Hi,
I prepared the release notes for the upcoming 1.15.1 release. You can view them in your browser: https://docs.pagure.org/jhrozek-doctest/users/releases/notes_1_15_1.html
Or read the inline RST text. Comments welcome!
SSSD 1.15.1 ===========
Highlights ---------- * Several issues related to starting the SSSD services on-demand by the systemd service manager were fixed. In particular, it is no longer possible to have a service started both by sssd and by systemd. Another bug which might have caused the responder to start before SSSD started and cause issues especially on system startup was fixed. * A new ``files`` provider was added. This provider mirrors the contents of ``/etc/passwd`` and ``/etc/shadow`` into the SSSD database. The purpose of this new provider is to make it possible to use SSSD's interfaces, such as the D-Bus interface for local users and enable leveraging the in-memory fast cache for local users as well, as a replacement for `nscd`. In future, we intend to extend the D-Bus interface to also provide setting and retrieving additional custom attributes for the files users. * SSSD now autogenerates a fallback configuration that enables the files domain if no SSSD configuration exists. This allows distributions to enable the ``sssd`` service when the SSSD package is installed. Please note that SSSD must be build with the configuration option ``--enable-files-domain`` for this functionality to be enabled. * Support for public-key authentication with Kerberos (PKINIT) was added. This support will enable users who authenticate with a Smart Card to obtain a Kerberos ticket during authentication.
Packaging Changes ----------------- * The new files provider comes as a new shared library ``libsss_files.so`` and a new manual page * A new helper binary called ``sssd_check_socket_activated_responders`` was added. This binary is used in the ``ExecStartPre`` directive to check if the service that corresponds to socket about to be started was also started explicitly and abort the socket startup if it was.
Documentation Changes --------------------- * A new PAM module option ``prompt_always`` was added. This option is related to fixing `https://pagure.io/SSSD/sssd/issue/2984`_ which changed the behaviour of the PAM module so that ``pam_sss`` always uses an auth token that was on stack. The new ``prompt_always`` option makes it possible to restore the previous behaviour.
Tickets Fixed ------------- * `#3112 https://pagure.io/SSSD/sssd/issue/3112`_ - When sssd.conf is missing, create one with id_provider=files * `#3220 https://pagure.io/SSSD/sssd/issue/3220`_ - Improve successful Dynamic DNS update log messages * `#3227 https://pagure.io/SSSD/sssd/issue/3227`_ - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure * `#3230 https://pagure.io/SSSD/sssd/issue/3230`_ - Use the same logic for matching GC results in initgroups and user lookups * `#3260 https://pagure.io/SSSD/sssd/issue/3260`_ - handle default_domain_suffix for ssh requests with default_domain_suffix * `#3262 https://pagure.io/SSSD/sssd/issue/3262`_ - Implement a files provider to mirror the contents of /etc/passwd and /etc/groups * `#3270 https://pagure.io/SSSD/sssd/issue/3270`_ - [RFE] Add PKINIT support to SSSD Kerberos proivder * `#3298 https://pagure.io/SSSD/sssd/issue/3298`_ - Socket activation of SSSD doesn't work and leads to chaos * `#3299 https://pagure.io/SSSD/sssd/issue/3299`_ - SSSD does not start if using only the local provider and services line is empty * `#3300 https://pagure.io/SSSD/sssd/issue/3300`_ - Avoid running two instances of the same service * `#3309 https://pagure.io/SSSD/sssd/issue/3309`_ - Coverity warns about an unused value in IPA sudo code * `#3313 https://pagure.io/SSSD/sssd/issue/3313`_ - cache_req should use an negative cache entry for UPN based lookups * `#2984 https://pagure.io/SSSD/sssd/issue/2984`_ - Don't prompt for password if there is already one on the stack * `#1126 https://pagure.io/SSSD/sssd/issue/1126`_ - Reuse cache_req() in responder code
Detailed Changelog ------------------
On Fri, Mar 3, 2017 at 1:07 PM, Jakub Hrozek jhrozek@redhat.com wrote:
Hi,
I prepared the release notes for the upcoming 1.15.1 release. You can view them in your browser: https://docs.pagure.org/jhrozek-doctest/users/releases/notes_1_15_1.html
Or read the inline RST text. Comments welcome!
SSSD 1.15.1
Highlights
- Several issues related to starting the SSSD services on-demand by the systemd service manager were fixed. In particular, it is no longer possible to have a service started both by sssd and by systemd. Another bug which might have caused the responder to start before SSSD started and cause issues especially on system startup was fixed.
- A new ``files`` provider was added. This provider mirrors the contents of ``/etc/passwd`` and ``/etc/shadow`` into the SSSD database. The purpose of this new provider is to make it possible to use SSSD's interfaces, such as the D-Bus interface for local users and enable leveraging the in-memory fast cache for local users as well, as a replacement for `nscd`. In future, we intend to extend the D-Bus interface to also provide setting and retrieving additional custom attributes for the files users.
- SSSD now autogenerates a fallback configuration that enables the files domain if no SSSD configuration exists. This allows distributions to enable the ``sssd`` service when the SSSD package is installed. Please note that SSSD must be build with the configuration option ``--enable-files-domain`` for this functionality to be enabled.
- Support for public-key authentication with Kerberos (PKINIT) was added. This support will enable users who authenticate with a Smart Card to obtain a Kerberos ticket during authentication.
Packaging Changes
- The new files provider comes as a new shared library ``libsss_files.so`` and a new manual page
- A new helper binary called ``sssd_check_socket_activated_responders`` was added. This binary is used in the ``ExecStartPre`` directive to check if the service that corresponds to socket about to be started was also started explicitly and abort the socket startup if it was.
