[ubuntu/quantal] sssd 1.9.0~beta6-0ubuntu1 (Accepted)
Timo Aaltonen
tjaalton at ubuntu.com
Wed Aug 22 15:30:21 UTC 2012
sssd (1.9.0~beta6-0ubuntu1) quantal; urgency=low
* Merge from unreleased debian git. (LP: #1012900)
sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
* New upstream prerelease 1.9.0beta6. Highlights:
- Add native support for autofs to the IPA provider
- Support for ID-mapping when connecting to Active Directory
- Support for handling very large (> 1500 users) groups in Active
Directory
- Support for sub-domains (will be used for dealing with trust
relationships)
- Add a new fast in-memory cache to speed up lookups of cached data
on repeated requests
- Add support for the Kerberos DIR cache for storing multiple TGTs
automatically
- Major performance enhancement when storing large groups in the cache
- Major performance enhancement when performing initgroups() against
Active Directory
- SSSDConfig data file default locations can now be set during
configure for easier packaging
- Add a new PAC responder for dealing with cross-realm Kerberos trusts
- Terminate idle connections to the NSS and PAM responders
- Switch from libunistring to glib2 for unicode support
- Add a new AD provider to improve integration with Active Directory
2008 R2 or later servers
- SUDO integration was completely rewritten. The new implementation
works with multiple domains and uses an improved refresh mechanism to
download only the necessary rules
- The IPA authentication provider now supports subdomains
- Fixed regression for setups that were setting default_tkt_enctypes
manually by reverting a previous workaround.
- Many fixes for the support for setting default SELinux user context
from FreeIPA, most notably fixed the specificity evaluation
- Fixed an incorrect default in the krb5_canonicalize option of the AD
provider which was preventing password change operation
- The shadowLastChange attribute value is now correctly updated with the
number of days since the Epoch, not seconds
- A new option, override_shell was added. If this option is set, all
users managed by SSSD will have their shell set to its value.
- Many fixes for the support for setting default SELinux user context
from FreeIPA. Most notably, the SELinux mappings can now link to HBAC
rules as the source of users and hosts they apply to.
- Fixed a regression introduced in beta 5 that prevented LDAP SASL binds
from working unless the value of ldap_sasl_minssf was explicitly
specified.
- The SSSD supports the concept of a Primary Server and a Back Up
Server. Certain servers in the fail over list can be marked as back up
only. If the SSSD switches to a back up server because a primary server
is not available, it would later try to re-establish a connection to the
primary server. This feature would mainly benefit users who configure
fail over servers from different data centers or geographies.
- A new command-line tool sss_seed is available. This tool is able to
prime the internal cache with a user record and a cached password to
support the scenario when a user needs to log in to the client before
the network connection to the centralized identity source is established,
such as the first log in to a new machine.
- In scenarios, where the SSSD is acting as an IPA client, it is able to
discover and save the DNS domain-Kerberos realm mappings between an IPA
server and a trusted Active Directory server.
* Update the packaging for the new version, thanks Esko Järnfors!
- Add libsss-idmap0, libsss-idmap-dev packages
- Add sssd Depends on libsss-idmap0
- Add /var/lib/sss/mc directory for the new mmap cache
* Added fix-CVE-2012-3462.diff from upstream git.
* control: Drop libunistring-dev from build-depends and add libglib2.0-dev
for unicode support.
* sssd.install, sssd-tools.install: Add sssd-ad.5*, sssd-sudo.5* to
sssd.install, and sss_seed{,.8*) to sssd-tools.
* python-sss.install: py-files got moved under SSSDConfig.
* control, rules: Use default build flags, bump dpkg-dev build-dep to
1.16.1~.
* Bump libsss-sudo soname.
* rules: Install the apparmor profile with -m644.
sssd (1.8.4-2) UNRELEASED; urgency=low
* rules: Fix the current date format, and move the date mangling to
happen before dh_install is run. (Closes: #670019)
* sssd.{preinst,postrm}: Install the apparmor profile in force-complain
mode on install, and remove the profile directory on purge (if empty). Also
migrate from previous setup which installed it as disabled.
