sssd-ipa-2.9.1-2.el9 RPM for x86_64

From CentOS Stream 9 BaseOS for x86_64

Provides the IPA back end that the SSSD can utilize to fetch identity data
from and authenticate against an IPA server.

Provides

• sssd-ipa
• libsss_ipa.so()(64bit)
• sssd-ipa(x86-64)

Requires

• libbasicobjects.so.0()(64bit)
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.8)(64bit)
• libcollection.so.4()(64bit)
• libcom_err.so.2()(64bit)
• libcrypto.so.3()(64bit)
• libdbus-1.so.3()(64bit)
• libdhash.so.1()(64bit)
• libdhash.so.1(DHASH_0.4.3)(64bit)
• libini_config.so.5()(64bit)
• libipa_hbac(x86-64) = 2.9.1-2.el9
• libipa_hbac.so.0()(64bit)
• libipa_hbac.so.0(IPA_HBAC_0.0.1)(64bit)
• libipa_hbac.so.0(IPA_HBAC_0.1.0)(64bit)
• libk5crypto.so.3()(64bit)
• libkeyutils.so.1()(64bit)
• libkrb5.so.3()(64bit)
• liblber.so.2()(64bit)
• liblber.so.2(OPENLDAP_2.200)(64bit)
• libldap.so.2()(64bit)
• libldap.so.2(OPENLDAP_2.200)(64bit)
• libldb.so.2()(64bit)
• libldb.so.2(LDB_0.9.10)(64bit)
• libndr-krb5pac.so.0()(64bit)
• libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)
• libndr-nbt.so.0()(64bit)
• libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)
• libndr-standard.so.0()(64bit)
• libndr.so.3()(64bit)
• libndr.so.3(NDR_0.0.1)(64bit)
• libpcre2-8.so.0()(64bit)
• libpopt.so.0()(64bit)
• libpopt.so.0(LIBPOPT_0)(64bit)
• libref_array.so.1()(64bit)
• libsamba-util.so.0()(64bit)
• libselinux.so.1()(64bit)
• libselinux.so.1(LIBSELINUX_1.0)(64bit)
• libsemanage.so.2()(64bit)
• libsemanage.so.2(LIBSEMANAGE_1.0)(64bit)
• libsss_cert.so()(64bit)
• libsss_certmap = 2.9.1-2.el9
• libsss_certmap.so.0()(64bit)
• libsss_child.so()(64bit)
• libsss_crypt.so()(64bit)
• libsss_debug.so()(64bit)
• libsss_idmap = 2.9.1-2.el9
• libsss_idmap.so.0()(64bit)
• libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)
• libsss_krb5_common.so()(64bit)
• libsss_ldap_common.so()(64bit)
• libsss_semanage.so()(64bit)
• libsss_util.so()(64bit)
• libsystemd.so.0()(64bit)
• libtalloc.so.2()(64bit)
• libtalloc.so.2(TALLOC_2.0.2)(64bit)
• libtdb.so.1()(64bit)
• libtevent.so.0()(64bit)
• libtevent.so.0(TEVENT_0.9.9)(64bit)
• libunistring.so.2()(64bit)
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rtld(GNU_HASH)
• samba-client-libs >= 4.18.3-100.el9
• sssd-common = 2.9.1-2.el9
• sssd-common-pac = 2.9.1-2.el9
• sssd-krb5-common = 2.9.1-2.el9

