Pavel Březina
2021-05-10 13:49:27 UTC
# SSSD 2.5.0
The SSSD team is proud to announce the release of version 2.5.0 of the
System Security Services Daemon. The tarball can be downloaded from:
https://github.com/SSSD/sssd/releases/tag/2.5.0
See the full release notes at:
https://sssd.io/release-notes/sssd-2.5.0.html
RPM packages will be made available for Fedora shortly.
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
## Highlights
### General information
* `secrets` support is deprecated and will be removed in one of the next
versions of SSSD.
* `local-provider` is deprecated and will be removed in one of the next
versions of SSSD.
* SSSD's implementation of `libwbclient` was removed as incompatible
with modern version of Samba.
* This release deprecates `pcre1` support. This support will be removed
completely in following releases.
* A home directory from a dedicated user override, either local or
centrally managed by IPA, will have a higher precedence than the
`override_homedir` option.
* `debug-to-files`, `debug-to-stderr` command line and undocumented
`debug_to_files` config options were removed.
### New features
* Added support for automatic renewal of renewable TGTs that are stored
in KCM ccache. This can be enabled by setting `tgt_renewal = true`. See
the sssd-kcm man page for more details. This feature requires MIT
Kerberos krb5-1.19-0.beta2.3 or higher.
* Backround sudo periodic tasks (smart and full refresh) periods are now
extended by a random offset to spread the load on the server in
environments with many clients. The random offset can be changed with
`ldap_sudo_random_offset`.
* Completing a sudo full refresh now postpones the smart refresh by
`ldap_sudo_smart_refresh_interval` value. This ensure that the smart
refresh is not run too soon after a successful full refresh.
* If `debug_backtrace_enabled` is set to `true` then on any error all
prior debug messages (to some limit) are printed even if `debug_level`
is set to low value (for details see `man sssd.conf`:
`debug_backtrace_enabled` description).
* Besides trusted domains known by the forest root, trusted domains
known by the local domain are used as well.
* New configuration option `offline_timeout_random_offset` to control
random factor in backend probing interval when SSSD is in offline mode.
### Important fixes
* `ad_gpo_implicit_deny` is now respected even if there are no
applicable GPOs present
* During the IPA subdomains request a failure in reading a single
specific configuration option is not considered fatal and the request
will continue
* unknown IPA id-range types are not considered as an error
* SSSD spec file `%postun` no longer tries to restart services that can
not be restarted directly to stop produce systemd warnings
### Configuration changes
* Added `tgt_renewal`, `tgt_renewal_inherit`, and `krb5_*` KCM options
to enable, and tune behavior of new KCM renewal feature.
* Added `ldap_sudo_random_offset` (default to `30`) to add a random
offset to backround sudo periodic tasks (smart and full refresh).
* Introduced new option 'debug_backtrace_enabled' to control debug
backtrace.
* Added `offline_timeout_random_offset` configuration option to control
maximum size of random offset added to offline timeout SSSD backend
probing interval.
* Long time deprecated and undocumented `debug_to_files` option was removed.
_______________________________________________
sssd-devel mailing list -- sssd-***@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-***@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-***@lists.fedorahosted.org
Do not reply to spam on the list
The SSSD team is proud to announce the release of version 2.5.0 of the
System Security Services Daemon. The tarball can be downloaded from:
https://github.com/SSSD/sssd/releases/tag/2.5.0
See the full release notes at:
https://sssd.io/release-notes/sssd-2.5.0.html
RPM packages will be made available for Fedora shortly.
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
## Highlights
### General information
* `secrets` support is deprecated and will be removed in one of the next
versions of SSSD.
* `local-provider` is deprecated and will be removed in one of the next
versions of SSSD.
* SSSD's implementation of `libwbclient` was removed as incompatible
with modern version of Samba.
* This release deprecates `pcre1` support. This support will be removed
completely in following releases.
* A home directory from a dedicated user override, either local or
centrally managed by IPA, will have a higher precedence than the
`override_homedir` option.
* `debug-to-files`, `debug-to-stderr` command line and undocumented
`debug_to_files` config options were removed.
### New features
* Added support for automatic renewal of renewable TGTs that are stored
in KCM ccache. This can be enabled by setting `tgt_renewal = true`. See
the sssd-kcm man page for more details. This feature requires MIT
Kerberos krb5-1.19-0.beta2.3 or higher.
* Backround sudo periodic tasks (smart and full refresh) periods are now
extended by a random offset to spread the load on the server in
environments with many clients. The random offset can be changed with
`ldap_sudo_random_offset`.
* Completing a sudo full refresh now postpones the smart refresh by
`ldap_sudo_smart_refresh_interval` value. This ensure that the smart
refresh is not run too soon after a successful full refresh.
* If `debug_backtrace_enabled` is set to `true` then on any error all
prior debug messages (to some limit) are printed even if `debug_level`
is set to low value (for details see `man sssd.conf`:
`debug_backtrace_enabled` description).
* Besides trusted domains known by the forest root, trusted domains
known by the local domain are used as well.
* New configuration option `offline_timeout_random_offset` to control
random factor in backend probing interval when SSSD is in offline mode.
### Important fixes
* `ad_gpo_implicit_deny` is now respected even if there are no
applicable GPOs present
* During the IPA subdomains request a failure in reading a single
specific configuration option is not considered fatal and the request
will continue
* unknown IPA id-range types are not considered as an error
* SSSD spec file `%postun` no longer tries to restart services that can
not be restarted directly to stop produce systemd warnings
### Configuration changes
* Added `tgt_renewal`, `tgt_renewal_inherit`, and `krb5_*` KCM options
to enable, and tune behavior of new KCM renewal feature.
* Added `ldap_sudo_random_offset` (default to `30`) to add a random
offset to backround sudo periodic tasks (smart and full refresh).
* Introduced new option 'debug_backtrace_enabled' to control debug
backtrace.
* Added `offline_timeout_random_offset` configuration option to control
maximum size of random offset added to offline timeout SSSD backend
probing interval.
* Long time deprecated and undocumented `debug_to_files` option was removed.
_______________________________________________
sssd-devel mailing list -- sssd-***@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-***@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-***@lists.fedorahosted.org
Do not reply to spam on the list