# SSSD 2.3.0
The SSSD team is proud to announce the release of version 2.3.0 of the
System Security Services Daemon. The tarball can be downloaded from:
https://github.com/SSSD/sssd/releases/tag/sssd-2_3_0
See the full release notes at:
https://sssd.github.io/docs/users/relnotes/notes_2_3_0
RPM packages will be made available for Fedora shortly.
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
## Highlights
### New features
- SSSD can now handle `hosts` and `networks` nsswitch databases (see
`resolve_provider` option)
- By default, authentication request only refresh user's initgroups if
it is expired or there is not active user's session (see
`pam_initgroups_scheme` option)
- OpenSSL is used as default crypto provider, NSS is deprecated
- Active Directory provider now defaults to GSS-SPNEGO SASL mechanism
(see `ldap_sasl_mech` option)
- Active Directory provider can now be configured to use only `ldaps`
port (see `ad_use_ldaps` option)
- SSSD now accepts host entries from GPO's security filter
- Format of debug messages has changed to be shorter and better sortable
- New debug level (`0x10000`) was added for low level ldb messages only
(see `sssd.conf` man page)
### Packaging changes
- New configure option `--enable-gss-spnego-for-zero-maxssf`
### Documentation Changes
- Default value of `ldap_sasl_mech` has changed to `GSS-SPNEGO` for AD
provider
- Return code of `pam_sss.so` are documented in `pam_sss` manpage
- Added option `ad_update_samba_machine_account_password`
- Added option `ad_use_ldaps`
- Added option `ldap_iphost_object_class`
- Added option `ldap_iphost_name`
- Added option `ldap_iphost_number`
- Added option `ldap_ipnetwork_object_class`
- Added option `ldap_ipnetwork_name`
- Added option `ldap_ipnetwork_number`
- Added option `ldap_iphost_search_base`
- Added option `ldap_ipnetwork_search_base`
- Added option `ldap_connection_expire_offset`
- Added option `ldap_sasl_maxssf`
- Added option `pam_initgroups_scheme`
- Added option `entry_cache_resolver_timeout`
- Added option `entry_cache_computer_timeout`
- Added option `resolver_provider`
- Added option `proxy_resolver_lib_name`
- Minor text improvements
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org