Commit Graph

78 Commits

Author SHA1 Message Date
Stephen Gallagher
8c71823719 New upstream release 1.8.1
- Resolve issue where we could enter an infinite loop trying to connect to an
  auth server
- Fix serious issue with complex (3+ levels) nested groups
- Fix netgroup support for case-insensitivity and aliases
- Fix serious issue with lookup bundling resulting in requests never
  completing
- IPA provider will now check the value of nsAccountLock during pam_acct_mgmt
  in addition to pam_authenticate
- Fix several regressions in the proxy provider
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
                          against AD
- Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work
2012-03-12 19:25:42 -04:00
Stephen Gallagher
41359781c6 New upstream release 1.8.0
- Support for the service map in NSS
- Support for setting default SELinux user context from FreeIPA
- Support for retrieving SSH user and host keys from LDAP (Experimental)
- Support for caching autofs LDAP requests (Experimental)
- Support for caching SUDO rules (Experimental)
- Include the IPA AutoFS provider
- Fixed several memory-corruption bugs
- Fixed a regression in group enumeration since 1.7.0
- Fixed a regression in the proxy provider
- Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD
- Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is
                          logged at each login
- Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process
                          /usr/sbin/sssd was killed by signal 11 (SIGSEGV)
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
                          against AD
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
                          new LDAP features
- Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc
2012-02-28 15:23:22 -05:00
Stephen Gallagher
e16d49fc65 New upstream release 1.8.0 beta 3
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3
- Fixed a regression in group enumeration since 1.7.0
- Fixed several memory-corruption bugs
- Finalized the ABI for the autofs support
- Fixed a regression in the proxy provider
2012-02-15 16:11:31 -05:00
Stephen Gallagher
01ac0e1a3e New upstream release
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2
- Fix two minor manpage bugs
- Include the IPA AutoFS provider
2012-02-07 09:57:04 -05:00
Stephen Gallagher
881479933b New upstream release
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1
- Support for the service map in NSS
- Support for setting default SELinux user context from FreeIPA
- Support for retrieving SSH user and host keys from LDAP (Experimental)
- Support for caching autofs LDAP requests (Experimental)
- Support for caching SUDO rules (Experimental)
2012-02-06 20:08:04 -05:00
Stephen Gallagher
a885ab8a9d New upstream release 1.7.0
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0
Support for case-insensitive domains
Support for multiple search bases in the LDAP provider
Support for the native FreeIPA netgroup implementation
Reliability improvements to the process monitor
New DEBUG facility with more consistent log levels
New tool to change debug log levels without restarting SSSD
SSSD will now disconnect from LDAP server when idle
FreeIPA HBAC rules can choose to ignore srchost options for significant
performance gains
Assorted performance improvements in the LDAP provider
2011-12-22 15:20:15 -05:00
Stephen Gallagher
f73d44d40a New upstream release 1.6.4
Rolls up previous patches applied to the 1.6.3 tarball
Fixes a rare issue causing crashes in the failover logic
Fixes an issue where SSSD would return the wrong PAM error code for users
that it does not recognize.
2011-12-19 16:13:43 -05:00
Stephen Gallagher
46a6ee6147 New upstream release 1.6.3
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3
Fixes a major cache performance issue introduced in 1.6.2
Fixes a potential infinite-loop with certain LDAP layouts
2011-11-04 12:29:04 -04:00
Stephen Gallagher
75138e2284 Improved handling of users and groups with multi-valued name attributes
(aliases)
Performance enhancements
Initgroups on RFC2307bis/FreeIPA
HBAC rule processing
Improved process-hang detection and restarting
Enabled the midpoint cache refresh by default (fewer cache misses on
commonly-used entries)
Cleaned up the example configuration
New tool to change debug level on the fly
2011-10-18 17:24:31 -04:00
Stephen Gallagher
a6910c0007 New upstream release 1.6.1
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1
Fixes a serious issue with LDAP connections when the communication is
dropped (e.g. VPN disconnection, waking from sleep)
SSSD is now less strict when dealing with users/groups with multiple names
when a definitive primary name cannot be determined
The LDAP provider will no longer attempt to canonicalize by default when
using SASL. An option to re-enable this has been provided.
Fixes for non-standard LDAP attribute names (e.g. those used by Active
Directory)
Three HBAC regressions have been fixed.
Fix for an infinite loop in the deref code
2011-08-29 15:45:02 -04:00
Stephen Gallagher
679b5f7a1b New upstream release 1.6.0
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0
Add host access control support for LDAP (similar to pam_host_attr)
Finer-grained control on principals used with Kerberos (such as for FAST or
validation)
Added a new tool sss_cache to allow selective expiring of cached entries
Added support for LDAP DEREF and ASQ controls
Added access control features for Novell Directory Server
FreeIPA dynamic DNS update now checks first to see if an update is needed
Complete rewrite of the HBAC library
New libraries: libipa_hbac and libipa_hbac-python
2011-08-03 08:08:26 -04:00
Stephen Gallagher
ce222bafe5 New upstream release 1.5.11
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11
Fix a serious regression that prevented SSSD from working with ldaps:// URIs
IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6
address being saved to the AAAA record
2011-07-05 15:03:55 -04:00
Stephen Gallagher
807b79d3dd New upstream release 1.5.10
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10
Fixed a regression introduced in 1.5.9 that could result in blocking calls
to LDAP
2011-07-01 08:31:11 -04:00
Stephen Gallagher
4ef0c7f5e6 New upstream release 1.5.9
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9
Support for overriding home directory, shell and primary GID locally
Properly honor TTL values from SRV record lookups
Support non-POSIX groups in nested group chains (for RFC2307bis LDAP
servers)
Properly escape IPv6 addresses in the failover code
Do not crash if inotify fails (e.g. resource exhaustion)
Don't add multiple TGT renewal callbacks (too many log messages)
2011-06-30 14:57:29 -04:00
Stephen Gallagher
91fde1e873 New upstream release 1.5.8
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8
Support for the LDAP paging control
Support for multiple DNS servers for name resolution
Fixes for several group membership bugs
Fixes for rare crash bugs
2011-05-27 16:41:02 -04:00
Stephen Gallagher
e4bdfb2159 Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites
cached password with predicatable filename
2011-04-29 14:36:34 -04:00
Stephen Gallagher
eedc5ecda8 Re-add manpage translations 2011-04-20 16:27:19 -04:00
Stephen Gallagher
8ada5dc2d5 New upstream release 1.5.6
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
Fixed a serious memory leak in the memberOf plugin
Fixed a regression with the negative cache that caused it to be essentially
nonfunctional
Fixed an issue where the user's full name would sometimes be removed from
the cache
Fixed an issue with password changes in the kerberos provider not working
with kpasswd
2011-04-20 15:26:05 -04:00
Stephen Gallagher
c8fb340975 New upstream release 1.5.5
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5
Fixes for several crash bugs
LDAP group lookups will no longer abort if there is a zero-length member
attribute
Add automatic fallback to 'cn' if the 'gecos' attribute does not exist
2011-04-12 11:14:23 -04:00
Stephen Gallagher
3eed4c3557 Update to SSSD 1.5.4
Improve the way we detect the LDB plugin location

