SSSD 2.6.3 Release Notes

  • A regression introduced in sssd-2.6.2 in the IPA provider that prevented users from login was fixed. Access control always denied access because the selinux_child returned an unexpected reply.

  • A critical regression that prevented authentication of users via AD and IPA providers was fixed. LDAP port was reused for Kerberos communication and this provider would send incomprehensible information to this port.

  • When authenticating AD users, backtrace was triggered even though everything was working correctly. This was caused by a search in the global catalog. Servers from the global catalog are filtered out of the list before writing the KDC info file. With this fix, SSSD does not attempt to write to the KDC info file when performing a GC lookup.

  • #5926 - AD Domain in the AD Forest Missing after sssd latest update

  • #5938 - sdap_idmap.c/sssd_idmap.c incorrectly calculates rangesize from upper/lower

  • #5939 - Regression on rawhide with ssh auth using password

  • #5947 - sssd-ad broken in 2.6.2, 389 used as kerberos port

  • #5956 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server]

$ git shortlog --pretty=format:"%h  %s" -w0,4 2.6.2..2.6.3

Alexey Tikhonov (4):
    104f513c4  IPA: get_object_from_cache(): don't touch output arg `_msg` in case object wasn't found (i.e. ENOENT returned)
    e9a25bb0b  IPA: get_object_from_cache(): - reduce log level in case object wasn't found in cache - slightly reduce code duplication
    28af1752a  Removed unused file.
    868f38742  RESPONDER: reduce log level in case files provider in inconsistent state falls back to NSS.

Anuj Borah (5):
    9ba593e9a  Tests: Fix python-alltests-tier1-2
    b6929c44d  Tests: Fix python-alltests-tier1-2 Add local users
    7e9269412  Tests: Fix yum repoquery --recommends sssd-tools test
    237b99b87  Tests: Fix setup_ipa_client fixture
    4e3385c90  Tests: RFE pass KRB5CCNAME to pam_authenticate environment if available

Dan Lavu (1):
    244c9f66d  Adding pytest multiforest tests

Dhairya Parmar (2):
    14c5da6f5  localuser changed to user on line 59
    cf5270a98  indentation of ssh.close() on line 66 corrected

Iker Pedrosa (1):
    ca8cef0fc  krb5: AD and IPA don't change Kerberos port

Jakub Vavra (2):
    d5467ad70  Tests: Update AD ssh password change test.
    4897c2874  Tests: Add a test for BZ2004406

Justin Stephenson (2):
    b76436f88  TESTS: Restrict smartcard in sc auth tests
    e03a2deaf  P11: Increase array size of extra_args

Madhuri Upadhye (1):
    a8c2e3993  Check default debug level of sssd and corresponding logs

Pavel Březina (2):
    e58b14afb  pot: update pot files
    2de075879  Release sssd-2.6.3

Shridhar Gadekar (1):
    58b3233f0  Tests: Health and Support Analyzer - Add request log parsing utility

Steeve Goveas (1):
    d3424c027  prepend 'r' raw to avoid deprecation errors

Sumit Bose (3):
    5a2e0ebe8  ipa: fix reply socket of selinux_child
    bf6059eb5  ad: add required 'cn' attribute to subdomain object
    42a3f8fe8  man: clarify ldap_idmap_range_max

Tomas Halman (1):
    2b0bd0b30  ad: do not write kdc info file for GC lookup

Weblate (2):
    e7069c532  po: update translations
    d8f558c28  po: update translations