URL: https://github.com/SSSD/sssd/pull/5248
Author: justin-stephenson
Title: #5248: Enable exclude functionality in sssd session recording configuration
Action: opened
PR body:
"""
This is a fix for https://github.com/SSSD/sssd/issues/5089
This PR adds support for two new options in the sssd session recording configuration, to be applied only when `scope=all` is set:
* **exclude_users**
* **exclude_groups**
I separated out each commit logically, to hopefully make the review easier but I am happy to squash any commits together as needed. I updated the relevant codepaths based on my review of https://github.com/SSSD/sssd/pull/136 so please let me know if I missed anything.
With this PR, responders will read the sessionRecording attribute when `scope=all` or `scope-some` to determine if recording should be enabled.
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5248/head:pr5248
git checkout pr5248
URL: https://github.com/SSSD/sssd/pull/837
Author: sumit-bose
Title: #837: p11_child: make OCSP digest configurable
Action: opened
PR body:
"""
Currently sha1 is used to create the certid for an OCSP request. Since sha1
is not recommend for new applications anymore and not FIPS compliant this
patch changes the default to sha256 and makes the digest function
configurable as well.
Related to https://pagure.io/SSSD/sssd/issue/4032
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/837/head:pr837
git checkout pr837
URL: https://github.com/SSSD/sssd/pull/578
Author: amitkumar50
Title: #578: proxy: proxy_child hardening
Action: opened
PR body:
"""
proxy_child will call chdir("/"), umask(022)
and reset the environment with clearenv().
The --domain argument to be sanitized.
Resolves: https://pagure.io/SSSD/sssd/issue/2689
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/578/head:pr578
git checkout pr578
# SSSD 2.3.1
The SSSD team is proud to announce the release of version 2.3.1 of the
System Security Services Daemon. The tarball can be downloaded from:
https://github.com/SSSD/sssd/releases/tag/sssd-2_3_1
See the full release notes at:
https://sssd.io/docs/users/relnotes/notes_2_3_1
RPM packages will be made available for Fedora shortly.
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-develhttps://lists.fedorahosted.org/mailman/listinfo/sssd-users
## Highlights
### New features
- Domains can be now explicitly enabled or disabled using `enable` option in
domain section. This can be especially used in configuration snippets.
- New configuration options `memcache_size_passwd`, `memcache_size_group`,
`memcache_size_initgroups` that can be used to control memory cache size.
### Notable bug fixes
- Fixed several regressions in GPO processing introduced in sssd-2.3.0
- Fixed regression in PAM responder: failures in cache only lookups are
no longer considered fatal
- Fixed regression in proxy provider: `pwfield=x` is now default value
only for `sssd-shadowutils` target
### Packaging changes
- `libwbclient` is now deprecated and is not being built by default (use
`--with-libwibclient` to build it)
### Documentation Changes
- Added option `memcache_size_passwd`
- Added option `memcache_size_group`
- Added option `memcache_size_initgroups`
- Added option `enable` in domain sections
- Minor text improvements