Skip to content

sssd-2.9.2

Compare
Choose a tag to compare
@pbrezina pbrezina released this 07 Sep 11:28
· 831 commits to master since this release
2.9.2

SSSD 2.9.2 Release Notes

Highlights

SSSD 2.9 branch is now in long-term maintenance (LTM) phase.

General information

  • libkrb5-1.21 can now be used to build PAC plugin.
  • sssctl cert-show and cert-show cert-eval-rule can now be run as non-root user.

Important fixes

  • SSSD does no longer crash if PIN is introduced but the tactile trigger isn't pressed during passkey authentication.
  • SSSD can now recover if memory-cache files under /var/lib/sss/mc where truncated while SSSD is running.
  • Chaining of identical D-Bus requests that run in parallel to avoid multiple backend queries works again.

Configuration changes

  • New option local_auth_policy is added to control which offline authentication methods will be enabled by SSSD. This option is relevant for authentication methods which have online, and offline capability such as passkey, and smartcard authentication. The default value match sets the offline methods to their corresponding online value. This enables offline authentication when online kerberos pre-authentication such as PKINIT, or passkey is supported by the backend, note that online methods will still be attempted first. Option value only can be used to disable online authentication entirely, or the value enable:method to explicitly enable specific authentication methods, e.g. enable:passkey.

See full release notes here.