Commit Graph

16 Commits

Author SHA1 Message Date
Alexey Tikhonov
98fa4310c5 Resolves: RHEL-2632 - Rebase SSSD for RHEL 9.4
Resolves: RHEL-14427 - Expected cn in RDN, got uid
Resolves: RHEL-12229 - HANA validation on RHEL 9.2 issue possibly related to libc/nss_sss behaviour
Resolves: RHEL-3925 - SSSD goes offline when, while reading a single user, misses a required attribute (i.e. SID)
Resolves: RHEL-2319 - Passkey authentication for centrally managed users
Resolves: RHEL-4146 - Incorrect handling of reverse IPv6 update results in update failure
Resolves: RHEL-4971 - sssd-kcm does not appear to expire Kerberos tickets (RFE: sssd_kcm should have the option to automatically delete the expired tickets)
2023-11-13 16:10:41 +01:00
Alexey Tikhonov
8083cf0ccf Resolves: RHEL-2632 - Rebase SSSD for RHEL 9.4
Resolves: RHEL-2319 - Passkey authentication for centrally managed users
Resolves: rhbz#2234829 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working)
Resolves: rhbz#2236119 - dbus and crond getting terminated with SIGBUS in sss_client code
2023-09-08 19:00:48 +02:00
Alexey Tikhonov
efb42d7981 Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3
Resolves: rhbz#2196816 - [RHEL9] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed'
Resolves: rhbz#2162552 - sssd client caches old data after removing netgroup member on IDM
Resolves: rhbz#2189542 - [sssd] RHEL 9.3 Tier 0 Localization
Resolves: rhbz#2133854 - [RHEL9] In some cases when `sdap_add_incomplete_groups()` is called with `ignore_group_members = true`, groups should be treated as complete
Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys
2023-06-23 17:08:46 +02:00
Alexey Tikhonov
6849c706fc Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3
Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys
Resolves: rhbz#1913839 - filter_groups doesn't filter GID from 'id' output: AD + 'ldap_id_mapping = True' corner case
Resolves: rhbz#2100789 - [Improvement] sssctl config-check command does not show an error when we don't have id_provider in the domain section
Resolves: rhbz#2152177 - [RFE] Add support for ldapi:// URLs
Resolves: rhbz#2164852 - man page entry should make clear that a nested group needs a name
Resolves: rhbz#2166627 - Improvement: sss_client: add 'getsidbyusername()' and 'getsidbygroupname()' and corresponding python bindings
Resolves: rhbz#2166943 - kinit switches KCM away from the newly issued ticket
Resolves: rhbz#2167728 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed)
2023-05-15 15:55:07 +02:00
Alexey Tikhonov
6d6ccdb21b Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2
Resolves: rhbz#1608496 - sssd failing to register dynamic DNS addresses against an AD server due to unnecessary DNS search
Resolves: rhbz#2110091 - SSSD doesn't handle changes in 'resolv.conf' properly (when started right before network service)
Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level.
Resolves: rhbz#2139684 - [sssd] RHEL 9.2 Tier 0 Localization
Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list
Resolves: rhbz#2142794 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged
Resolves: rhbz#2144893 - changing password with ldap_password_policy = shadow does not take effect immediately
Resolves: rhbz#2148737 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around
2022-12-19 11:13:56 +01:00
Alexey Tikhonov
5974ce9186 Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2
Resolves: rhbz#1507035 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file
Resolves: rhbz#1766490 - Use negative cache better and domain checks for lookup by SIDs
Resolves: rhbz#1964121 - RFE: Add an option to sssd config to convert home directories to lowercase (or add a new template for the 'override_homedir' option)
Resolves: rhbz#2074307 - reduce debug level in case well_known_sid_to_name() fails
Resolves: rhbz#2096031 - SSSD: sdap_handle_id_collision_for_incomplete_groups debug message missing a new line
Resolves: rhbz#2103325 - Supported AD group types should be explained in the docs
Resolves: rhbz#2111388 - authenticating against external IdP services okta (native app) with OAuth client secret failed
Resolves: rhbz#2115171 - SSSD: duplicate dns_resolver_* option in man sssd.conf
Resolves: rhbz#2127492 - sssd timezone issues sudonotafter
Resolves: rhbz#2128840 - [RFE] provide dbus method to find users by attr
Resolves: rhbz#2128883 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict)
Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level.
Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list
2022-11-04 13:08:07 +01:00
Alexey Tikhonov
1b653c21ec Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1
Resolves: rhbz#1936551 - [Improvement] Provide user feedback when login fails due to blocked PIN
Resolves: rhbz#1978119 - [Improvement] avoid interlocking among threads that use `libsss_nss_idmap` API (or other sss_client libs)
Resolves: rhbz#2062665 - [sssd] RHEL 9.1 Tier 0 Localization
2022-07-05 11:07:29 +02:00
Alexey Tikhonov
61baec62c2 Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1
Resolves: rhbz#1893192 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets
Resolves: rhbz#1927553 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file
Resolves: rhbz#2089216 - pam_sss_gss ceased to work after upgrade to 8.6
Resolves: rhbz#2090776 - Add idp authentication indicator in man page of sssd.conf
Resolves: rhbz#1927195 - sssd runs out of proxy child slots and doesn't clear the counter for Active requests
Resolves: rhbz#2073095 - Harden kerberos ticket validation
Resolves: rhbz#2082455 - 'getent hosts' not return hosts if they have more than one CN in LDAP
Resolves: rhbz#2087581 - Regression "Missing internal domain data." when setting ad_domain to incorrect
2022-06-04 12:28:43 +02:00
Alexey Tikhonov
c745d2f717 Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1
Resolves: rhbz#2072640 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop
Resolves: rhbz#2070189 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file.
Resolves: rhbz#2070138 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options)
Resolves: rhbz#2065693 - [RHEL9] Ship new sub-package called sssd-idp into sssd
Resolves: rhbz#2065098 - Use right sdap_domain in ad_domain_info_send
Resolves: rhbz#2062716 - [Improvement] Add user and group version of sss_nss_getorigbyname()
Resolves: rhbz#2061795 - Unable to lookup AD user if the AD group contains '@' symbol
Resolves: rhbz#2056482 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2
Resolves: rhbz#1937895 - SSSD update prompts for smartcard pin twice - After update to 7.9
Resolves: rhbz#1925559 - [RFE] Implement time logging for the LDAP queries and warning of high queries time
Resolves: rhbz#1915564 - sssd does not enforce smartcard auth for kde screen locker
Resolves: rhbz#1859751 - [RFE] Allow SSSD to use anonymous pkinit for FAST
Resolves: rhbz#1749279 - 2FA prompting setting ineffective
Resolves: rhbz#1661055 - sssd fails GPO-based access if AD have setup with Japanese language
Resolves: rhbz#1245367 - [RFE] Implement memory cache for SID requests to improve performance
2022-05-09 13:02:32 +02:00
Alexey Tikhonov
6a5a87a373 Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
Resolves: rhbz#2017390 - [sssd] RHEL 9.0 GA Tier 0 Localization
Resolves: rhbz#2013263 - [RHEL9] Add ability to parse child log files
Resolves: rhbz#2013262 - [RHEL9] Add tevent chain ID logic into responders
Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
Resolves: rhbz#1940517 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs
2022-01-05 18:12:21 +01:00
Alexey Tikhonov
5309d21cac Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
Resolves: rhbz#1966201 - sssd: incorrect checks on length values during packet decoding in unpack_authtok()
Resolves: rhbz#977803 - incorrect checks of `strto*()` string to number convertion functions
Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
Resolves: rhbz#1992973 - Lookup with fully-qualified name does not work with 'cache_first = True'
Resolves: rhbz#1996151 - Add support for CKM_RSA_PKCS in smart card authentication.
Resolves: rhbz#1998459 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest)
Resolves: rhbz#2000476 - disabled root ad domain causes subdomains to be marked offline
Resolves: rhbz#2014249 - Consistency in defaults between OpenSSH and SSSD
Resolves: rhbz#2029419 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected
2021-12-06 21:00:02 +01:00
Alexey Tikhonov
adc6d02a6b Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta
Resolves: rhbz#1975691 - covscan NULL pointer dereference cache_req_data_create()
2021-07-16 14:42:44 +02:00
Alexey Tikhonov
7f0c855c8f Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta
Resolves: rhbz#1938876 - review of important potential issues detected by static analyzers in sssd-2.4.1-1.el9
Resolves: rhbz#1942277 - Wrong default debug level of sssd tools
2021-06-14 20:37:12 +02:00
DistroBaker
1155a5a59b Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/sssd.git#3fb1cb9aa3f275dec5da1680aa7599efaef6be1b
2021-02-19 16:41:53 +00:00
DistroBaker
e9cffb7aa5 Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/sssd.git#9e5dd4b66572aeb348f3cc854ce7fca9f7afd97b
2021-02-05 19:50:48 +00:00
Troy Dawson
72ec3e3585 RHEL 9.0.0 Alpha bootstrap
The content of this branch was automatically imported from Fedora ELN
with the following as its source:
https://src.fedoraproject.org/rpms/sssd#65e3d07e6456a10b607f4b72e040e8fab1d09fbd
2020-10-15 09:59:23 -07:00