Date: Wed, 22 Aug 2012 18:24:32 +0300
Changed-By: Timo Aaltonen <tjaalton at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/sssd/1.9.0~beta6-0ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 22 Aug 2012 18:24:32 +0300
Source: sssd
Binary: sssd sssd-tools libnss-sss libpam-sss libipa-hbac0 libipa-hbac-dev libsss-idmap0 libsss-idmap-dev libsss-sudo1 libsss-sudo-dev python-libipa-hbac python-sss
Architecture: source
Version: 1.9.0~beta6-0ubuntu1
Distribution: quantal
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel at lists.ubuntu.com>
Changed-By: Timo Aaltonen <tjaalton at ubuntu.com>
Description:
libipa-hbac-dev - FreeIPA HBAC Evaluator library
libipa-hbac0 - FreeIPA HBAC Evaluator library
libnss-sss - Nss library for the System Security Services Daemon
libpam-sss - Pam module for the System Security Services Daemon
libsss-idmap-dev - ID mapping library for SSSD -- development files
libsss-idmap0 - ID mapping library for SSSD
libsss-sudo-dev - Communicator library for sudo -- development files
libsss-sudo1 - Communicator library for sudo
python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library
python-sss - Python module for the System Security Services Daemon
sssd - System Security Services Daemon
sssd-tools - System Security Services Daemon -- tools
Closes: 670019
Launchpad-Bugs-Fixed: 1012900
Changes:
sssd (1.9.0~beta6-0ubuntu1) quantal; urgency=low
.
* Merge from unreleased debian git. (LP: #1012900)
.
sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
.
* New upstream prerelease 1.9.0beta6. Highlights:
- Add native support for autofs to the IPA provider
- Support for ID-mapping when connecting to Active Directory
- Support for handling very large (> 1500 users) groups in Active
Directory
- Support for sub-domains (will be used for dealing with trust
relationships)
- Add a new fast in-memory cache to speed up lookups of cached data
on repeated requests
- Add support for the Kerberos DIR cache for storing multiple TGTs
automatically
- Major performance enhancement when storing large groups in the cache
- Major performance enhancement when performing initgroups() against
Active Directory
- SSSDConfig data file default locations can now be set during
configure for easier packaging
- Add a new PAC responder for dealing with cross-realm Kerberos trusts
- Terminate idle connections to the NSS and PAM responders
- Switch from libunistring to glib2 for unicode support
- Add a new AD provider to improve integration with Active Directory
2008 R2 or later servers
- SUDO integration was completely rewritten. The new implementation
works with multiple domains and uses an improved refresh mechanism to
download only the necessary rules
- The IPA authentication provider now supports subdomains
- Fixed regression for setups that were setting default_tkt_enctypes
manually by reverting a previous workaround.
- Many fixes for the support for setting default SELinux user context
from FreeIPA, most notably fixed the specificity evaluation
- Fixed an incorrect default in the krb5_canonicalize option of the AD
provider which was preventing password change operation
- The shadowLastChange attribute value is now correctly updated with the
number of days since the Epoch, not seconds
- A new option, override_shell was added. If this option is set, all
users managed by SSSD will have their shell set to its value.
- Many fixes for the support for setting default SELinux user context
from FreeIPA. Most notably, the SELinux mappings can now link to HBAC
rules as the source of users and hosts they apply to.
- Fixed a regression introduced in beta 5 that prevented LDAP SASL binds
from working unless the value of ldap_sasl_minssf was explicitly
specified.
- The SSSD supports the concept of a Primary Server and a Back Up
Server. Certain servers in the fail over list can be marked as back up
only. If the SSSD switches to a back up server because a primary server
is not available, it would later try to re-establish a connection to the
primary server. This feature would mainly benefit users who configure
fail over servers from different data centers or geographies.
- A new command-line tool sss_seed is available. This tool is able to
prime the internal cache with a user record and a cached password to
support the scenario when a user needs to log in to the client before
the network connection to the centralized identity source is established,
such as the first log in to a new machine.
- In scenarios, where the SSSD is acting as an IPA client, it is able to
discover and save the DNS domain-Kerberos realm mappings between an IPA
server and a trusted Active Directory server.
* Update the packaging for the new version, thanks Esko Järnfors!
- Add libsss-idmap0, libsss-idmap-dev packages
- Add sssd Depends on libsss-idmap0
- Add /var/lib/sss/mc directory for the new mmap cache
* Added fix-CVE-2012-3462.diff from upstream git.
