Blame SPECS/sssd.spec

71e593
# we don't want to provide private python extension libs
71e593
%define __provides_exclude_from %{python3_sitearch}/.*\.so$|%{_libdir}/%{name}/modules/libwbclient.so.*$
71e593
71e593
# SSSD fails to build with -Wl,-z,defs
71e593
%undefine _strict_symbol_defs_build
71e593
71e593
%define _hardened_build 1
71e593
71e593
%global install_pcscd_polkit_rule 1
71e593
71e593
# Determine the location of the LDB modules directory
71e593
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
71e593
%global ldb_version 1.2.0
71e593
71e593
%global enable_systemtap 1
71e593
    %global enable_systemtap_opt --enable-systemtap
71e593
71e593
%global libwbc_alternatives_version 0.14
71e593
%global libwbc_lib_version %{libwbc_alternatives_version}.0
71e593
%global libwbc_alternatives_suffix %nil
71e593
%if 0%{?__isa_bits} == 64
71e593
%global libwbc_alternatives_suffix -64
71e593
%endif
71e593
71e593
Name: sssd
71e593
Version: 2.0.0
71e593
Release: 43%{?dist}
71e593
Group: Applications/System
71e593
Summary: System Security Services Daemon
71e593
License: GPLv3+
71e593
URL: https://pagure.io/SSSD/sssd/
71e593
Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
71e593
71e593
### Patches ###
71e593
Patch0001: 0001-KCM-Don-t-error-out-if-creating-a-new-ID-as-the-firs.patch
71e593
Patch0002: 0002-sbus-register-filter-on-new-connection.patch
71e593
Patch0003: 0003-sysdb-extract-sysdb_ldb_msg_attr_to_certmap_info-cal.patch
71e593
Patch0004: 0004-sysdb_ldb_msg_attr_to_certmap_info-set-SSS_CERTMAP_M.patch
71e593
Patch0005: 0005-sysdb-add-attr_map-attribute-to-sysdb_ldb_msg_attr_t.patch
71e593
Patch0006: 0006-confdb-add-confdb_certmap_to_sysdb.patch
71e593
Patch0007: 0007-AD-LDAP-read-certificate-mapping-rules-from-config-f.patch
71e593
Patch0008: 0008-sysdb-sysdb_certmap_add-handle-domains-more-flexible.patch
71e593
Patch0009: 0009-confdb-add-special-handling-for-rules-for-the-files-.patch
71e593
Patch0010: 0010-files-add-support-for-Smartcard-authentication.patch
71e593
Patch0011: 0011-responder-make-sure-SSS_DP_CERT-is-passed-to-files-p.patch
71e593
Patch0012: 0012-PAM-add-certificate-matching-rules-from-all-domains.patch
71e593
Patch0013: 0013-doc-add-certificate-mapping-section-to-man-page.patch
71e593
Patch0014: 0014-intg-user-default-locale.patch
71e593
Patch0015: 0015-PAM-use-better-PAM-error-code-for-failed-Smartcard-a.patch
71e593
Patch0016: 0016-test_ca-test-library-only-for-readable.patch
71e593
Patch0017: 0017-test_ca-set-a-password-PIN-to-nss-databases.patch
71e593
Patch0018: 0018-getsockopt_wrapper-add-support-for-PAM-clients.patch
71e593
Patch0019: 0019-intg-add-Smartcard-authentication-tests.patch
71e593
Patch0020: 0020-sbus-dectect-python-binary-for-sbus_generate.sh.patch
71e593
Patch0021: 0021-CONFDB-Skip-local-domain-if-not-supported.patch
71e593
Patch0022: 0022-SELINUX-Always-add-SELinux-user-to-the-semanage-data.patch
71e593
Patch0023: 0023-proxy-access-provider-directly-not-through-be_ctx.patch
71e593
Patch0024: 0024-dp-set-be_ctx-provider-as-part-of-dp_init-request.patch
71e593
Patch0025: 0025-sbus-read-destination-after-sender-is-set.patch
71e593
Patch0026: 0026-sbus-do-not-try-to-remove-signal-listeners-when-disc.patch
71e593
Patch0027: 0027-sbus-free-watch_fd-fdevent-explicitly.patch
71e593
Patch0028: 0028-doc-remove-local-provider-reference-from-manpages.patch
71e593
Patch0029: 0029-confdb-log-an-error-when-domain-is-misconfigured.patch
71e593
Patch0030: 0030-be-use-be_is_offline-for-the-main-domain-when-asking.patch
71e593
Patch0031: 0031-sudo-respect-case-sensitivity-in-sudo-responder.patch
71e593
Patch0032: 0032-sbus-fix-typo.patch
71e593
Patch0033: 0033-sbus-check-for-null-message-in-sbus_message_bound.patch
71e593
Patch0034: 0034-sbus-replace-sbus_message_bound_ref-with-sbus_messag.patch
71e593
Patch0035: 0035-sbus-add-unit-tests-for-public-sbus_message-module.patch
71e593
Patch0036: 0036-p11-handle-multiple-certs-during-auth-with-OpenSSL.patch
71e593
Patch0037: 0037-p11_child-add-wait_for_card-option.patch
71e593
Patch0038: 0038-PAM-add-p11_wait_for_card_timeout-option.patch
71e593
Patch0039: 0039-pam_sss-make-flags-public.patch
71e593
Patch0040: 0040-pam_sss-add-try_cert_auth-option.patch
71e593
Patch0041: 0041-pam_sss-add-option-require_cert_auth.patch
71e593
Patch0042: 0042-intg-require-SC-tests.patch
71e593
Patch0043: 0043-p11_child-show-PKCS-11-URI-in-debug-output.patch
71e593
Patch0044: 0044-p11_child-add-PKCS-11-uri-to-restrict-selection.patch
71e593
Patch0045: 0045-PAM-add-p11_uri-option.patch
71e593
Patch0046: 0046-tests-add-PKCS-11-URI-tests.patch
71e593
Patch0047: 0047-PAM-return-short-name-for-files-provider-users.patch
71e593
Patch0048: 0048-doc-Add-nsswitch.conf-note-to-manpage.patch
71e593
Patch0049: 0049-intg-flush-the-SSSD-caches-to-sync-with-files.patch
71e593
Patch0050: 0050-FILES-The-files-provider-should-not-enumerate.patch
71e593
Patch0051: 0051-p11_child-add-OCSP-check-ot-the-OpenSSL-version.patch
71e593
Patch0052: 0052-p11_child-add-crl_file-option-for-the-OpenSSL-build.patch
71e593
Patch0053: 0053-p11-Fix-two-instances-of-Wmaybe-uninitialized-in-p11.patch
71e593
Patch0054: 0054-sudo-use-correct-sbus-interface.patch
71e593
Patch0055: 0055-sudo-fix-error-handling-in-sudosrv_refresh_rules_don.patch
71e593
Patch0056: 0056-files-add-session-recording-flag.patch
71e593
Patch0057: 0057-UTIL-Suppress-Coverity-warning.patch
71e593
Patch0058: 0058-PYSSS-Re-add-the-pysss.getgrouplist-interface.patch
71e593
Patch0059: 0059-ifp-fix-typo-causing-a-crash-in-FindByNameAndCertifi.patch
71e593
Patch0060: 0060-IFP-Use-subreq-not-req-when-calling-RefreshRules_rec.patch
71e593
Patch0061: 0061-INI-Return-errno-not-1-on-failure-from-sss_ini_get_s.patch
71e593
Patch0062: 0062-MONITOR-Don-t-check-for-pidfile-if-SSSD-is-already-r.patch
71e593
Patch0063: 0063-SSSD-Allow-refreshing-only-certain-section-with-genc.patch
71e593
Patch0064: 0064-SYSTEMD-Re-read-KCM-configuration-on-systemctl-resta.patch
71e593
Patch0065: 0065-pam_sss-return-PAM_AUTHINFO_UNAVAIL-if-sc-options-ar.patch
71e593
Patch0066: 0066-p11_child-NSS-print-key-type-in-a-debug-message.patch
71e593
Patch0067: 0067-pam_test_srv-set-default-value-for-SOFTHSM2_CONF.patch
