[SSSD-users] Announcing SSSD 2.3.0

Pavel Březina Tue, 19 May 2020 04:11:13 -0700

# SSSD 2.3.0

The SSSD team is proud to announce the release of version 2.3.0 of the
System Security Services Daemon. The tarball can be downloaded from:
    https://github.com/SSSD/sssd/releases/tag/sssd-2_3_0


See the full release notes at:
    https://sssd.github.io/docs/users/relnotes/notes_2_3_0

RPM packages will be made available for Fedora shortly.

## Feedback

Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
    https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
    https://lists.fedorahosted.org/mailman/listinfo/sssd-users

## Highlights

### New features

- SSSD can now handle `hosts` and `networks` nsswitch databases (see`resolve_provider` option)- By default, authentication request only refresh user's initgroups ifit is expired or there is not active user's session (see`pam_initgroups_scheme` option)

- OpenSSL is used as default crypto provider, NSS is deprecated

- Active Directory provider now defaults to GSS-SPNEGO SASL mechanism(see `ldap_sasl_mech` option)- Active Directory provider can now be configured to use only `ldaps`port (see `ad_use_ldaps` option)

- SSSD now accepts host entries from GPO's security filter
- Format of debug messages has changed to be shorter and better sortable

- New debug level (`0x10000`) was added for low level ldb messages only(see `sssd.conf` man page)


### Packaging changes

- New configure option `--enable-gss-spnego-for-zero-maxssf`

### Documentation Changes

- Default value of `ldap_sasl_mech` has changed to `GSS-SPNEGO` for ADprovider

- Return code of `pam_sss.so` are documented in `pam_sss` manpage
- Added option `ad_update_samba_machine_account_password`
- Added option `ad_use_ldaps`
- Added option `ldap_iphost_object_class`
- Added option `ldap_iphost_name`
- Added option `ldap_iphost_number`
- Added option `ldap_ipnetwork_object_class`
- Added option `ldap_ipnetwork_name`
- Added option `ldap_ipnetwork_number`
- Added option `ldap_iphost_search_base`
- Added option `ldap_ipnetwork_search_base`
- Added option `ldap_connection_expire_offset`
- Added option `ldap_sasl_maxssf`
- Added option `pam_initgroups_scheme`
- Added option `entry_cache_resolver_timeout`
- Added option `entry_cache_computer_timeout`
- Added option `resolver_provider`
- Added option `proxy_resolver_lib_name`
- Minor text improvements
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org

[SSSD-users] Announcing SSSD 2.3.0

Reply via email to