New upstream release 1.9.0 beta 1

- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1
- Add native support for autofs to the IPA provider
- Support for ID-mapping when connecting to Active Directory
- Support for handling very large (> 1500 users) groups in Active Directory
- Support for sub-domains (will be used for dealing with trust relationships)
- Add a new fast in-memory cache to speed up lookups of cached data on
  repeated requests
This commit is contained in:
Stephen Gallagher 2012-05-11 16:02:54 -04:00
parent 05471b8b76
commit 7fa00add1e
4 changed files with 59 additions and 20 deletions

1
.gitignore vendored
View File

@ -28,3 +28,4 @@ sssd-1.2.91.tar.gz
/sssd-1.8.1.tar.gz /sssd-1.8.1.tar.gz
/sssd-1.8.2.tar.gz /sssd-1.8.2.tar.gz
/sssd-1.8.3.tar.gz /sssd-1.8.3.tar.gz
/sssd-1.9.0beta1.tar.gz

View File

@ -1,4 +1,4 @@
From 8ae0fc769b419e16ce7804bd516f7c2d03ce8471 Mon Sep 17 00:00:00 2001 From 05c49dd916dcbea2ce8f6a6b14fd54a5c67fd6db Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com> From: Stephen Gallagher <sgallagh@redhat.com>
Date: Wed, 22 Feb 2012 07:53:56 -0500 Date: Wed, 22 Feb 2012 07:53:56 -0500
Subject: [PATCH] FEDORA: Change Kerberos credential cache default location Subject: [PATCH] FEDORA: Change Kerberos credential cache default location
@ -8,8 +8,8 @@ caches for improved security and to simplify rpc.gssd locating the
cache for use with NFS. cache for use with NFS.
--- ---
src/man/sssd-krb5.5.xml | 4 ++-- src/man/sssd-krb5.5.xml | 4 ++--
src/providers/krb5/krb5_common.c | 4 ++-- src/providers/krb5/krb5_opts.h | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-) 2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
index 247337a90a80b078d0395b27a02e5ea2c72a5ce8..cc10dc149c407450a59f39ebc2de0ac95e33028e 100644 index 247337a90a80b078d0395b27a02e5ea2c72a5ce8..cc10dc149c407450a59f39ebc2de0ac95e33028e 100644
@ -33,21 +33,19 @@ index 247337a90a80b078d0395b27a02e5ea2c72a5ce8..cc10dc149c407450a59f39ebc2de0ac9
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c diff --git a/src/providers/krb5/krb5_opts.h b/src/providers/krb5/krb5_opts.h
index c2cb94b61463cbdaf3f4fa5a5cb311af55b4b960..e3a74697249a8dd10907beaeaef415a48c3c30a9 100644 index 7f47290c961ce6455e0d123e9ec14c7add39d28d..ff1863b98524eab1d175e06253e78cafa15b3f2d 100644
--- a/src/providers/krb5/krb5_common.c --- a/src/providers/krb5/krb5_opts.h
+++ b/src/providers/krb5/krb5_common.c +++ b/src/providers/krb5/krb5_opts.h
@@ -34,8 +34,8 @@ @@ -29,7 +29,7 @@ struct dp_option default_krb5_opts[] = {
struct dp_option default_krb5_opts[] = {
{ "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "krb5_ccachedir", DP_OPT_STRING, { "/tmp" }, NULL_STRING }, { "krb5_ccachedir", DP_OPT_STRING, { "/tmp" }, NULL_STRING },
- { "krb5_ccname_template", DP_OPT_STRING, { "FILE:%d/krb5cc_%U_XXXXXX" }, NULL_STRING}, - { "krb5_ccname_template", DP_OPT_STRING, { "FILE:%d/krb5cc_%U_XXXXXX" }, NULL_STRING},
+ { "krb5_ccachedir", DP_OPT_STRING, { "/run/user/%u" }, NULL_STRING }, + { "krb5_ccname_template", DP_OPT_STRING, { "/run/user/%u" }, NULL_STRING},
+ { "krb5_ccname_template", DP_OPT_STRING, { "FILE:%d/krb5cc" }, NULL_STRING},
{ "krb5_auth_timeout", DP_OPT_NUMBER, { .number = 15 }, NULL_NUMBER }, { "krb5_auth_timeout", DP_OPT_NUMBER, { .number = 15 }, NULL_NUMBER },
{ "krb5_keytab", DP_OPT_STRING, { "/etc/krb5.keytab" }, NULL_STRING }, { "krb5_keytab", DP_OPT_STRING, { "/etc/krb5.keytab" }, NULL_STRING },
{ "krb5_validate", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "krb5_validate", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
-- --
1.7.7.6 1.7.10.1