71e593
Patch0068: 0068-tests-add-ECC-CA.patch
71e593
Patch0069: 0069-test_pam_srv-add-test-for-certificate-with-EC-keys.patch
71e593
Patch0070: 0070-p11_child-openssl-add-support-for-EC-keys.patch
71e593
Patch0071: 0071-utils-refactor-ssh-key-extraction-OpenSSL.patch
71e593
Patch0072: 0072-utils-add-ec_pub_key_to_ssh-OpenSSL.patch
71e593
Patch0073: 0073-utils-refactor-ssh-key-extraction-NSS.patch
71e593
Patch0074: 0074-utils-add-ec_pub_key_to_ssh-NSS.patch
71e593
Patch0075: 0075-SSSCTL-user-show-says-that-user-is-expired.patch
71e593
Patch0076: 0076-sss_iface-prevent-from-using-invalid-names-that-star.patch
71e593
Patch0077: 0077-nss-use-enumeration-context-as-talloc-parent-for-cac.patch
71e593
Patch0078: 0078-LDAP-minor-refactoring-in-auth_send-to-conform-to-ou.patch
71e593
Patch0079: 0079-LDAP-Only-authenticate-the-auth-connection-if-we-nee.patch
71e593
Patch0080: 0080-LDAP-Log-the-encryption-used-during-LDAP-authenticat.patch
71e593
Patch0081: 0081-nss-sssd-returns-for-emtpy-home-directories.patch
71e593
Patch0082: 0082-PROXY-Copy-the-response-to-the-caller.patch
71e593
Patch0083: 0083-Revert-IPA-use-forest-name-when-looking-up-the-Globa.patch
71e593
Patch0084: 0084-ipa-use-only-the-global-catalog-service-of-the-fores.patch
71e593
Patch0085: 0085-krb5_child-fix-permissions-during-SC-auth.patch
71e593
Patch0086: 0086-MAN-Explicitly-state-that-not-all-generic-domain-opt.patch
71e593
Patch0087: 0087-KCM-Deleting-a-non-existent-ccache-should-not-yield-.patch
71e593
Patch0088: 0088-confdb-Always-read-snippet-files.patch
71e593
Patch0089: 0089-CONFDB-Remove-old-libini-support.patch
71e593
Patch0090: 0090-idmap_sss-improve-man-page.patch
71e593
Patch0091: 0091-sbus-allow-access-for-sssd-user.patch
71e593
Patch0092: 0092-sbus-use-120-second-default-timeout.patch
71e593
Patch0093: 0093-ifp-extraAttributes-is-UnknownProperty.patch
71e593
Patch0094: 0094-AD-IPA-Reset-subdomain-service-name-not-domain-name.patch
71e593
Patch0095: 0095-IPA-Add-explicit-return-after-tevent_req_error.patch
71e593
Patch0096: 0096-KCM-Return-a-valid-tevent-error-code-if-a-request-ca.patch
71e593
Patch0097: 0097-KCM-Allow-representing-ccaches-with-a-NULL-principal.patch
71e593
Patch0098: 0098-KCM-Create-an-empty-ccache-on-switch-to-a-non-existi.patch
71e593
Patch0099: 0099-PAM-use-user-name-hint-if-any-domain-has-set-it.patch
71e593
71e593
### Downstream Patches ###
71e593
71e593
#This patch should not be removed in RHEL-8
71e593
Patch999: 0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec
71e593
71e593
### Dependencies ###
71e593
71e593
Requires: sssd-common = %{version}-%{release}
71e593
Requires: sssd-ldap = %{version}-%{release}
71e593
Requires: sssd-krb5 = %{version}-%{release}
71e593
Requires: sssd-ipa = %{version}-%{release}
71e593
Requires: sssd-ad = %{version}-%{release}
71e593
Recommends: sssd-proxy = %{version}-%{release}
71e593
Requires: python3-sssdconfig = %{version}-%{release}
71e593
Suggests: sssd-dbus = %{version}-%{release}
71e593
71e593
%global servicename sssd
71e593
%global sssdstatedir %{_localstatedir}/lib/sss
71e593
%global dbpath %{sssdstatedir}/db
71e593
%global keytabdir %{sssdstatedir}/keytabs
71e593
%global pipepath %{sssdstatedir}/pipes
71e593
%global mcpath %{sssdstatedir}/mc
71e593
%global pubconfpath %{sssdstatedir}/pubconf
71e593
%global gpocachepath %{sssdstatedir}/gpo_cache
71e593
%global secdbpath %{sssdstatedir}/secrets
71e593
%global deskprofilepath %{sssdstatedir}/deskprofile
71e593
71e593
### Build Dependencies ###
71e593
71e593
BuildRequires: autoconf
71e593
BuildRequires: automake
71e593
BuildRequires: libtool
71e593
BuildRequires: m4
71e593
BuildRequires: gcc
71e593
BuildRequires: popt-devel
71e593
BuildRequires: libtalloc-devel
71e593
BuildRequires: libtevent-devel
71e593
BuildRequires: libtdb-devel
71e593
BuildRequires: libldb-devel >= %{ldb_version}
71e593
BuildRequires: libdhash-devel >= 0.4.2
71e593
BuildRequires: libcollection-devel
71e593
BuildRequires: libini_config-devel >= 1.1
71e593
BuildRequires: dbus-devel
71e593
BuildRequires: dbus-libs
71e593
BuildRequires: openldap-devel
71e593
BuildRequires: pam-devel
71e593
BuildRequires: nss-devel
71e593
BuildRequires: nspr-devel
71e593
BuildRequires: pcre-devel
71e593
BuildRequires: libxslt
71e593
BuildRequires: libxml2
71e593
BuildRequires: docbook-style-xsl
71e593
BuildRequires: krb5-devel
71e593
BuildRequires: c-ares-devel
71e593
BuildRequires: python3-devel
71e593
BuildRequires: check-devel
71e593
BuildRequires: doxygen
71e593
BuildRequires: libselinux-devel
71e593
BuildRequires: libsemanage-devel
71e593
BuildRequires: bind-utils
71e593
BuildRequires: keyutils-libs-devel
71e593
BuildRequires: gettext-devel
71e593
BuildRequires: pkgconfig
71e593
BuildRequires: diffstat
71e593
BuildRequires: findutils
71e593
BuildRequires: glib2-devel
71e593
BuildRequires: selinux-policy-targeted
71e593
BuildRequires: libcmocka-devel >= 1.0.0
71e593
BuildRequires: uid_wrapper
71e593
BuildRequires: nss_wrapper
71e593
BuildRequires: p11-kit-devel
71e593
BuildRequires: openssl-devel
71e593
BuildRequires: gnutls-utils
71e593
BuildRequires: softhsm >= 2.1.0
71e593
BuildRequires: openssl
71e593
BuildRequires: openssh
71e593
BuildRequires: libnl3-devel
71e593
BuildRequires: systemd-devel
71e593
BuildRequires: systemd
71e593
BuildRequires: cifs-utils-devel
71e593
BuildRequires: libnfsidmap-devel
71e593
BuildRequires: samba4-devel
71e593
BuildRequires: libsmbclient-devel
71e593
BuildRequires: samba-winbind
71e593
BuildRequires: systemtap-sdt-devel
71e593
BuildRequires: libuuid-devel
71e593
BuildRequires: jansson-devel
71e593
BuildRequires: gdm-pam-extensions-devel
71e593
71e593
%description
71e593
Provides a set of daemons to manage access to remote directories and
71e593
authentication mechanisms. It provides an NSS and PAM interface toward
71e593
the system and a plug-gable back-end system to connect to multiple different
71e593
account sources. It is also the basis to provide client auditing and policy
71e593
services for projects like FreeIPA.
71e593
71e593
The sssd sub-package is a meta-package that contains the daemon as well as all
71e593
the existing back ends.
