# SSSD 2.4.1
The SSSD team is proud to announce the release of version 2.4.1 of the System Security Services Daemon. The tarball can be downloaded from: https://github.com/SSSD/sssd/releases/tag/2.4.1
See the full release notes at: https://sssd.io/docs/users/relnotes/notes_2_4_1
RPM packages will be made available for Fedora shortly.
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
## Highlights
### General information
* `SYSLOG_IDENTIFIER` was renamed to `SSSD_PRG_NAME` in journald output, to avoid issues with PID parsing in rsyslog (BSD-style forwarder) output.
### New features
* New PAM module `pam_sss_gss` for authentication using GSSAPI * `case_sensitive=Preserving` can now be set for trusted domains with AD provider * `case_sensitive=Preserving` can now be set for trusted domains with IPA provider. However, the option needs to be set to `Preserving` on both client and the server for it to take effect. * `case_sensitive` option can be now inherited by subdomains * `case_sensitive` can be now set separately for each subdomain in `[domain/parent/subdomain]` section * `krb5_use_subdomain_realm=True` can now be used when sub-domain user principal names have upnSuffixes which are not known in the parent domain. SSSD will try to send the Kerberos request directly to a KDC of the sub-domain.
### Important fixes
* krb5_child uses proper umask for DIR type ccaches * Memory leak in the simple access provider * KCM performance has improved dramatically for cases where large amount of credentials are stored in the ccache.
### Packaging changes
* Added `pam_sss_gss.so` PAM module and `pam_sss_gss.8` manual page
### Configuration changes
* New default value of `debug_level` is 0x0070 * Added `pam_gssapi_check_upn` to enforce authentication only with principal that can be associated with target user. * Added `pam_gssapi_services` to list PAM services that can authenticate using GSSAPI
sssd-users@lists.fedorahosted.org