New upstream release 1.5.4
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4
Fixes for Active Directory when not all users and groups have POSIX attributes
Fixes for handling users and groups that have name aliases (aliases are ignored)
Fix group memberships after initgroups in the IPA provider
2011-03-24 15:29:47 -04:00
Stephen Gallagher
53637a07d3 New upstream release 1.5.3
Support for libldb >= 1.0.0
2011-03-11 13:50:59 -05:00
Stephen Gallagher
1dadc663de Update sources file for sssd-1.5.2 2011-03-10 16:38:54 -05:00
Stephen Gallagher
f151b0669b - New upstream release 1.5.1
- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
- Vast performance improvements when enumerate = true
- All PAM actions will now perform a forced initgroups lookup instead of just
- a user information lookup
-   This guarantees that all group information is available to other
-   providers, such as the simple provider.
- For backwards-compatibility, DNS lookups will also fall back to trying the
- SSSD domain name as a DNS discovery domain.
- Support for more password expiration policies in LDAP
-    389 Directory Server
-    FreeIPA
-    ActiveDirectory
- Support for ldap_tls_{cert,key,cipher_suite} config options
-Assorted bugfixes
2011-01-27 13:50:21 -05:00
Stephen Gallagher
5225c3262b - New upstream release 1.5.0
- Fixed issues with LDAP search filters that needed to be escaped
- Add Kerberos FAST support on platforms that support it
- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
- Added a Kerberos access provider to honor .k5login
- Addressed several thread-safety issues in the sss_client code
- Improved support for delayed online Kerberos auth
- Significantly reduced time between connecting to the network/VPN and
- acquiring a TGT
- Added feature for automatic Kerberos ticket renewal
- Provides the kerberos ticket for long-lived processes or cron jobs
- even when the user logs out
- Added several new features to the LDAP access provider
- Support for 'shadow' access control
- Support for authorizedService access control
- Ability to mix-and-match LDAP access control features
- Added an option for a separate password-change LDAP server for those
- platforms where LDAP referrals are not supported
- Added support for manpage translations
2010-12-22 14:08:33 -05:00
Stephen Gallagher
9d5bcde0eb - New upstream release 1.4.1
- Add support for netgroups to the proxy provider
- Fixes a minor bug with UIDs/GIDs >= 2^31
- Fixes a segfault in the kerberos provider
- Fixes a segfault in the NSS responder if a data provider crashes
- Correctly use sdap_netgroup_search_base
2010-11-01 09:02:47 -04:00
Stephen Gallagher
e439c0b36c Uploading SSSD 1.4.0 tarball 2010-10-18 14:50:39 -04:00
Stephen Gallagher
8c665d0af5 Resolves: CVE-2010-2940 2010-08-24 12:10:04 -04:00
Fedora Release Engineering
22218bb857 dist-git conversion 2010-07-29 13:10:57 +00:00