71e593
71e593
%package common
71e593
Summary: Common files for the SSSD
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
# Conflicts
71e593
Conflicts: selinux-policy < 3.10.0-46
71e593
Conflicts: sssd < 1.10.0-8%{?dist}.beta2
71e593
# Requires
71e593
# Explicitly require RHEL-8.0 versions of the Samba libraries
71e593
# in order to prevent untested combinations of a new SSSD and
71e593
# older libraries. See e.g. rhbz#1593756
71e593
Requires: libtalloc >= 2.1.14-1
71e593
Requires: libtevent >= 0.9.37-1
71e593
Requires: libldb >= 1.4.2-1
71e593
Requires: libtdb >= 1.3.16-1
71e593
# due to ABI changes in 1.1.30/1.2.0
71e593
Requires: libldb >= %{ldb_version}
71e593
Requires: sssd-client%{?_isa} = %{version}-%{release}
71e593
Recommends: libsss_sudo = %{version}-%{release}
71e593
Recommends: libsss_autofs%{?_isa} = %{version}-%{release}
71e593
Recommends: sssd-nfs-idmap = %{version}-%{release}
71e593
Requires: libsss_idmap = %{version}-%{release}
71e593
Requires(pre): shadow-utils
71e593
%{?systemd_requires}
71e593
71e593
### Provides ###
71e593
Provides: libsss_sudo-devel = %{version}-%{release}
71e593
Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1
71e593
71e593
%description common
71e593
Common files for the SSSD. The common package includes all the files needed
71e593
to run a particular back end, however, the back ends are packaged in separate
71e593
sub-packages such as sssd-ldap.
71e593
71e593
%package client
71e593
Summary: SSSD Client libraries for NSS and PAM
71e593
Group: Applications/System
71e593
License: LGPLv3+
71e593
Requires(post): /sbin/ldconfig
71e593
Requires(postun): /sbin/ldconfig
71e593
Requires(post):  /usr/sbin/alternatives
71e593
Requires(preun): /usr/sbin/alternatives
71e593
71e593
%description client
71e593
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
71e593
service.
71e593
71e593
%package -n libsss_sudo
71e593
Summary: A library to allow communication between SUDO and SSSD
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires(post): /sbin/ldconfig
71e593
Requires(postun): /sbin/ldconfig
71e593
Conflicts: sssd-common < %{version}-%{release}
71e593
71e593
%description -n libsss_sudo
71e593
A utility library to allow communication between SUDO and SSSD
71e593
71e593
%package -n libsss_autofs
71e593
Summary: A library to allow communication between Autofs and SSSD
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Conflicts: sssd-common < %{version}-%{release}
71e593
71e593
%description -n libsss_autofs
71e593
A utility library to allow communication between Autofs and SSSD
71e593
71e593
%package tools
71e593
Summary: Userspace tools for use with the SSSD
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
Requires: sssd-common = %{version}-%{release}
71e593
# required by sss_obfuscate
71e593
Requires: python3-sss = %{version}-%{release}
71e593
Requires: python3-sssdconfig = %{version}-%{release}
71e593
71e593
%description tools
71e593
Provides userspace tools for manipulating users, groups, and nested groups in
71e593
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
71e593
71e593
Also provides several other administrative tools:
71e593
    * sss_debuglevel to change the debug level on the fly
71e593
    * sss_seed which pre-creates a user entry for use in kickstarts
71e593
    * sss_obfuscate for generating an obfuscated LDAP password
71e593
    * sssctl -- an sssd status and control utility
71e593
71e593
%package -n python3-sssdconfig
71e593
Summary: SSSD and IPA configuration file manipulation classes and functions
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
BuildArch: noarch
71e593
%{?python_provide:%python_provide python3-sssdconfig}
71e593
71e593
%description -n python3-sssdconfig
71e593
Provides python3 files for manipulation SSSD and IPA configuration files.
71e593
71e593
%package -n python3-sss
71e593
Summary: Python3 bindings for sssd
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires: sssd-common = %{version}-%{release}
71e593
%{?python_provide:%python_provide python3-sss}
71e593
71e593
%description -n python3-sss
71e593
Provides python3 module for manipulating users, groups, and nested groups in
71e593
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
71e593
71e593
Also provides several other useful python3 bindings:
71e593
    * function for retrieving list of groups user belongs to.
71e593
    * class for obfuscation of passwords
71e593
71e593
%package -n python3-sss-murmur
71e593
Summary: Python3 bindings for murmur hash function
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
%{?python_provide:%python_provide python3-sss-murmur}
71e593
71e593
%description -n python3-sss-murmur
71e593
Provides python3 module for calculating the murmur hash version 3
71e593
71e593
%package ldap
71e593
Summary: The LDAP back end of the SSSD
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
Conflicts: sssd < 1.10.0-8.beta2
71e593
Requires: sssd-common = %{version}-%{release}
71e593
Requires: sssd-krb5-common = %{version}-%{release}
71e593
71e593
%description ldap
71e593
Provides the LDAP back end that the SSSD can utilize to fetch identity data
71e593
from and authenticate against an LDAP server.
71e593
71e593
%package krb5-common
71e593
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
Conflicts: sssd < 1.10.0-8.beta2
71e593
Requires: cyrus-sasl-gssapi%{?_isa}
71e593
Requires: sssd-common = %{version}-%{release}
71e593
Requires(pre): shadow-utils
71e593
71e593
%description krb5-common
71e593
Provides helper processes that the LDAP and Kerberos back ends can use for
71e593
Kerberos user or host authentication.
71e593
71e593
%package krb5
71e593
Summary: The Kerberos authentication back end for the SSSD
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
Conflicts: sssd < 1.10.0-8.beta2
71e593
Requires: sssd-common = %{version}-%{release}
71e593
Requires: sssd-krb5-common = %{version}-%{release}
71e593
71e593
%description krb5
71e593
Provides the Kerberos back end that the SSSD can utilize authenticate
71e593
against a Kerberos server.
71e593
71e593
%package common-pac
71e593
Summary: Common files needed for supporting PAC processing
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
Requires: sssd-common = %{version}-%{release}
71e593
71e593
%description common-pac
71e593
Provides common files needed by SSSD providers such as IPA and Active Directory
71e593
for handling Kerberos PACs.
71e593
71e593
%package ipa
71e593
Summary: The IPA back end of the SSSD
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
Conflicts: sssd < 1.10.0-8.beta2
71e593
Requires: sssd-common = %{version}-%{release}
71e593
Requires: sssd-krb5-common = %{version}-%{release}
71e593
Requires: libipa_hbac%{?_isa} = %{version}-%{release}
71e593
Recommends: bind-utils
71e593
Requires: sssd-common-pac = %{version}-%{release}
71e593
Requires(pre): shadow-utils
71e593
71e593
%description ipa
71e593
Provides the IPA back end that the SSSD can utilize to fetch identity data
71e593
from and authenticate against an IPA server.
71e593
71e593
%package ad
71e593
Summary: The AD back end of the SSSD
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
Conflicts: sssd < 1.10.0-8.beta2
71e593
Requires: sssd-common = %{version}-%{release}
71e593
Requires: sssd-krb5-common = %{version}-%{release}
71e593
Requires: sssd-common-pac = %{version}-%{release}
71e593
Recommends: bind-utils
71e593
Recommends: adcli
71e593
Suggests: sssd-libwbclient = %{version}-%{release}
71e593
Suggests: sssd-winbind-idmap = %{version}-%{release}
71e593
71e593
%description ad
71e593
Provides the Active Directory back end that the SSSD can utilize to fetch
71e593
identity data from and authenticate against an Active Directory server.
71e593
71e593
%package proxy
71e593
Summary: The proxy back end of the SSSD
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
Conflicts: sssd < 1.10.0-8.beta2
71e593
Requires: sssd-common = %{version}-%{release}
71e593
Requires(pre): shadow-utils
71e593
71e593
%description proxy
71e593
Provides the proxy back end which can be used to wrap an existing NSS and/or
71e593
PAM modules to leverage SSSD caching.
