeIPA project delivers this feature without the need to update the clients.

General information

  • Better default for IPA/AD re_expression. Tunning for group names containing '@' is no longer needed.
  • A warning is added in the logs if an LDAP operation needs more than 80% of the configured timeout.
  • A new debug level is added to show statistical and performance data. Currently the duration of a backend request and of single LDAP operations are recorded if debug_level is set to 9 or the bit 0x20000 is set.
  • Added support for anonymous PKINIT to get FAST credentials
  • We have many warnings and errors from static analyzers

Important fixes

  • SSSD now correctly falls back to UPN search if the user was not found even with cache_first = true.

Packaging changes

  • Added new configure option --with-oidc-child and --without-oidc-child to control build of oidc_child (enabled by default).
  • Added new package sssd-idp that contains the oidc_child and krb5 idp plugin, this package is required by sssd-ipa.

See full release notes here.

Assets 5
Loading