# SSSD 2.4.1
The SSSD team is proud to announce the release of version 2.4.1 of the
System Security Services Daemon. The tarball can be downloaded from:
https://github.com/SSSD/sssd/releases/tag/2.4.1
See the full release notes at:
https://sssd.io/docs/users/relnotes/notes_2_4_1
RPM packages will be made available for Fedora shortly.
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
## Highlights
### General information
* `SYSLOG_IDENTIFIER` was renamed to `SSSD_PRG_NAME` in journald output,
to avoid issues with PID parsing in rsyslog (BSD-style forwarder) output.
### New features
* New PAM module `pam_sss_gss` for authentication using GSSAPI
* `case_sensitive=Preserving` can now be set for trusted domains with AD
provider
* `case_sensitive=Preserving` can now be set for trusted domains with
IPA provider. However, the option needs to be set to `Preserving` on
both client and the server for it to take effect.
* `case_sensitive` option can be now inherited by subdomains
* `case_sensitive` can be now set separately for each subdomain in
`[domain/parent/subdomain]` section
* `krb5_use_subdomain_realm=True` can now be used when sub-domain user
principal names have upnSuffixes which are not known in the parent
domain. SSSD will try to send the Kerberos request directly to a KDC of
the sub-domain.
### Important fixes
* krb5_child uses proper umask for DIR type ccaches
* Memory leak in the simple access provider
* KCM performance has improved dramatically for cases where large amount
of credentials are stored in the ccache.
### Packaging changes
* Added `pam_sss_gss.so` PAM module and `pam_sss_gss.8` manual page
### Configuration changes
* New default value of `debug_level` is 0x0070
* Added `pam_gssapi_check_upn` to enforce authentication only with
principal that can be associated with target user.
* Added `pam_gssapi_services` to list PAM services that can authenticate
using GSSAPI