71e593
71e593
%package -n libsss_idmap
71e593
Summary: FreeIPA Idmap library
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires(post): /sbin/ldconfig
71e593
Requires(postun): /sbin/ldconfig
71e593
71e593
%description -n libsss_idmap
71e593
Utility library to convert SIDs to Unix uids and gids
71e593
71e593
%package -n libsss_idmap-devel
71e593
Summary: FreeIPA Idmap library
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires: libsss_idmap = %{version}-%{release}
71e593
71e593
%description -n libsss_idmap-devel
71e593
Utility library to SIDs to Unix uids and gids
71e593
71e593
%package -n libipa_hbac
71e593
Summary: FreeIPA HBAC Evaluator library
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires(post): /sbin/ldconfig
71e593
Requires(postun): /sbin/ldconfig
71e593
71e593
%description -n libipa_hbac
71e593
Utility library to validate FreeIPA HBAC rules for authorization requests
71e593
71e593
%package -n libipa_hbac-devel
71e593
Summary: FreeIPA HBAC Evaluator library
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires: libipa_hbac = %{version}-%{release}
71e593
71e593
%description -n libipa_hbac-devel
71e593
Utility library to validate FreeIPA HBAC rules for authorization requests
71e593
71e593
%package -n python3-libipa_hbac
71e593
Summary: Python3 bindings for the FreeIPA HBAC Evaluator library
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires: libipa_hbac = %{version}-%{release}
71e593
%{?python_provide:%python_provide python3-libipa_hbac}
71e593
71e593
%description -n python3-libipa_hbac
71e593
The python3-libipa_hbac contains the bindings so that libipa_hbac can be
71e593
used by Python applications.
71e593
71e593
%package -n libsss_nss_idmap
71e593
Summary: Library for SID and certificate based lookups
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires(post): /sbin/ldconfig
71e593
Requires(postun): /sbin/ldconfig
71e593
71e593
%description -n libsss_nss_idmap
71e593
Utility library for SID and certificate based lookups
71e593
71e593
%package -n libsss_nss_idmap-devel
71e593
Summary: Library for SID and certificate based lookups
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires: libsss_nss_idmap = %{version}-%{release}
71e593
71e593
%description -n libsss_nss_idmap-devel
71e593
Utility library for SID and certificate based lookups
71e593
71e593
%package -n python3-libsss_nss_idmap
71e593
Summary: Python3 bindings for libsss_nss_idmap
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires: libsss_nss_idmap = %{version}-%{release}
71e593
%{?python_provide:%python_provide python3-libsss_nss_idmap}
71e593
71e593
%description -n python3-libsss_nss_idmap
71e593
The python3-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can
71e593
be used by Python applications.
71e593
71e593
%package dbus
71e593
Summary: The D-Bus responder of the SSSD
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
Requires: sssd-common = %{version}-%{release}
71e593
%{?systemd_requires}
71e593
71e593
%description dbus
71e593
Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows
71e593
the information from the SSSD to be transmitted over the system bus.
71e593
71e593
%if (0%{?install_pcscd_polkit_rule} == 1)
71e593
%package polkit-rules
71e593
Summary: Rules for polkit integration for SSSD
71e593
Group: Applications/System
71e593
License: GPLv3+
71e593
Requires: polkit >= 0.106
71e593
Requires: sssd-common = %{version}-%{release}
71e593
71e593
%description polkit-rules
71e593
Provides rules for polkit integration with SSSD. This is required
71e593
for smartcard support.
71e593
%endif
71e593
71e593
%package -n libsss_simpleifp
71e593
Summary: The SSSD D-Bus responder helper library
71e593
Group: Development/Libraries
71e593
License: GPLv3+
71e593
Requires: sssd-dbus = %{version}-%{release}
71e593
Requires(post): /sbin/ldconfig
71e593
Requires(postun): /sbin/ldconfig
71e593
71e593
%description -n libsss_simpleifp
71e593
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
71e593
71e593
%package -n libsss_simpleifp-devel
71e593
Summary: The SSSD D-Bus responder helper library
71e593
Group: Development/Libraries
71e593
License: GPLv3+
71e593
Requires: dbus-devel
71e593
Requires: libsss_simpleifp = %{version}-%{release}
71e593
71e593
%description -n libsss_simpleifp-devel
71e593
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
71e593
71e593
%package libwbclient
71e593
Summary: The SSSD libwbclient implementation
71e593
Group: Applications/System
71e593
License: GPLv3+ and LGPLv3+
71e593
Conflicts: libwbclient < 4.2.0-0.2.rc2
71e593
Conflicts: sssd-common < %{version}-%{release}
71e593
71e593
%description libwbclient
71e593
The SSSD libwbclient implementation.
71e593
71e593
%package libwbclient-devel
71e593
Summary: Development libraries for the SSSD libwbclient implementation
71e593
Group:  Development/Libraries
71e593
License: GPLv3+ and LGPLv3+
71e593
Requires: sssd-libwbclient = %{version}-%{release}
71e593
Conflicts: libwbclient-devel < 4.2.0-0.2.rc2
71e593
71e593
%description libwbclient-devel
71e593
Development libraries for the SSSD libwbclient implementation.
71e593
71e593
%package winbind-idmap
71e593
Summary: SSSD's idmap_sss Backend for Winbind
71e593
Group:  Applications/System
71e593
License: GPLv3+ and LGPLv3+
71e593
Conflicts: sssd-common < %{version}-%{release}
71e593
71e593
%description winbind-idmap
71e593
The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs
71e593
and SIDs.
71e593
71e593
%package nfs-idmap
71e593
Summary: SSSD plug-in for NFSv4 rpc.idmapd
71e593
Group:  Applications/System
71e593
License: GPLv3+
71e593
Conflicts: sssd-common < %{version}-%{release}
71e593
71e593
%description nfs-idmap
71e593
The libnfsidmap sssd module provides a way for rpc.idmapd to call SSSD to map
71e593
UIDs/GIDs to names and vice versa. It can be also used for mapping principal
71e593
(user) name to IDs(UID or GID) or to obtain groups which user are member of.
71e593
71e593
%package -n libsss_certmap
71e593
Summary: SSSD Certficate Mapping Library
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires(post): /sbin/ldconfig
71e593
Requires(postun): /sbin/ldconfig
71e593
Conflicts: sssd-common < %{version}-%{release}
71e593
71e593
%description -n libsss_certmap
71e593
Library to map certificates to users based on rules
71e593
71e593
%package -n libsss_certmap-devel
71e593
Summary: SSSD Certficate Mapping Library
71e593
Group: Development/Libraries
71e593
License: LGPLv3+
71e593
Requires: libsss_certmap = %{version}-%{release}
71e593
71e593
%description -n libsss_certmap-devel
71e593
Library to map certificates to users based on rules
71e593
71e593
%package kcm
71e593
Summary: An implementation of a Kerberos KCM server
71e593
Group:  Applications/System
71e593
License: GPLv3+
71e593
Requires: sssd-common = %{version}-%{release}
71e593
%{?systemd_requires}
71e593
71e593
%description kcm
71e593
An implementation of a Kerberos KCM server. Use this package if you want to
71e593
use the KCM: Kerberos credentials cache.
71e593
71e593
%prep
71e593
# Update timestamps on the files touched by a patch, to avoid non-equal
71e593
# .pyc/.pyo files across the multilib peers within a build, where "Level"
71e593
# is the patch prefix option (e.g. -p1)
71e593
# Taken from specfile for python-simplejson
71e593
UpdateTimestamps() {
71e593
  Level=$1
71e593
  PatchFile=$2
71e593
71e593
  # Locate the affected files:
71e593
  for f in $(diffstat $Level -l $PatchFile); do
71e593
    # Set the files to have the same timestamp as that of the patch:
71e593
    touch -r $PatchFile $f
71e593
  done
71e593
}
71e593
71e593
%setup -q
71e593
71e593
for p in %patches ; do
71e593
    %__patch -p1 -i $p
71e593
    UpdateTimestamps -p1 $p
71e593
done
71e593
71e593
%build
71e593
autoreconf -ivf
71e593
71e593
%configure \
71e593
    --with-test-dir=/dev/shm \
71e593
    --with-db-path=%{dbpath} \
71e593
    --with-mcache-path=%{mcpath} \
71e593
    --with-pipe-path=%{pipepath} \
71e593
    --with-pubconf-path=%{pubconfpath} \
71e593
    --with-gpo-cache-path=%{gpocachepath} \
71e593
    --with-init-dir=%{_initrddir} \
71e593
    --with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
71e593
    --enable-nsslibdir=%{_libdir} \
71e593
    --enable-pammoddir=%{_libdir}/security \
71e593
    --enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \
71e593
    --disable-static \
71e593
    --with-crypto=libcrypto \
71e593
    --disable-rpath \
71e593
    --with-initscript=systemd \
71e593
    --with-syslog=journald \
71e593
    --enable-sss-default-nss-plugin \
71e593
    --enable-files-domain \
71e593
    --without-python2-bindings \
71e593
    --with-sssd-user=sssd \
71e593
    %{?with_cifs_utils_plugin_option} \
71e593
    %{?enable_systemtap_opt} \
71e593
71e593
71e593
make %{?_smp_mflags} all docs
71e593
71e593
%check
71e593
export CK_TIMEOUT_MULTIPLIER=10
71e593
make %{?_smp_mflags} check VERBOSE=yes
71e593
unset CK_TIMEOUT_MULTIPLIER
71e593
71e593
%install
71e593
71e593
sed -i -e 's:/usr/bin/python:%{__python3}:' src/tools/sss_obfuscate
71e593
71e593
make install DESTDIR=$RPM_BUILD_ROOT
71e593
71e593
if [ ! -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version} ]
71e593
then
71e593
    echo "Expected libwbclient version not found, please check if version has changed."
