'=?utf-8?q?=5BSSSD-users=5D?= Announcing SSSD 2.5.0'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sssd-users
Subject:    =?utf-8?q?=5BSSSD-users=5D?= Announcing SSSD 2.5.0
From:       Pavel_Březina <pbrezina () redhat ! com>
Date:       2021-05-10 13:49:27
Message-ID: 48ca86e7-2d5d-32c4-b95b-57f386a34912 () redhat ! com
[Download RAW message or body]

# SSSD 2.5.0

The SSSD team is proud to announce the release of version 2.5.0 of the
System Security Services Daemon. The tarball can be downloaded from:
     https://github.com/SSSD/sssd/releases/tag/2.5.0

See the full release notes at:
     https://sssd.io/release-notes/sssd-2.5.0.html

RPM packages will be made available for Fedora shortly.

## Feedback

Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
     https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
     https://lists.fedorahosted.org/mailman/listinfo/sssd-users

## Highlights

### General information

* `secrets` support is deprecated and will be removed in one of the next 
versions of SSSD.
* `local-provider` is deprecated and will be removed in one of the next 
versions of SSSD.
* SSSD's implementation of `libwbclient` was removed as incompatible 
with modern version of Samba.
* This release deprecates `pcre1` support. This support will be removed 
completely in following releases.
* A home directory from a dedicated user override, either local or 
centrally managed by IPA, will have a higher precedence than the 
`override_homedir` option.
* `debug-to-files`, `debug-to-stderr` command line and undocumented 
`debug_to_files` config options were removed.

### New features

* Added support for automatic renewal of renewable TGTs that are stored 
in KCM ccache. This can be enabled by setting `tgt_renewal = true`. See 
the sssd-kcm man page for more details. This feature requires MIT 
Kerberos krb5-1.19-0.beta2.3 or higher.
* Backround sudo periodic tasks (smart and full refresh) periods are now 
extended by a random offset to spread the load on the server in 
environments with many clients. The random offset can be changed with 
`ldap_sudo_random_offset`.
* Completing a sudo full refresh now postpones the smart refresh by 
`ldap_sudo_smart_refresh_interval` value. This ensure that the smart 
refresh is not run too soon after a successful full refresh.
* If `debug_backtrace_enabled` is set to `true` then on any error all 
prior debug messages (to some limit) are printed even if `debug_level` 
is set to low value (for details see `man sssd.conf`: 
`debug_backtrace_enabled` description).
* Besides trusted domains known by the forest root, trusted domains 
known by the local domain are used as well.
* New configuration option `offline_timeout_random_offset` to control 
random factor in backend probing interval when SSSD is in offline mode.

### Important fixes

* `ad_gpo_implicit_deny` is now respected even if there are no 
applicable GPOs present
* During the IPA subdomains request a failure in reading a single 
specific configuration option is not considered fatal and the request 
will continue
* unknown IPA id-range types are not considered as an error
* SSSD spec file `%postun` no longer tries to restart services that can 
not be restarted directly to stop produce systemd warnings

### Configuration changes

* Added `tgt_renewal`, `tgt_renewal_inherit`, and `krb5_*` KCM options 
to enable, and tune behavior of new KCM renewal feature.
* Added `ldap_sudo_random_offset` (default to `30`) to add a random 
offset to backround sudo periodic tasks (smart and full refresh).
* Introduced new option 'debug_backtrace_enabled' to control debug 
backtrace.
* Added `offline_timeout_random_offset` configuration option to control 
maximum size of random offset added to offline timeout SSSD backend 
probing interval.
* Long time deprecated and undocumented `debug_to_files` option was removed.
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[prev in list] [next in list] [prev in thread] [next in thread] 