# SSSD 2.9.0
The SSSD team is announcing the release of version 2.9.0 of the System Security Services Daemon. The tarball can be downloaded from: https://github.com/SSSD/sssd/releases/tag/2.9.0
See the full release notes at: https://sssd.io/release-notes/sssd-2.9.0.html
RPM packages will be made available for Fedora shortly.
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
## Highlights
### General information
* `sss_simpleifp` library is deprecated and might be removed in further releases. Those who are interested to keep using it awhile should configure its build explicitly using `--with-libsifp` `./configure` option. * "Files provider" (i.e. `id_provider = files`) is deprecated and might be removed in further releases. Those who are interested to keep using it awhile should configure its build explicitly using `--with-files-provider` `./configure` option. Or consider using "Proxy provider" with `proxy_lib_name = files` instead. * Previously deprecated `--enable-files-domain` configure option, which was used to manage default value of the `enable_files_domain` config option, is now removed. * Long time unused '--enable-all-experimental-features' configure option was removed. * SSSD will no longer warn about changed defaults when using `ldap_schema = rfc2307` and default autofs mapping. This warning was introduced in 1.14 to loudly warn about different default values.
### New features
* New passkey functionality, which will allow the use of FIDO2 compliant devices to authenticate a centrally managed user locally. Moreover, in the case of a FreeIPA user, it can also issue a Kerberos ticket automatically with upcoming FreeIPA version 4.11. * Add support for ldapi:// URLs to allow connections to local LDAP servers * NSS IDMAP has two new methods: `getsidbyusername` and `getsidbygroupname`
Note: support for passkey is in its initial phase and the authentication policy will be adjusted in future versions.
#### Packaging changes for passkey
* Include passkey subpackage and dependency for libfido2.
#### Configuration changes for passkey
* New options to enable and tune passkey behavior: `pam_passkey_auth`, `ldap_user_passkey`, `passkey_verification`, `passkey_child_timeout`, `interactive`, `interactive_prompt`, `touch` and `touch_prompt`. * `--with-passkey` is a new configuration option to enable building passkey authentication.
### Important fixes
* A regression when running sss_cache when no SSSD domain is enabled would produce a syslog critical message was fixed.
### Configuration changes
* Default value of `cache_first` option was changed to `true` in case SSSD is built without `files provider`. * ipa_access_order parameter introduced. It behaves much like ldap_access_order but affects IPA domains (id_provider = ipa) and accepts limited values. Please see sssd-ipa(5) for more information.
sssd-users@lists.fedorahosted.org