71e593
    exit -1
71e593
fi
71e593
71e593
# Prepare language files
71e593
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd
71e593
71e593
# Copy default logrotate file
71e593
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d
71e593
install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd
71e593
71e593
# Make sure SSSD is able to run on read-only root
71e593
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d
71e593
install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
71e593
71e593
# Kerberos KCM credential cache by default
71e593
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d
71e593
cp $RPM_BUILD_ROOT/%{_datadir}/sssd-kcm/kcm_default_ccache \
71e593
   $RPM_BUILD_ROOT/%{_sysconfdir}/krb5.conf.d/kcm_default_ccache
71e593
71e593
# Create directory for cifs-idmap alternative
71e593
# Otherwise this directory could not be owned by sssd-client
71e593
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils
71e593
71e593
# Remove .la files created by libtool
71e593
find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
71e593
71e593
# Suppress developer-only documentation
71e593
rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
71e593
71e593
# Older versions of rpmbuild can only handle one -f option
71e593
# So we need to append to the sssd*.lang file
71e593
for file in `ls $RPM_BUILD_ROOT/%{python3_sitelib}/*.egg-info 2> /dev/null`
71e593
do
71e593
    echo %{python3_sitelib}/`basename $file` >> python3_sssdconfig.lang
71e593
done
71e593
71e593
touch sssd.lang
71e593
for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
71e593
                  sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
71e593
                  libsss_certmap sssd_kcm
71e593
do
71e593
    touch $subpackage.lang
71e593
done
71e593
71e593
for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
71e593
do
71e593
    lang=`echo $man | cut -c 1-2`
71e593
    case `basename $man` in
71e593
        sss_cache*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
71e593
            ;;
71e593
        sss_ssh*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
71e593
            ;;
71e593
        sss_rpcidmapd*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_nfs_idmap.lang
71e593
            ;;
71e593
        sss_*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
71e593
            ;;
71e593
        sssctl*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_tools.lang
71e593
            ;;
71e593
        sssd_krb5_*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
71e593
            ;;
71e593
        pam_sss*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
71e593
            ;;
71e593
        sssd-ldap*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang
71e593
            ;;
71e593
        sssd-krb5*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang
71e593
            ;;
71e593
        sssd-ipa*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang
71e593
            ;;
71e593
        sssd-ad*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang
71e593
            ;;
71e593
        sssd-proxy*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
71e593
            ;;
71e593
        sssd-ifp*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_dbus.lang
71e593
            ;;
71e593
        sssd-kcm*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_kcm.lang
71e593
            ;;
71e593
        idmap_sss*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang
71e593
            ;;
71e593
        sss-certmap*)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> libsss_certmap.lang
71e593
            ;;
71e593
        *)
71e593
            echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
71e593
            ;;
71e593
    esac
71e593
done
71e593
71e593
# Print these to the rpmbuild log
71e593
echo "sssd.lang:"
71e593
cat sssd.lang
71e593
71e593
echo "python3_sssdconfig.lang:"
71e593
cat python3_sssdconfig.lang
71e593
71e593
for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \
71e593
                  sssd_client sssd_dbus sssd_nfs_idmap sssd_winbind_idmap \
71e593
                  libsss_certmap sssd_kcm
71e593
do
71e593
    echo "$subpackage.lang:"
71e593
    cat $subpackage.lang
71e593
done
71e593
71e593
%files
71e593
%defattr(-,root,root,-)
71e593
%license COPYING
71e593
71e593
%files common -f sssd.lang
71e593
%defattr(-,root,root,-)
71e593
%license COPYING
71e593
%doc src/examples/sssd-example.conf
71e593
%{_sbindir}/sssd
71e593
%{_unitdir}/sssd.service
71e593
%{_unitdir}/sssd-autofs.socket
71e593
%{_unitdir}/sssd-autofs.service
71e593
%{_unitdir}/sssd-nss.socket
71e593
%{_unitdir}/sssd-nss.service
71e593
%{_unitdir}/sssd-pac.socket
71e593
%{_unitdir}/sssd-pac.service
71e593
%{_unitdir}/sssd-pam.socket
71e593
%{_unitdir}/sssd-pam-priv.socket
71e593
%{_unitdir}/sssd-pam.service
71e593
%{_unitdir}/sssd-ssh.socket
71e593
%{_unitdir}/sssd-ssh.service
71e593
%{_unitdir}/sssd-sudo.socket
71e593
%{_unitdir}/sssd-sudo.service
71e593
71e593
%dir %{_libexecdir}/%{servicename}
71e593
%{_libexecdir}/%{servicename}/sssd_be
71e593
%{_libexecdir}/%{servicename}/sssd_nss
71e593
%{_libexecdir}/%{servicename}/sssd_pam
71e593
%{_libexecdir}/%{servicename}/sssd_autofs
71e593
%{_libexecdir}/%{servicename}/sssd_ssh
71e593
%{_libexecdir}/%{servicename}/sssd_sudo
71e593
%{_libexecdir}/%{servicename}/p11_child
71e593
%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders
71e593
71e593
%dir %{_libdir}/%{name}
71e593
# The files provider is intentionally packaged in -common
71e593
%{_libdir}/%{name}/libsss_files.so
71e593
%{_libdir}/%{name}/libsss_simple.so
71e593
71e593
#Internal shared libraries
71e593
%{_libdir}/%{name}/libsss_child.so
71e593
%{_libdir}/%{name}/libsss_crypt.so
71e593
%{_libdir}/%{name}/libsss_cert.so
71e593
%{_libdir}/%{name}/libsss_debug.so
71e593
%{_libdir}/%{name}/libsss_krb5_common.so
71e593
%{_libdir}/%{name}/libsss_ldap_common.so
71e593
%{_libdir}/%{name}/libsss_util.so
71e593
%{_libdir}/%{name}/libsss_semanage.so
71e593
%{_libdir}/%{name}/libifp_iface.so
71e593
%{_libdir}/%{name}/libifp_iface_sync.so
71e593
%{_libdir}/%{name}/libsss_iface.so
71e593
%{_libdir}/%{name}/libsss_iface_sync.so
71e593
%{_libdir}/%{name}/libsss_sbus.so
71e593
%{_libdir}/%{name}/libsss_sbus_sync.so
71e593
71e593
%{ldb_modulesdir}/memberof.so
71e593
%{_bindir}/sss_ssh_authorizedkeys
71e593
%{_bindir}/sss_ssh_knownhostsproxy
71e593
%{_sbindir}/sss_cache
71e593
%{_libexecdir}/%{servicename}/sss_signal
71e593
71e593
%dir %{sssdstatedir}
71e593
%dir %{_localstatedir}/cache/krb5rcache
71e593
%attr(700,sssd,sssd) %dir %{dbpath}
71e593
%attr(755,sssd,sssd) %dir %{mcpath}
71e593
%attr(700,root,root) %dir %{secdbpath}
71e593
%attr(751,root,root) %dir %{deskprofilepath}
71e593
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd
71e593
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group
71e593
%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups
71e593
%attr(755,sssd,sssd) %dir %{pipepath}
71e593
%attr(750,sssd,root) %dir %{pipepath}/private
71e593
%attr(755,sssd,sssd) %dir %{pubconfpath}
71e593
%attr(755,sssd,sssd) %dir %{gpocachepath}
71e593
%attr(750,sssd,sssd) %dir %{_var}/log/%{name}
71e593
