[SSSD-users] [SSSD] Announcing SSSD 2.9.2

Thu, 07 Sep 2023 04:29:50 -0700 

# SSSD 2.9.2

The SSSD team is announcing the release of version 2.9.2 of the
System Security Services Daemon. The tarball can be downloaded from:
     https://github.com/SSSD/sssd/releases/tag/2.9.2

See the full release notes at:
     https://sssd.io/release-notes/sssd-2.9.2.html

RPM packages will be made available for Fedora shortly.

## Feedback

Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
     https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
     https://lists.fedorahosted.org/mailman/listinfo/sssd-users

## Highlights

SSSD 2.9 branch is now in long-term maintenance (LTM) phase.

### General information

* `libkrb5-1.21` can now be used to build PAC plugin.
* `sssctl cert-show` and `cert-show cert-eval-rule` can now be run as non-root user. 

### Important fixes
* SSSD does no longer crash if PIN is introduced but the tactile trigger isn't pressed during passkey authentication. * SSSD can now recover if memory-cache files under `/var/lib/sss/mc` where truncated while SSSD is running. * Chaining of identical D-Bus requests that run in parallel to avoid multiple backend queries works again. 

### Configuration changes
* New option `local_auth_policy` is added to control which offline authentication methods will be enabled by SSSD. This option is relevant for authentication methods which have online, and offline capability such as passkey, and smartcard authentication. The default value `match` sets the offline methods to their corresponding online value. This enables offline authentication when online kerberos pre-authentication such as PKINIT, or passkey is supported by the backend, note that online methods will still be attempted first. Option value `only` can be used to disable online authentication entirely, or the value `enable:method` to explicitly enable specific authentication methods, e.g. `enable:passkey`. 
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to