* control: Drop libunistring-dev from build-depends and add libglib2.0-dev
for unicode support.
* sssd.install, sssd-tools.install: Add sssd-ad.5*, sssd-sudo.5* to
sssd.install, and sss_seed{,.8*) to sssd-tools.
* python-sss.install: py-files got moved under SSSDConfig.
* control, rules: Use default build flags, bump dpkg-dev build-dep to
1.16.1~.
* Bump libsss-sudo soname.
* rules: Install the apparmor profile with -m644.
.
sssd (1.8.4-2) UNRELEASED; urgency=low
.
* rules: Fix the current date format, and move the date mangling to
happen before dh_install is run. (Closes: #670019)
* sssd.{preinst,postrm}: Install the apparmor profile in force-complain
mode on install, and remove the profile directory on purge (if empty). Also
migrate from previous setup which installed it as disabled.
Checksums-Sha1:
68ea45135dd0ba4864b396481bb963ccbaaed09f 2974 sssd_1.9.0~beta6-0ubuntu1.dsc
08dd17f2c37563d1e2605b2a6c2586df028e2de1 2609708 sssd_1.9.0~beta6.orig.tar.gz
af102998fdb8b86ba242191eeb37bddba6353d33 41174 sssd_1.9.0~beta6-0ubuntu1.diff.gz
Checksums-Sha256:
7612ca03ffda62aeea55dbd057bf7ac8cc6f5a0fbb19553d6eead5b8d54ac913 2974 sssd_1.9.0~beta6-0ubuntu1.dsc
58b54d4640e1f975267634c99603898afa4db530b5cb1ea5fa13ad7b1d48a6ac 2609708 sssd_1.9.0~beta6.orig.tar.gz
ee8ae688c4259e06bee5492479b76b94e1a9cc776c36aeb477c3eda74f0f6b31 41174 sssd_1.9.0~beta6-0ubuntu1.diff.gz
Files:
8f292b651810f5608d46364dd88a6195 2974 utils extra sssd_1.9.0~beta6-0ubuntu1.dsc
eb2e5b0847899568b076163f4837a7dd 2609708 utils extra sssd_1.9.0~beta6.orig.tar.gz
2751556c6489ac930c62b3892012ffd4 41174 utils extra sssd_1.9.0~beta6-0ubuntu1.diff.gz
Original-Maintainer: Debian SSSD Team <pkg-sssd-devel at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBAgAGBQJQNPoLAAoJEMtwMWWoiYTckRIP/386i2GjCHC42Jcboum4Ry/p
b4b2PNlwVaYnLnEEMcfbe1/JoeEq1Gl3iQScS31PAoYka4aycoiNnwnqu3nvzBiX
EQ2QKIBDdrRJ3dXNU16catAPT3CIMAMEc5q1xe62DipVJbZf8soj767q61VSeDE/
bUSFDI/SEhEOcbmlTLuYTWnxhDis4SfRiqtSoZ3v2r4N0gPe6JAWOdarmSPL0Mz/
DknpiyN2YHupfWkRMpC35zhu2Ben+nIF6NReeSipwjsQrEGaRU8dCq3Oydp47rvJ
GvPsiJepnUfmVRo5pG8MFcL0QvcEdIkDfN0NUfT8LaONWWFdBhQDBRZgIqWLSpyP
CmXy5S7sWk2qUNzeiaea0JWFEILks5BI57ZxreVzdfxYK1JphjF4WkbVtDI2fGo1
M4RRN0PCJYeGbMswnwXOTMGjTzN6pX6jm7BCj1oWR41CD3drKuAaOLeo8Bq1S+zR
7T/GRmWR2Tk3lK0g9pkpcut1PNO0ikTRAFOL+rhFP1obYd16tM95BpJWEYsVe+i+
vjCTkoCWUZru+4Rv2CtS86FJMe7qLYMeE7mtnrxoG1IyOPahu/kfYW5sfVFGpLuG
ZaWKVwpG7IPQkOZP5tx3rotRyTG15O/Wy+TNuJIcbjZARzkukd1l2EELYcPcNwfl
qxOxPb0Vd3rjK8bIjDWC
=Xtw9
-----END PGP SIGNATURE-----
More information about the Quantal-changes
mailing list