The SSSD is proud to announce the release of the first beta of SSSD
1.8.0, destined to become our next long-term maintenance (LTM) release.

As this is going to be a big release for us, we're looking for as much
help as we can get to regression-test and try out the new features
before our final release on February 28th.

For those looking for the source, it can be found at
https://fedorahosted.org/sssd

I've kicked off build of the Fedora packages and they will be available
in Rawhide tonight and in the Fedora 17 Alpha release coming soon.

As a note to the engineering team, we have now branched off the sssd-1-8
branch. All bugfixes for the 1.8.0 release must go to both master and
sssd-1-8. The master branch is now open to SSSD 1.9.0 development.

To interested translators: SSSD 1.8.0 is now in string freeze, so if you
speak a second (or third, or fourth...) language, please help us out
with translating our manpages and config options at
https://www.transifex.net/projects/p/sssd/


== Highlights ==
 * Support for the service map in NSS
 * Support for setting default SELinux user context from FreeIPA
 * Support for retrieving SSH user and host keys from LDAP
(Experimental)
 * Support for caching autofs LDAP requests (Experimental)
 * Support for caching SUDO rules (Experimental)

== Detailed Changelog ==
Jakub Hrozek (42):
 * sss_get_cased_name utility function
 * Return user and group names lowercased in case insensitive domains
 * Honor case sensitive flag when creating the ccname template
 * HBAC: create empty groups with one NULL element
 * Do not call krb5_child when changing passwords and provider went
offline
 * IPA netgroups: Do not reuse loop iterator variable
 * Add a configure switch to specify 3rd party app libraries location
 * Export libsss_sudo as a separate package
 * Add a new Makefile target to build RPMs with the experimental flag
 * Do not use sudo symbols in LDAP provider unconditionally
 * PAM: Fix reversed logic
 * SUDO: include the sources in the IPA provider, too
 * PAM: Do not overwrite ret
 * DP: Refactor responder_dp_req so it's reusable by other responders
 * SUDO: Provide a sudo DP request based on the internal_req
 * Use the new SUDO request in DP and sudo responder
 * Fix sudo compilation on RHEL5
 * Include sudo manual pages only conditionally
 * docs: Use absolute srcdir path
 * SUDO: Provide documentation for the SUDO API
 * SYSDB: index sudoUser
 * Refactor nss_cmd_send_empty
 * Use profiling Docbook XSLT only if available, fall back to normal
 * RESPONDERS: Provide a common sss_cmd_send_error function
 * NSS: Use sss_hash_create instead of destructor
 * Fixes for sudo_timed
 * ConfigAPI: add sudo to known services
 * SUDO: introduce a new config option --with-sudo
 * Move BUILD_SUDO outside the generic LDAP source files
 * Fix configure with old autoconf versions
 * BUILD: Introduce a --with-autofs config option
 * SYSDB: Remove code duplication between member_add and member_del
 * AUTOFS: sysdb interface
 * AUTOFS: a client library
 * AUTOFS: a command-line test client
 * AUTOFS: Data Provider request
 * RESPONDERS: Refactor setent_req_list
 * Split the logic to check cache expiration into separate function
 * AUTOFS: responder
 * AUTOFS: LDAP provider
 * Do not call sudo functions if built without-sudo
 * Make sudo installation path configurable, install into libdir by
default

Jan Cholasta (10):
 * UTIL: Provide base64 encoding and decoding functions
 * BUILD: Introduce a --with-ssh config option
 * LDAP: Add support for SSH user public keys
 * DP: Add host info handler
 * IPA: Add host info handler
 * DP: Add support for hosts in sss_dp_get_account
 * SSH: Responder
 * SSH: Common client code
 * SSH: OpenSSH authorized_keys client
 * SSH: OpenSSH known_hosts client

Jan Zeleny (18):
 * Add info about ipa_host_search_base to man page
 * Support multiple search bases in HBAC
 * Fixed wrong position of ldap_service_search_base
 * Implemented support for multiple search bases in HBAC rules and
services
 * Fixed minor memory-hierarchy-related issue in IPA HBAC
 * Add support for generic IPA config retrieval
 * Make password migration code use the IPA config retrieval code
 * Renamed some sysdb constants for their wider usage
 * Added some SELinux-related utility functions
 * Added some SELinux-related sysdb routines
 * SELinux support in PAM responder
 * SELinux support in PAM module
 * Separate the host-retrieval code from IPA HBAC to common IPA code
 * Delete unused structure in IPA access code
 * Add session target in data provider
 * Session target in IPA provider
 * Man pages for the session target and SELinux user maps fetching
 * Update shadowLastChanged attribute during LDAP password change

