Hi,
I prepared the 1.13.1 release notes:
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
For convenience, the text is copied below. Please reply with suggested
changes, or just edit the wiki page.
== Highlights ==
* Support for Smart Card authentication was added
* The PAM prompting was enhanced so that when Two-Factor Authentication is used, both
factors (password and token) can be entered separately on separate prompts. At the same
time, only the long-term password is cached, so offline access would still work using the
long term password.
* A new command line tool `sss_override` is present in this release. The tools allows to
override attributes on the SSSD side. It's helpful in environment where e.g. some
hosts need to have a different view of POSIX attributes than others. Please note that the
overrides are stored in the cache as well, so removing the cache will also remove the
overrides.
* New methods were added to the SSSD D-Bus interface. Notably support for looking up a
user by certificate and looking up multiple users using a wildcard was added. Please see
the interface introspection or the design pages for full details.
* Several enhancements to the dynamic DNS update code. Notably, clients that update
multiple interfaces work better with this release
* This release supports authenticating againt a KDC proxy
* The fail over code was enhanced so that if a trusted domain is not reachable, only that
domain will be marked as inactive but the backed would stay in online mode
* Several fixes to the GPO access control code are present.
== Packaging Changes ==
* The Smart Card authentication feature requires a helper process `p11_child` that needs
to be marked as setgid if SSSD needs to be able to. Please note the `p11_child` requires
the NSS crypto library at the moment.
* The `sss_override` tool was added along with its own manpage
* The upstream RPM can now build on RHEL/CentOS 6.7
== Documentation Changes ==
* It is now possible to specify a comma-separated list of interfaces in the
`dyndns_iface` option
* The !InfoPipe responder and the LDAP provider gained a new option `wildcard_lookup`
that specifies an upper limit on the number of entries that can be returned with a
wildcard lookup
* A new option `dyndns_server` was added. This option allows to attempt a fallback DNS
update against a specific DNS server. Please note this option only works as a fallback,
the first attempt will always be performed against autodiscovered servers.
* The PAM responder gained a new option `ca_db` that allows the storage of trusted CA
certificates to be specified
* The time the `p11_child` is allowed to operate can be specified using a new option
`p11_child_timeout`.