%attr(700,sssd,sssd) %dir %{_sysconfdir}/sssd
71e593
%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd/conf.d
71e593
%attr(711,root,root) %dir %{_sysconfdir}/sssd/pki
71e593
%ghost %attr(0600,sssd,sssd) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
71e593
%dir %{_sysconfdir}/logrotate.d
71e593
%config(noreplace) %{_sysconfdir}/logrotate.d/sssd
71e593
%dir %{_sysconfdir}/rwtab.d
71e593
%config(noreplace) %{_sysconfdir}/rwtab.d/sssd
71e593
%dir %{_datadir}/sssd
71e593
%{_sysconfdir}/pam.d/sssd-shadowutils
71e593
%dir %{_libdir}/%{name}/conf
71e593
%{_libdir}/%{name}/conf/sssd.conf
71e593
71e593
%{_datadir}/sssd/cfg_rules.ini
71e593
%{_datadir}/sssd/sssd.api.conf
71e593
%{_datadir}/sssd/sssd.api.d
71e593
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
71e593
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
71e593
%{_mandir}/man5/sssd.conf.5*
71e593
%{_mandir}/man5/sssd-files.5*
71e593
%{_mandir}/man5/sssd-simple.5*
71e593
%{_mandir}/man5/sssd-sudo.5*
71e593
%{_mandir}/man5/sssd-session-recording.5*
71e593
%{_mandir}/man8/sssd.8*
71e593
%{_mandir}/man8/sss_cache.8*
71e593
%dir %{_datadir}/sssd/systemtap
71e593
%{_datadir}/sssd/systemtap/id_perf.stp
71e593
%{_datadir}/sssd/systemtap/nested_group_perf.stp
71e593
%{_datadir}/sssd/systemtap/dp_request.stp
71e593
%dir %{_datadir}/systemtap
71e593
%dir %{_datadir}/systemtap/tapset
71e593
%{_datadir}/systemtap/tapset/sssd.stp
71e593
%{_datadir}/systemtap/tapset/sssd_functions.stp
71e593
%{_mandir}/man5/sssd-systemtap.5*
71e593
71e593
%if (0%{?install_pcscd_polkit_rule} == 1)
71e593
%files polkit-rules
71e593
%{_datadir}/polkit-1/rules.d/*
71e593
%endif
71e593
71e593
%files ldap -f sssd_ldap.lang
71e593
%defattr(-,root,root,-)
71e593
%license COPYING
71e593
%{_libdir}/%{name}/libsss_ldap.so
71e593
%{_mandir}/man5/sssd-ldap.5*
71e593
71e593
%files krb5-common
71e593
%defattr(-,root,root,-)
71e593
%license COPYING
71e593
%attr(755,sssd,sssd) %dir %{pubconfpath}/krb5.include.d
71e593
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/ldap_child
71e593
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/krb5_child
71e593
71e593
%files krb5 -f sssd_krb5.lang
71e593
%defattr(-,root,root,-)
71e593
%license COPYING
71e593
%{_libdir}/%{name}/libsss_krb5.so
71e593
%{_mandir}/man5/sssd-krb5.5*
71e593
71e593
%files common-pac
71e593
%defattr(-,root,root,-)
71e593
%license COPYING
71e593
%{_libexecdir}/%{servicename}/sssd_pac
71e593
71e593
%files ipa -f sssd_ipa.lang
71e593
%defattr(-,root,root,-)
71e593
%license COPYING
71e593
%attr(700,sssd,sssd) %dir %{keytabdir}
71e593
%{_libdir}/%{name}/libsss_ipa.so
71e593
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/selinux_child
71e593
%{_mandir}/man5/sssd-ipa.5*
71e593
71e593
%files ad -f sssd_ad.lang
71e593
%defattr(-,root,root,-)
71e593
%license COPYING
71e593
%{_libdir}/%{name}/libsss_ad.so
71e593
%{_libexecdir}/%{servicename}/gpo_child
71e593
%{_mandir}/man5/sssd-ad.5*
71e593
71e593
%files proxy
71e593
%defattr(-,root,root,-)
71e593
%license COPYING
71e593
%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/proxy_child
71e593
%{_libdir}/%{name}/libsss_proxy.so
71e593
71e593
%files dbus -f sssd_dbus.lang
71e593
%defattr(-,root,root,-)
71e593
%license COPYING
71e593
%{_libexecdir}/%{servicename}/sssd_ifp
71e593
%{_mandir}/man5/sssd-ifp.5*
71e593
%{_unitdir}/sssd-ifp.service
71e593
# InfoPipe DBus plumbing
71e593
%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
71e593
%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
71e593
71e593
%files -n libsss_simpleifp
71e593
%defattr(-,root,root,-)
71e593
%{_libdir}/libsss_simpleifp.so.*
71e593
71e593
%files -n libsss_simpleifp-devel
71e593
%defattr(-,root,root,-)
71e593
%doc sss_simpleifp_doc/html
71e593
%{_includedir}/sss_sifp.h
71e593
%{_includedir}/sss_sifp_dbus.h
71e593
%{_libdir}/libsss_simpleifp.so
71e593
%{_libdir}/pkgconfig/sss_simpleifp.pc
71e593
71e593
%files client -f sssd_client.lang
71e593
%defattr(-,root,root,-)
71e593
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
71e593
%{_libdir}/libnss_sss.so.2
71e593
%{_libdir}/security/pam_sss.so
71e593
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
71e593
%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so
71e593
%dir %{_libdir}/cifs-utils
71e593
%{_libdir}/cifs-utils/cifs_idmap_sss.so
71e593
%dir %{_sysconfdir}/cifs-utils
71e593
%ghost %{_sysconfdir}/cifs-utils/idmap-plugin
71e593
%dir %{_libdir}/%{name}
71e593
%dir %{_libdir}/%{name}/modules
71e593
%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so
71e593
%{_mandir}/man8/pam_sss.8*
71e593
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
71e593
71e593
%files -n libsss_sudo
71e593
%defattr(-,root,root,-)
71e593
%license src/sss_client/COPYING
71e593
%{_libdir}/libsss_sudo.so*
71e593
71e593
%files -n libsss_autofs
71e593
%defattr(-,root,root,-)
71e593
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
71e593
%dir %{_libdir}/%{name}/modules
71e593
%{_libdir}/%{name}/modules/libsss_autofs.so
71e593
71e593
%files tools -f sssd_tools.lang
71e593
%defattr(-,root,root,-)
71e593
%license COPYING
71e593
%{_sbindir}/sss_obfuscate
71e593
%{_sbindir}/sss_override
71e593
%{_sbindir}/sss_debuglevel
71e593
%{_sbindir}/sss_seed
71e593
%{_sbindir}/sssctl
71e593
%{_mandir}/man8/sss_obfuscate.8*
71e593
%{_mandir}/man8/sss_override.8*
71e593
%{_mandir}/man8/sss_debuglevel.8*
71e593
%{_mandir}/man8/sss_seed.8*
71e593
%{_mandir}/man8/sssctl.8*
71e593
71e593
%files -n python3-sssdconfig -f python3_sssdconfig.lang
71e593
%defattr(-,root,root,-)
71e593
%dir %{python3_sitelib}/SSSDConfig
71e593
%{python3_sitelib}/SSSDConfig/*.py*
71e593
%dir %{python3_sitelib}/SSSDConfig/__pycache__
71e593
%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
71e593
71e593
%files -n python3-sss
71e593
%defattr(-,root,root,-)
71e593
%{python3_sitearch}/pysss.so
71e593
71e593
%files -n python3-sss-murmur
71e593
%defattr(-,root,root,-)
71e593
%{python3_sitearch}/pysss_murmur.so
71e593
71e593
%files -n libsss_idmap
71e593
%defattr(-,root,root,-)
71e593
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
71e593
%{_libdir}/libsss_idmap.so.*
71e593
71e593
%files -n libsss_idmap-devel
71e593
%defattr(-,root,root,-)
71e593
%doc idmap_doc/html
71e593
%{_includedir}/sss_idmap.h
71e593
%{_libdir}/libsss_idmap.so
71e593
%{_libdir}/pkgconfig/sss_idmap.pc
71e593
71e593
%files -n libipa_hbac
71e593
%defattr(-,root,root,-)
71e593
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
71e593
%{_libdir}/libipa_hbac.so.*
71e593
71e593
%files -n libipa_hbac-devel
71e593
%defattr(-,root,root,-)
71e593
%doc hbac_doc/html
71e593
%{_includedir}/ipa_hbac.h
71e593
%{_libdir}/libipa_hbac.so
71e593
%{_libdir}/pkgconfig/ipa_hbac.pc
71e593
71e593
%files -n libsss_nss_idmap
71e593
%defattr(-,root,root,-)
71e593
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
71e593
%{_libdir}/libsss_nss_idmap.so.*
71e593
71e593
%files -n libsss_nss_idmap-devel
71e593
%defattr(-,root,root,-)
71e593
%doc nss_idmap_doc/html
71e593
%{_includedir}/sss_nss_idmap.h
71e593
%{_libdir}/libsss_nss_idmap.so
71e593
%{_libdir}/pkgconfig/sss_nss_idmap.pc
71e593
71e593
%files -n python3-libsss_nss_idmap
71e593
%defattr(-,root,root,-)
71e593
%{python3_sitearch}/pysss_nss_idmap.so