View File

@ -1 +1 @@
e09410d6bfe0a2bf8a4ce7ab95c005db sssd-1.8.3.tar.gz 829ecc6544f76185581d5feb788edae4 sssd-1.9.0beta1.tar.gz

View File

@ -15,13 +15,13 @@
%global ldb_version 1.1.4 %global ldb_version 1.1.4
Name: sssd Name: sssd
Version: 1.8.3 Version: 1.9.0
Release: 11%{?dist} Release: 1%{?dist}.beta1
Group: Applications/System Group: Applications/System
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPLv3+ License: GPLv3+
URL: http://fedorahosted.org/sssd/ URL: http://fedorahosted.org/sssd/
Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}beta1.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
### Patches ### ### Patches ###
@ -36,6 +36,7 @@ Requires: libtdb >= 1.1.3
Requires: sssd-client%{?_isa} = %{version}-%{release} Requires: sssd-client%{?_isa} = %{version}-%{release}
Requires: cyrus-sasl-gssapi%{?_isa} Requires: cyrus-sasl-gssapi%{?_isa}
Requires: libipa_hbac%{?_isa} = %{version}-%{release} Requires: libipa_hbac%{?_isa} = %{version}-%{release}
Requires: libsss_idmap%{?_isa} = %{version}-%{release}
Requires: krb5-libs >= 1.9 Requires: krb5-libs >= 1.9
Requires: keyutils-libs Requires: keyutils-libs
Requires(post): systemd-units initscripts chkconfig /sbin/ldconfig Requires(post): systemd-units initscripts chkconfig /sbin/ldconfig
@ -122,6 +123,23 @@ SSSD when using id_provider = local in /etc/sssd/sssd.conf.
Also provides a userspace tool for generating an obfuscated LDAP password for Also provides a userspace tool for generating an obfuscated LDAP password for
use with ldap_default_authtok_type = obfuscated_password. use with ldap_default_authtok_type = obfuscated_password.
%package -n libsss_idmap
Summary: FreeIPA Idmap library
Group: Development/Libraries
License: LGPLv3+
%description -n libsss_idmap
Utility library to SIDs to Unix uids and gids
%package -n libsss_idmap-devel
Summary: FreeIPA Idmap library
Group: Development/Libraries
License: LGPLv3+
Requires: libsss_idmap = %{version}-%{release}
%description -n libsss_idmap-devel
Utility library to SIDs to Unix uids and gids
%package -n libipa_hbac %package -n libipa_hbac
Summary: FreeIPA HBAC Evaluator library Summary: FreeIPA HBAC Evaluator library
Group: Development/Libraries Group: Development/Libraries
@ -182,7 +200,7 @@ UpdateTimestamps() {
done done
} }
%setup -q -n %{name}-%{version} %setup -q -n %{name}-1.8.91
for p in %patches ; do for p in %patches ; do
%__patch -p1 -i $p %__patch -p1 -i $p
@ -243,7 +261,7 @@ cp src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/
find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \; find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
# Suppress developer-only documentation # Suppress developer-only documentation
rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}/doc rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
# Older versions of rpmbuild can only handle one -f option # Older versions of rpmbuild can only handle one -f option
# So we need to append to the sssd.lang file # So we need to append to the sssd.lang file
@ -370,6 +388,18 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sss_cache.8* %{_mandir}/man8/sss_cache.8*
%{_mandir}/man8/sss_debuglevel.8* %{_mandir}/man8/sss_debuglevel.8*
%files -n libsss_idmap
%defattr(-,root,root,-)
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libsss_idmap.so.*
%files -n libsss_idmap-devel
%defattr(-,root,root,-)
%doc idmap_doc/html
%{_includedir}/sss_idmap.h
%{_libdir}/libsss_idmap.so
%{_libdir}/pkgconfig/sss_idmap.pc
%files -n libipa_hbac %files -n libipa_hbac
%defattr(-,root,root,-) %defattr(-,root,root,-)
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
@ -456,6 +486,16 @@ fi
%postun -n libipa_hbac -p /sbin/ldconfig %postun -n libipa_hbac -p /sbin/ldconfig
%changelog %changelog
* Fri May 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-1.beta1
- New upstream release 1.9.0 beta 1
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1
- Add native support for autofs to the IPA provider
- Support for ID-mapping when connecting to Active Directory
- Support for handling very large (> 1500 users) groups in Active Directory
- Support for sub-domains (will be used for dealing with trust relationships)
- Add a new fast in-memory cache to speed up lookups of cached data on
repeated requests
* Thu May 03 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.3-11 * Thu May 03 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.3-11
- New upstream release 1.8.3 - New upstream release 1.8.3
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3