License

GPLv3+

Changelog

* Mon Jul 10 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.1-2
  - Resolves: rhbz#2218858 - [sssd] SSSD enters failed state after heavy load in the system
* Fri Jun 23 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.1-1
  - Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3
  - Resolves: rhbz#2196816 - [RHEL9] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed'
  - Resolves: rhbz#2162552 - sssd client caches old data after removing netgroup member on IDM
  - Resolves: rhbz#2189542 - [sssd] RHEL 9.3 Tier 0 Localization
  - Resolves: rhbz#2133854 - [RHEL9] In some cases when `sdap_add_incomplete_groups()` is called with `ignore_group_members = true`, groups should be treated as complete
  - Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys
* Tue Jun 06 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.0-5
  - Related: rhbz#2190415 - Rebase Samba to the latest 4.18.x release
    Rebuild against rebased Samba libs.
* Tue May 30 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.0-4
  - Related: rhbz#2190415 - Rebase Samba to the latest 4.18.x release
    Rebuild against rebased Samba libs.
* Thu May 25 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.0-3
  - Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3
* Mon May 15 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.9.0-1
  - Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3
  - Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys
  - Resolves: rhbz#1913839 - filter_groups doesn't filter GID from 'id' output: AD + 'ldap_id_mapping = True' corner case
  - Resolves: rhbz#2100789 - [Improvement] sssctl config-check command does not show an error when we don't have id_provider in the domain section
  - Resolves: rhbz#2152177 - [RFE] Add support for ldapi:// URLs
  - Resolves: rhbz#2164852 - man page entry should make clear that a nested group needs a name
  - Resolves: rhbz#2166627 - Improvement: sss_client: add 'getsidbyusername()' and 'getsidbygroupname()' and corresponding python bindings
  - Resolves: rhbz#2166943 - kinit switches KCM away from the newly issued ticket
  - Resolves: rhbz#2167728 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed)
* Mon Jan 16 2023 Alexey Tikhonov <atikhono@redhat.com> - 2.8.2-2
  - Resolves: rhbz#2160001 - Reference to 'sssd-ldap-attributes' man page is missing in 'sssd-ldap', etc man pages
  - Resolves: rhbz#2143159 - automount killed by SIGSEGV
* Fri Dec 16 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.8.2-1
  - Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2
  - Resolves: rhbz#1608496 - sssd failing to register dynamic DNS addresses against an AD server due to unnecessary DNS search
  - Resolves: rhbz#2110091 - SSSD doesn't handle changes in 'resolv.conf' properly (when started right before network service)
  - Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level.
  - Resolves: rhbz#2139684 - [sssd] RHEL 9.2 Tier 0 Localization
  - Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list
  - Resolves: rhbz#2142794 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged
  - Resolves: rhbz#2144893 - changing password with ldap_password_policy = shadow does not take effect immediately
  - Resolves: rhbz#2148737 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around
* Fri Nov 04 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.8.1-1
  - Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2
  - Resolves: rhbz#1507035 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file
  - Resolves: rhbz#1766490 - Use negative cache better and domain checks for lookup by SIDs
  - Resolves: rhbz#1964121 - RFE: Add an option to sssd config to convert home directories to lowercase (or add a new template for the 'override_homedir' option)
  - Resolves: rhbz#2074307 - reduce debug level in case well_known_sid_to_name() fails
  - Resolves: rhbz#2096031 - SSSD: sdap_handle_id_collision_for_incomplete_groups debug message missing a new line
  - Resolves: rhbz#2103325 - Supported AD group types should be explained in the docs
  - Resolves: rhbz#2111388 - authenticating against external IdP services okta (native app) with OAuth client secret failed
  - Resolves: rhbz#2115171 - SSSD: duplicate dns_resolver_* option in man sssd.conf
  - Resolves: rhbz#2127492 - sssd timezone issues sudonotafter
  - Resolves: rhbz#2128840 - [RFE] provide dbus method to find users by attr
  - Resolves: rhbz#2128883 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict)
  - Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level.
  - Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list
* Fri Aug 26 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.3-4
  - Related: rhbz#1978119 - [Improvement] avoid interlocking among threads that use `libsss_nss_idmap` API (or other sss_client libs)
* Tue Aug 23 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.3-3
  - Resolves: rhbz#2116389 - rpc.gssd crash when access a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-2.el9
  - Resolves: rhbz#2119373 - sssctl analyze --logdir option requires sssd to be configured
  - Resolves: rhbz#2120657 - Incorrect request ID tracking from responder to backend
* Mon Aug 08 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.3-2
  - Resolves: rhbz#2106660 - [regression] sssd goes offline with forced ldaps configuration
  - Resolves: rhbz#2109451 - virsh command will hang after the host run several auto test cases
  - Resolves: rhbz#2098654 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL
  - Resolves: rhbz#2106685 - [regression] sssctl analyze fails to parse PAM related sssd logs
* Tue Jul 05 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.3-1
  - Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1
  - Resolves: rhbz#1936551 - [Improvement] Provide user feedback when login fails due to blocked PIN
  - Resolves: rhbz#1978119 - [Improvement] avoid interlocking among threads that use `libsss_nss_idmap` API (or other sss_client libs)
