SSSD 1.15.1
Highlights
- Several issues related to starting the SSSD services on-demand via socket activation were fixed. In particular, it is no longer possible to have a service started both by sssd and socket-activated. Another bug which might have caused the responder to start before SSSD started and cause issues especially on system startup was fixed.
- A new
files
provider was added. This provider mirrors the contents of /etc/passwd
and /etc/group
into the SSSD database. The purpose of this new provider is to make it possible to use SSSD's interfaces, such as the D-Bus interface for local users and enable leveraging the in-memory fast cache for local users as well, as a replacement for nscd
. In future, we intend to extend the D-Bus interface to also provide setting and retrieving additional custom attributes for the files users.
- SSSD now autogenerates a fallback configuration that enables the files domain if no SSSD configuration exists. This allows distributions to enable the
sssd
service when the SSSD package is installed. Please note that SSSD must be build with the configuration option --enable-files-domain
for this functionality to be enabled.
- Support for public-key authentication with Kerberos (PKINIT) was added. This support will enable users who authenticate with a Smart Card to obtain a Kerberos ticket during authentication.
Packaging Changes
- The new files provider comes as a new shared library
libsss_files.so
and a new manual page
- A new helper binary called
sssd_check_socket_activated_responders
was added. This binary is used in the ExecStartPre
directive to check if the service that corresponds to socket about to be started was also started explicitly and abort the socket startup if it was.
Documentation Changes
- A new PAM module option
prompt_always
was added. This option is related to fixing <https://github.com/SSSD/sssd/issues/4025which changed the behaviour of the PAM module so that pam_sss
always uses an auth token that was on stack. The new prompt_always
option makes it possible to restore the previous behaviour.
See full release notes here.