Documentation Changes
- A new PAM module option ``prompt_always`` was added. This option is related to fixing `https://pagure.io/SSSD/sssd/issue/2984`_ which changed the behaviour of the PAM module so that ``pam_sss`` always uses an auth token that was on stack. The new ``prompt_always`` option makes it possible to restore the previous behaviour.
Tickets Fixed
- `#3112 https://pagure.io/SSSD/sssd/issue/3112`_ - When sssd.conf is missing, create one with id_provider=files
- `#3220 https://pagure.io/SSSD/sssd/issue/3220`_ - Improve successful Dynamic DNS update log messages
- `#3227 https://pagure.io/SSSD/sssd/issue/3227`_ - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure
- `#3230 https://pagure.io/SSSD/sssd/issue/3230`_ - Use the same logic for matching GC results in initgroups and user lookups
- `#3260 https://pagure.io/SSSD/sssd/issue/3260`_ - handle default_domain_suffix for ssh requests with default_domain_suffix
- `#3262 https://pagure.io/SSSD/sssd/issue/3262`_ - Implement a files provider to mirror the contents of /etc/passwd and /etc/groups
- `#3270 https://pagure.io/SSSD/sssd/issue/3270`_ - [RFE] Add PKINIT support to SSSD Kerberos proivder
- `#3298 https://pagure.io/SSSD/sssd/issue/3298`_ - Socket activation of SSSD doesn't work and leads to chaos
- `#3299 https://pagure.io/SSSD/sssd/issue/3299`_ - SSSD does not start if using only the local provider and services line is empty
- `#3300 https://pagure.io/SSSD/sssd/issue/3300`_ - Avoid running two instances of the same service
- `#3309 https://pagure.io/SSSD/sssd/issue/3309`_ - Coverity warns about an unused value in IPA sudo code
- `#3313 https://pagure.io/SSSD/sssd/issue/3313`_ - cache_req should use an negative cache entry for UPN based lookups
- `#2984 https://pagure.io/SSSD/sssd/issue/2984`_ - Don't prompt for password if there is already one on the stack
- `#1126 https://pagure.io/SSSD/sssd/issue/1126`_ - Reuse cache_req() in responder code
Detailed Changelog
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-leave@lists.fedorahosted.org
Looks good to me!
On (03/03/17 14:21), Fabiano Fidêncio wrote:
On Fri, Mar 3, 2017 at 1:07 PM, Jakub Hrozek jhrozek@redhat.com wrote:
Hi,
I prepared the release notes for the upcoming 1.15.1 release. You can view them in your browser: https://docs.pagure.org/jhrozek-doctest/users/releases/notes_1_15_1.html
Or read the inline RST text. Comments welcome!
SSSD 1.15.1
Highlights
- Several issues related to starting the SSSD services on-demand by the systemd service manager were fixed. In particular, it is no longer possible to have a service started both by sssd and by systemd. Another bug which might have caused the responder to start before SSSD started and cause issues especially on system startup was fixed.
I would emphasis socket activation and not jsut systemd.
LS
On Fri, Mar 03, 2017 at 05:33:10PM +0100, Lukas Slebodnik wrote:
On (03/03/17 14:21), Fabiano Fidêncio wrote:
On Fri, Mar 3, 2017 at 1:07 PM, Jakub Hrozek jhrozek@redhat.com wrote:
Hi,
I prepared the release notes for the upcoming 1.15.1 release. You can view them in your browser: https://docs.pagure.org/jhrozek-doctest/users/releases/notes_1_15_1.html
Or read the inline RST text. Comments welcome!
SSSD 1.15.1
Highlights
- Several issues related to starting the SSSD services on-demand by the systemd service manager were fixed. In particular, it is no longer possible to have a service started both by sssd and by systemd. Another bug which might have caused the responder to start before SSSD started and cause issues especially on system startup was fixed.
I would emphasis socket activation and not jsut systemd.
What about: Several issues related to starting the SSSD services on-demand via socket activation were fixed. In particular, it is no longer possible to have a service started both by sssd and socket-activated. Another bug which might have caused the responder to start before SSSD started and cause issues especially on system startup was fixed.
On (03/03/17 17:43), Jakub Hrozek wrote:
On Fri, Mar 03, 2017 at 05:33:10PM +0100, Lukas Slebodnik wrote:
On (03/03/17 14:21), Fabiano Fidêncio wrote:
On Fri, Mar 3, 2017 at 1:07 PM, Jakub Hrozek jhrozek@redhat.com wrote:
Hi,
I prepared the release notes for the upcoming 1.15.1 release. You can view them in your browser: https://docs.pagure.org/jhrozek-doctest/users/releases/notes_1_15_1.html
Or read the inline RST text. Comments welcome!
SSSD 1.15.1
Highlights
- Several issues related to starting the SSSD services on-demand by the systemd service manager were fixed. In particular, it is no longer possible to have a service started both by sssd and by systemd. Another bug which might have caused the responder to start before SSSD started and cause issues especially on system startup was fixed.
I would emphasis socket activation and not jsut systemd.
What about: Several issues related to starting the SSSD services on-demand via socket activation were fixed. In particular, it is no longer possible to have a service started both by sssd and socket-activated. Another bug which might have caused the responder to start before SSSD started and cause issues especially on system startup was fixed.
LGTM
LS
sssd-devel@lists.fedorahosted.org
-
Fabiano Fidêncio -
Jakub Hrozek -
Lukas Slebodnik