이 콘텐츠는 선택한 언어로 제공되지 않습니다.

7.202. sssd


Updated sssd packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The System Security Services Daemon (SSSD) provides a set of daemons to manage access to remote directories and authentication mechanisms.

Note

The sssd packages have been upgraded to upstream version 1.12.4, which provides a number of bug fixes and enhancements over the previous version. (BZ#1168347)

Bug Fixes

BZ#1168363
The "domains=" option for the pam_sss module
BZ#1088402
The UPN (User Principal Name) attribute to identify users and user logins
BZ#1036745
Password expiration warnings for non-password authentication
BZ#1168344
The ID views feature
BZ#1168377
Transferring the user shell attribute from an Active Directory (AD) server to an Identity Management (IdM) client
BZ#1098147
Updating cached entries out-of-band in the background
BZ#1161564
The ad_site option can be used to override the AD site discovered from DNS
BZ#1168357
A new Kerberos plug-in maps Kerberos principals to local SSSD user names
BZ#1168378
Groups for AD trusted users are displayed without logging in
BZ#1171782
The case_sensitive option accepts the "preserve" value.
BZ#1173198
The ldap_access_order option accepts the "ppolicy" value.
BZ#1187642
SSSD can use GPOs on an AD server
BZ#1123291
Applications leveraging identities from SSSD could terminate unexpectedly while invalidating the memory cache using the sss_cache utility. This bug has been fixed, and using sss_cache is safe.
BZ#1134942
SSSD properly recognizes Windows 2012R2 as an AD server and applies the correct AD-specific performance optimizations.
BZ#1139878
SSSD failed to connect to servers that only allowed authenticated connections to read the rootDSE entry, such as IBM Tivoli LDAP servers. SSSD now retries an authenticated connection after a non-authenticated connection fails while reading rootDSE. As a result, SSSD works as expected with these servers.
BZ#1170910
When the simple_allow_groups and simple_allow_users options contained non-existent and existing entries, SSSD denied access to the existing users or groups. Now, SSSD logs and skips the non-existent entries and correctly handles the existing ones.
BZ#1173738, BZ#1194367
This update fixes bugs that caused SSSD to terminate unexpectedly due to memory errors or when trying to access callback data.
BZ#1135838, BZ#1172865
The sssd-ldap(5) and sssd.conf(5) man pages have been modified.
BZ#1201847
SSSD downloaded an unnecessary amount of data when obtaining information about groups from an AD provider when using POSIX attributes on the server. With this update, SSSD downloads only the information about the group object, not the contents of the group.
BZ#1205382
SSSD did not properly handle the "objectGUID" AD LDAP attribute. Now, SSSD considers "objectGUID" a binary value as expected, and the attribute is stored correctly.
BZ#1215765
If a multi-process program requested the initgroups data immediately after SSSD startup, before the SSSD cache was ready, the NSS responder could incorrectly return an empty group list. With this update, the initgroups requests from a multi-process program with an empty cache work correctly, and the described problem no longer occurs.
BZ#1221358
Setups with "subdomains_provider=none" set for AD domains did not sometimes work as expected. Now, the ldap_idmap_default_domain_sid option value is used for the SSSD main domain, thus fixing the bug. Note that ldap_idmap_default_domain_sid must be set for SSSD to function correctly in this situation.

Enhancement

BZ#1171378
SRV queries now honor the time to live (TTL) values from DNS.
Users of sssd are advised to upgrade to these updated packages, which fix these bugs and add these enhancements.
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.