Pavel Březina (15):
 * SUDO Integration review issues
 * SUDO Integration - wrap data provider with tevent_req
 * sysdb_get_bool() and sysdb_get_bool() functions
 * SUDO Integration - functions for manipulating with 'refreshed'
attribute
 * SUDO Integration - periodical update of rules in data provider
 * SUDO Integration - make sysdb_get_sudo_filter() more configurable
 * SUDO Integration - prepare data provider for new responder commands
 * SUDO Integration - responder command for cn=defaults
 * SUDO Integration - SUDO API can request only cn=defaults record
 * SUDO Integration - test client changed
 * SUDO Integration - manual page
 * SUDO Integration - in-memory cache in responder
 * SUDO Integration - responder 'sudo_timed' option
 * SUDO Integration - fix offline behaviour
 * SUDO Integration - sysdb_sudo_check_time() fix

Simo Sorce (9):
 * make dist fixes
 * tests: fix test group of utf8 tests
 * nsssrv: remove unused macro
 * nsssrv: add string manipulation helper
 * nsssrv: use sized_string in fill_pwent
 * nsssrv: use sized_string in fill_grent
 * util: add murmurhash3 hash function
 * Add a random + identity test for murmurhash3
 * util: Fix murmurhash3 on machines with old glibc

Stephen Gallagher (46):
 * Bump version to 1.8.0
 * Add compatibility layer for Heimdal Kerberos implementation
 * Importing new translations for 1.7.0 release
 * Log fixes for sdap_call_conn_cb
 * LDAP: Copy URI instead of pointing at failover service record
 * NSS: Validate input string lengths
 * NSS: Improve DEBUG messages for netgroup cache
 * Raise the debug level of two very noisy statements
 * IPA: Detect nsupdate support for the realm directive
 * NSS: Add sss_readrep_copy_string
 * LDAP: Add option to disable paging control
 * SYSDB: Redundant check is redundant.
 * Fix invalid index in pidfile()
 * RESPONDER: Extend sss_dp_account_send() to include extra data
 * DP: Fix bugs in sss_dp_get_account_int
 * LDAP: Improve debugging for sdap_parse_deref
 * Move sized_string declaration to utils
 * UTIL: Add strtouint16
 * SYSDB: Move add_string and add_ulong to sysdb_private.h
 * DP: Handle parsing extra results in be_get_account_info
 * SYSDB: Add sysdb routines for manipulating service entries
 * SYSDB: Add indexes for servicePort and serviceProtocol
 * NSS: Add client support for services (non-enumeration)
 * DP: Add support for services in dp requests
 * NSS: Add negative cache routines for services
 * NSS: Add getservbyname and getservbyport support to the NSS Responder
 * PROXY: add support for service lookups (non-enumeration)
 * NSS: Add client support for [set|get|end]servent()
 * SYSDB: add support for enumerating services
 * NSS: Add service enumeration support to NSS provider
 * PROXY: add support for enumerating services
 * Rename sss_dp_type to sss_dp_sudo_type
 * SSSDConfigAPI: Move sssd.api.* to /usr/share/sssd
 * SYSDB: extend sysdb_store_service() to accept additional attributes
 * SYSDB: Add sysdb_attrs_get_uint16_t
 * LDAP: Add support for service lookups (non-enum)
 * LDAP: Add enumeration support for services
 * IPA: Add support for services lookups (non-enum)
 * LDAP: Add new options for service maps
 * KRB5: Add syslog messages for Kerberos failures
 * LDAP: Do not fail if RootDSE check cannot determine search bases
 * LDAP: Fix incorrect search timeouts
 * NSS: Add individual timeouts for entry types
 * Build all experimental features during 'make distcheck'
 * Set version to 1.7.91 for 1.8.0beta1
 * Updating translatable strings for string freeze

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Freeipa-interest mailing list
Freeipa-interest@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-interest

Reply via email to