sssd-2.9.2
SSSD 2.9.2 Release Notes
Highlights
SSSD 2.9 branch is now in long-term maintenance (LTM) phase.
General information
libkrb5-1.21
can now be used to build PAC plugin.sssctl cert-show
andcert-show cert-eval-rule
can now be run as non-root user.
Important fixes
- SSSD does no longer crash if PIN is introduced but the tactile trigger isn't pressed during passkey authentication.
- SSSD can now recover if memory-cache files under
/var/lib/sss/mc
where truncated while SSSD is running. - Chaining of identical D-Bus requests that run in parallel to avoid multiple backend queries works again.
Configuration changes
- New option
local_auth_policy
is added to control which offline authentication methods will be enabled by SSSD. This option is relevant for authentication methods which have online, and offline capability such as passkey, and smartcard authentication. The default valuematch
sets the offline methods to their corresponding online value. This enables offline authentication when online kerberos pre-authentication such as PKINIT, or passkey is supported by the backend, note that online methods will still be attempted first. Option valueonly
can be used to disable online authentication entirely, or the valueenable:method
to explicitly enable specific authentication methods, e.g.enable:passkey
.