  - Resolves: rhbz#2062665 - [sssd] RHEL 9.1 Tier 0 Localization
* Mon Jun 13 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.1-2
  - Resolves: rhbz#2073095 - Harden kerberos ticket validation (additional patch)
  - Resolves: rhbz#2061795 - Unable to lookup AD user if the AD group contains '@' symbol (additional patch)
* Sat Jun 04 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.1-1
  - Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1
  - Resolves: rhbz#1893192 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets
  - Resolves: rhbz#1927553 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file
  - Resolves: rhbz#2089216 - pam_sss_gss ceased to work after upgrade to 8.6
  - Resolves: rhbz#2090776 - Add idp authentication indicator in man page of sssd.conf
  - Resolves: rhbz#1927195 - sssd runs out of proxy child slots and doesn't clear the counter for Active requests
  - Resolves: rhbz#2073095 - Harden kerberos ticket validation
  - Resolves: rhbz#2082455 - 'getent hosts' not return hosts if they have more than one CN in LDAP
  - Resolves: rhbz#2087581 - Regression "Missing internal domain data." when setting ad_domain to incorrect
* Wed May 11 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.0-2
  - Resolves: rhbz#2065693 - [RHEL9] Ship new sub-package called sssd-idp into sssd
* Wed Apr 20 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.7.0-1
  - Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1
  - Resolves: rhbz#2072640 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop
  - Resolves: rhbz#2070189 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file.
  - Resolves: rhbz#2070138 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options)
  - Resolves: rhbz#2065693 - [RHEL9] Ship new sub-package called sssd-idp into sssd
  - Resolves: rhbz#2065098 - Use right sdap_domain in ad_domain_info_send
  - Resolves: rhbz#2062716 - [Improvement] Add user and group version of sss_nss_getorigbyname()
  - Resolves: rhbz#2061795 - Unable to lookup AD user if the AD group contains '@' symbol
  - Resolves: rhbz#2056482 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2
  - Resolves: rhbz#1937895 - SSSD update prompts for smartcard pin twice - After update to 7.9
  - Resolves: rhbz#1925559 - [RFE] Implement time logging for the LDAP queries and warning of high queries time
  - Resolves: rhbz#1915564 - sssd does not enforce smartcard auth for kde screen locker
  - Resolves: rhbz#1859751 - [RFE] Allow SSSD to use anonymous pkinit for FAST
  - Resolves: rhbz#1749279 - 2FA prompting setting ineffective
  - Resolves: rhbz#1661055 - sssd fails GPO-based access if AD have setup with Japanese language
  - Resolves: rhbz#1245367 - [RFE] Implement memory cache for SID requests to improve performance
* Mon Jan 17 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.6.2-2
  - Resolves: rhbz#2035244 - AD Domain in the AD Forest Missing after sssd latest update
  - Resolves: rhbz#2041560 - sssd does not use kerberos port that is set.
* Mon Jan 03 2022 Alexey Tikhonov <atikhono@redhat.com> - 2.6.2-1
  - Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
  - Resolves: rhbz#2017390 - [sssd] RHEL 9.0 GA Tier 0 Localization
  - Resolves: rhbz#2013263 - [RHEL9] Add ability to parse child log files
  - Resolves: rhbz#2013262 - [RHEL9] Add tevent chain ID logic into responders
  - Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
  - Resolves: rhbz#1940517 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs
* Mon Dec 06 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.6.1-1
  - Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA
  - Resolves: rhbz#1966201 - sssd: incorrect checks on length values during packet decoding in unpack_authtok()
  - Resolves: rhbz#977803 - incorrect checks of `strto*()` string to number convertion functions
  - Resolves: rhbz#1992432 - Add client certificate validation D-Bus API
  - Resolves: rhbz#1992973 - Lookup with fully-qualified name does not work with 'cache_first = True'
  - Resolves: rhbz#1996151 - Add support for CKM_RSA_PKCS in smart card authentication.
  - Resolves: rhbz#1998459 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest)
  - Resolves: rhbz#2000476 - disabled root ad domain causes subdomains to be marked offline
  - Resolves: rhbz#2014249 - Consistency in defaults between OpenSSH and SSSD
  - Resolves: rhbz#2029419 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected
* Mon Aug 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-5
  - Resolves: rhbz#1909755 - Suppress log message "[sssd] [service_signal_done] (0x0010): Unable to signal service [2]: No such file or directory" during logrote
  - Resolves: rhbz#1962123 - [sssd] RHEL 9.0 Beta Tier 0 Localization
* Mon Aug 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-4
  - Resolves: rhbz#1973411 - CVE-2021-3621 sssd: shell command injection in sssctl [rhel-9]
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.5.2-3
  - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
    Related: rhbz#1991688
* Mon Aug 02 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-2
  - Resolves: rhbz#1803943 - [RFE] support subid ranges managed by FreeIPA
* Fri Jul 16 2021 Alexey Tikhonov <atikhono@redhat.com> - 2.5.2-1
  - Resolves: rhbz#1952922 - Rebase SSSD for RHEL 9-Beta
  - Resolves: rhbz#1975691 - covscan NULL pointer dereference cache_req_data_create()

Files

/usr/lib/.build-id
/usr/lib/.build-id/42
/usr/lib/.build-id/42/161c6e702eddc240cd2d392f17015f3d68012d
/usr/lib/.build-id/7c
/usr/lib/.build-id/7c/52d61c80bc47f53f7513161bd0b6f5115b95f8
/usr/lib64/sssd/libsss_ipa.so
/usr/libexec/sssd/selinux_child
/usr/share/licenses/sssd-ipa
/usr/share/licenses/sssd-ipa/COPYING
/usr/share/man/es/man5/sssd-ipa.5.gz
/usr/share/man/man5/sssd-ipa.5.gz
/usr/share/man/ru/man5/sssd-ipa.5.gz
/usr/share/man/sv/man5/sssd-ipa.5.gz
/usr/share/man/uk/man5/sssd-ipa.5.gz
/var/lib/sss/keytabs

Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Apr 24 05:07:23 2024