Hi,
I prepared the 1.13.1 release notes: https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
For convenience, the text is copied below. Please reply with suggested changes, or just edit the wiki page.
== Highlights == * Support for Smart Card authentication was added * The PAM prompting was enhanced so that when Two-Factor Authentication is used, both factors (password and token) can be entered separately on separate prompts. At the same time, only the long-term password is cached, so offline access would still work using the long term password. * A new command line tool `sss_override` is present in this release. The tools allows to override attributes on the SSSD side. It's helpful in environment where e.g. some hosts need to have a different view of POSIX attributes than others. Please note that the overrides are stored in the cache as well, so removing the cache will also remove the overrides. * New methods were added to the SSSD D-Bus interface. Notably support for looking up a user by certificate and looking up multiple users using a wildcard was added. Please see the interface introspection or the design pages for full details. * Several enhancements to the dynamic DNS update code. Notably, clients that update multiple interfaces work better with this release * This release supports authenticating againt a KDC proxy * The fail over code was enhanced so that if a trusted domain is not reachable, only that domain will be marked as inactive but the backed would stay in online mode * Several fixes to the GPO access control code are present.
== Packaging Changes == * The Smart Card authentication feature requires a helper process `p11_child` that needs to be marked as setgid if SSSD needs to be able to. Please note the `p11_child` requires the NSS crypto library at the moment. * The `sss_override` tool was added along with its own manpage * The upstream RPM can now build on RHEL/CentOS 6.7
== Documentation Changes == * It is now possible to specify a comma-separated list of interfaces in the `dyndns_iface` option * The !InfoPipe responder and the LDAP provider gained a new option `wildcard_lookup` that specifies an upper limit on the number of entries that can be returned with a wildcard lookup * A new option `dyndns_server` was added. This option allows to attempt a fallback DNS update against a specific DNS server. Please note this option only works as a fallback, the first attempt will always be performed against autodiscovered servers. * The PAM responder gained a new option `ca_db` that allows the storage of trusted CA certificates to be specified * The time the `p11_child` is allowed to operate can be specified using a new option `p11_child_timeout`.
sssd-devel@lists.fedorahosted.org