71e593
71e593
%files -n python3-libipa_hbac
71e593
%defattr(-,root,root,-)
71e593
%{python3_sitearch}/pyhbac.so
71e593
71e593
%files libwbclient
71e593
%defattr(-,root,root,-)
71e593
%dir %{_libdir}/%{name}
71e593
%dir %{_libdir}/%{name}/modules
71e593
%{_libdir}/%{name}/modules/libwbclient.so.*
71e593
71e593
%files libwbclient-devel
71e593
%defattr(-,root,root,-)
71e593
%{_includedir}/wbclient_sssd.h
71e593
%{_libdir}/%{name}/modules/libwbclient.so
71e593
%{_libdir}/pkgconfig/wbclient_sssd.pc
71e593
71e593
%files winbind-idmap -f sssd_winbind_idmap.lang
71e593
%dir %{_libdir}/samba/idmap
71e593
%{_libdir}/samba/idmap/sss.so
71e593
%{_mandir}/man8/idmap_sss.8*
71e593
71e593
%files nfs-idmap -f sssd_nfs_idmap.lang
71e593
%{_mandir}/man5/sss_rpcidmapd.5*
71e593
%{_libdir}/libnfsidmap/sss.so
71e593
71e593
%files -n libsss_certmap -f libsss_certmap.lang
71e593
%defattr(-,root,root,-)
71e593
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
71e593
%{_libdir}/libsss_certmap.so.*
71e593
%{_mandir}/man5/sss-certmap.5*
71e593
71e593
%files -n libsss_certmap-devel
71e593
%defattr(-,root,root,-)
71e593
%doc certmap_doc/html
71e593
%{_includedir}/sss_certmap.h
71e593
%{_libdir}/libsss_certmap.so
71e593
%{_libdir}/pkgconfig/sss_certmap.pc
71e593
71e593
%files kcm -f sssd_kcm.lang
71e593
%{_libexecdir}/%{servicename}/sssd_kcm
71e593
%config(noreplace) %{_sysconfdir}/krb5.conf.d/kcm_default_ccache
71e593
%dir %{_datadir}/sssd-kcm
71e593
%{_datadir}/sssd-kcm/kcm_default_ccache
71e593
%{_unitdir}/sssd-kcm.socket
71e593
%{_unitdir}/sssd-kcm.service
71e593
%{_mandir}/man8/sssd-kcm.8*
71e593
%{_libdir}/%{name}/libsss_secrets.so
71e593
71e593
%pre ipa
71e593
getent group sssd >/dev/null || groupadd -r sssd
71e593
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
71e593
71e593
%pre krb5-common
71e593
getent group sssd >/dev/null || groupadd -r sssd
71e593
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
71e593
71e593
%pre common
71e593
getent group sssd >/dev/null || groupadd -r sssd
71e593
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
71e593
71e593
%pre proxy
71e593
getent group sssd >/dev/null || groupadd -r sssd
71e593
getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd
71e593
71e593
%post common
71e593
%systemd_post sssd.service
71e593
%systemd_post sssd-autofs.socket
71e593
%systemd_post sssd-nss.socket
71e593
%systemd_post sssd-pac.socket
71e593
%systemd_post sssd-pam.socket
71e593
%systemd_post sssd-pam-priv.socket
71e593
%systemd_post sssd-ssh.socket
71e593
%systemd_post sssd-sudo.socket
71e593
71e593
%preun common
71e593
%systemd_preun sssd.service
71e593
%systemd_preun sssd-autofs.socket
71e593
%systemd_preun sssd-nss.socket
71e593
%systemd_preun sssd-pac.socket
71e593
%systemd_preun sssd-pam.socket
71e593
%systemd_preun sssd-pam-priv.socket
71e593
%systemd_preun sssd-ssh.socket
71e593
%systemd_preun sssd-sudo.socket
71e593
71e593
%postun common
71e593
%systemd_postun_with_restart sssd-autofs.socket
71e593
%systemd_postun_with_restart sssd-autofs.service
71e593
%systemd_postun_with_restart sssd-nss.socket
71e593
%systemd_postun_with_restart sssd-nss.service
71e593
%systemd_postun_with_restart sssd-pac.socket
71e593
%systemd_postun_with_restart sssd-pac.service
71e593
%systemd_postun_with_restart sssd-pam.socket
71e593
%systemd_postun_with_restart sssd-pam-priv.socket
71e593
%systemd_postun_with_restart sssd-pam.service
71e593
%systemd_postun_with_restart sssd-ssh.socket
71e593
%systemd_postun_with_restart sssd-ssh.service
71e593
%systemd_postun_with_restart sssd-sudo.socket
71e593
%systemd_postun_with_restart sssd-sudo.service
71e593
71e593
%post dbus
71e593
%systemd_post sssd-ifp.service
71e593
71e593
%preun dbus
71e593
%systemd_preun sssd-ifp.service
71e593
71e593
%postun dbus
71e593
%systemd_postun_with_restart sssd-ifp.service
71e593
71e593
%post kcm
71e593
%systemd_post sssd-kcm.socket
71e593
71e593
%preun kcm
71e593
%systemd_preun sssd-kcm.socket
71e593
71e593
%postun kcm
71e593
%systemd_postun_with_restart sssd-kcm.socket
71e593
%systemd_postun_with_restart sssd-kcm.service
71e593
71e593
%post client
71e593
/sbin/ldconfig
71e593
/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20
71e593
71e593
%preun client
71e593
if [ $1 -eq 0 ] ; then
71e593
        /usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so
71e593
fi
71e593
71e593
%postun client -p /sbin/ldconfig
71e593
71e593
%post -n libsss_sudo -p /sbin/ldconfig
71e593
71e593
%postun -n libsss_sudo -p /sbin/ldconfig
71e593
71e593
%post -n libipa_hbac -p /sbin/ldconfig
71e593
71e593
%postun -n libipa_hbac -p /sbin/ldconfig
71e593
71e593
%post -n libsss_idmap -p /sbin/ldconfig
71e593
71e593
%postun -n libsss_idmap -p /sbin/ldconfig
71e593
71e593
%post -n libsss_nss_idmap -p /sbin/ldconfig
71e593
71e593
%postun -n libsss_nss_idmap -p /sbin/ldconfig
71e593
71e593
%post -n libsss_simpleifp -p /sbin/ldconfig
71e593
71e593
%postun -n libsss_simpleifp -p /sbin/ldconfig
71e593
71e593
%post -n libsss_certmap -p /sbin/ldconfig
71e593
71e593
%postun -n libsss_certmap -p /sbin/ldconfig
71e593
71e593
%posttrans common
71e593
%systemd_postun_with_restart sssd.service
71e593
71e593
%posttrans libwbclient
71e593
%{_sbindir}/update-alternatives \
71e593
    --install %{_libdir}/libwbclient.so.%{libwbc_alternatives_version} \
71e593
              libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \
71e593
              %{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version} 5
71e593
/sbin/ldconfig
71e593
71e593
%preun libwbclient
71e593
%{_sbindir}/update-alternatives \
71e593
    --remove libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \
71e593
             %{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version}
71e593
/sbin/ldconfig
71e593
71e593
%posttrans libwbclient-devel
71e593
%{_sbindir}/update-alternatives --install %{_libdir}/libwbclient.so \
71e593
                                libwbclient.so%{libwbc_alternatives_suffix} \
71e593
                                %{_libdir}/%{name}/modules/libwbclient.so 5
71e593
71e593
%preun libwbclient-devel
71e593
%{_sbindir}/update-alternatives --remove \
71e593
                                libwbclient.so%{libwbc_alternatives_suffix} \
71e593
                                %{_libdir}/%{name}/modules/libwbclient.so
71e593
71e593
%changelog
71e593
* Sun Feb 10 2019 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-43
71e593
- Resolves: rhbz#1672780 - gdm login not prompting for username when smart
71e593
                           card maps to multiple users
71e593
71e593
* Fri Feb 08 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-42
71e593
- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part
71e593
                           of gen_new to avoid a subsequent switch call
71e593
                           failure
71e593
71e593
* Thu Feb 07 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-41
71e593
-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong
71e593
                          subdomain service name being used
71e593
71e593
* Thu Feb 07 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-40
71e593
-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error.
71e593
                          UnknownProperty: Unknown property
71e593
71e593
* Thu Feb 07 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-39
71e593
- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than
71e593
                           1.x, this can result in time outs
71e593
71e593
* Mon Jan 14 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-38
71e593
- Resolves: rhbz#1578014 - sssd does not work under non-root user
71e593
- Note: Actually the patches were in the 2.0.0-37, this one just adds this
71e593
        changelog because it was missing.
71e593
71e593
* Fri Jan 11 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-36
71e593
- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss
71e593
                           suggests using * for backend sss
71e593
71e593
* Fri Jan 11 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-35
71e593
- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist
71e593
71e593
* Thu Jan 10 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-34
71e593
- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls
71e593
                           kdestroy caused by KCM returning a wrong error
71e593
                           code during the delete operation
71e593
71e593
* Wed Jan 09 2019 Michal Židek <mzidek@redhat.com> - 2.0.0-33
71e593
- Resolves: rhbz#1646113 - Missing concise documentation about valid options
71e593
                           for sssd-files-provider
71e593
71e593
* Mon Dec 17 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-32
71e593
- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc
71e593
            and libtevent to avoid an issue in GPO processing 
71e593
71e593
* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-31
71e593
- Resolves: 1658813 - PKINIT with KCM does not work
71e593
71e593
* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-30
71e593
- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to
71e593
                      retrieve AD users through IPA Trust 
71e593
71e593
* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-29
71e593
- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise():
71e593
                           /usr/libexec/sssd/proxy_child killed by 6
71e593
71e593
* Sun Dec 16 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-28
71e593
- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories
71e593
71e593
* Tue Dec 11 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-27
71e593
- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work
71e593
                           if ID provider is authenticated with GSSAPI
71e593
71e593
* Tue Dec 11 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-26
71e593
- Resolves: rhbz#1657980 - sssd_nss memory leak
71e593
71e593
* Tue Dec 11 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-25
71e593
- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly
71e593
                           for D-bus, resulting in a crash
71e593
71e593
* Tue Dec 04 2018 Michal Židek <mzidek@redhat.com> - 2.0.0-24
71e593
- Resolves: rhbz#1646168 - sssctl access-report always prints an error message
71e593
- Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the
71e593
                           configuration without having to restart the whole
71e593
                           sssd
71e593
- Resolves: rhbz#1640576 - sssctl reports incorrect information about local
71e593
                           user's cache entry expiration time
71e593
- Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user
71e593
- Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys
71e593
71e593
* Thu Oct 25 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-23
71e593
- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui
71e593
                           with smart card
71e593
71e593
* Wed Oct 24 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-22
71e593
- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA
71e593
71e593
* Tue Oct 16 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-21
71e593
- Related: rhbz#1638150 - session not recording for local user when groups defined
71e593
- Also add silence a Coverity warning, which is related to rhbz#1637131
71e593
71e593
* Mon Oct 15 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-20
71e593
- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules
71e593
71e593
* Mon Oct 15 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-19
71e593
- Add OSCP checks for p11_child
71e593
- Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local
71e593
                          users
71e593
71e593
* Mon Oct 15 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-18
71e593
- Related: rhbz#1638006 - Files: The files provider always enumerates
71e593
                          which causes duplicate when running getent passwd
71e593
71e593
* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-17
71e593
- Related: rhbz#1637131 - pam_unix unable to match fully qualified username
71e593
                          provided by sssd during smartcard auth using gdm
71e593
71e593
* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-16
71e593
- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a
71e593
                          PKCS#11 URI
71e593
71e593
* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-15
71e593
- Related: rhbz#1611011 - Support for "require smartcard for login option"
71e593
71e593
* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-14
71e593
- Related: rhbz#1635595 - Cant login with smartcard with multiple certs
71e593
71e593
* Thu Oct 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-13
71e593
- Backport more sbus2 fixes
71e593
- Related: rhbz#1623878 - crash related to sbus_router_destructor()
71e593
71e593
* Wed Oct 10 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-12
71e593
- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD
71e593
71e593
* Wed Oct  3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-11
71e593
- Resolves: rhbz#1628122 - Printing incorrect information about domain
71e593
                           with sssctl utility
71e593
71e593
* Wed Oct  3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-10
71e593
- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not
71e593
                           started due to a misconfiguration
71e593
71e593
* Wed Oct  3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-9
71e593
- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del
71e593
                           commands in man pages since local provider
71e593
                           is deprecated
71e593
71e593
* Wed Oct  3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-8
71e593
- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function():
71e593
                            /usr/libexec/sssd/sssd_be killed by 11 crash
71e593
                            func _dbus_list_unlink
71e593
71e593
* Wed Oct  3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-7
71e593
- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it
71e593
                           differs from the default
71e593
71e593
* Wed Sep 26 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-6
71e593
- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup
71e593
71e593
* Tue Sep 25 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-5
71e593
- Resolves: rhbz#1615590 - Do not rely on "python" for el8
71e593
71e593
* Tue Sep 25 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-4
71e593
- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local
71e593
                           users
71e593
71e593
* Tue Sep 11 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-3
71e593
- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()
71e593
71e593
* Thu Aug 30 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.0.0-2
71e593
- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication
71e593
                           fails with the KCM ccache
71e593
71e593
* Mon Aug 13 2018 Fabiano Fidêncio <fidencio@redhat.com> - 2.0.0-1
71e593
- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version
71e593
71e593
* Tue Jul 03 2018 Tomas Orsava <torsava@redhat.com> - 1.16.2-2
71e593
- Switch hardcoded python3 shebangs into the %%{__python3} macro
71e593
71e593
* Thu Jun 14 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.2-1
71e593
- Update to 1.16.2 release
71e593
- Cleanup unused global definitions
71e593
- Remove python2 references from the spec file
71e593
- Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x
71e593
71e593
* Fri Apr 27 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-3
71e593
- Resolves: upstream#3684 - A group is not updated if its member is removed
71e593
                            with the cleanup task, but the group does not
71e593
                            change
71e593
- Resolves: upstream#3558 - sudo: report error when two rules share cn
71e593
- Tone down shutdown messages for socket activated responders
71e593
- IPA: Qualify the externalUser sudo attribute
71e593
- Resolves: upstream#3550 - refresh_expired_interval does not work with
71e593
                            netgrous in 1.15
71e593
- Resolves: upstream#3402 - Support alternative sources for the files provider
71e593
- Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option
71e593
- Resolves: upstream#3679 - Make nss netgroup requests more robust
71e593
- Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not
71e593
                            configured
71e593
- Resolves: upstream#3469 - extend sss-certmap man page regarding priority
71e593
                            processing
71e593
- Improve docs/debug message about GC detection
71e593
- Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes
71e593
                            list out of bound?
71e593
- Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is
71e593
                            set.
71e593
- Document which principal does the AD provider use
71e593
- Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is
71e593
                            defined, but contains no SIDs
71e593
- Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM
71e593
- Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data
71e593
                           Provider returned an error
71e593
                           [org.freedesktop.sssd.Error.DataProvider.Fatal]
71e593
71e593
* Fri Mar 30 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-2
71e593
- Resolves: upstream#3573 - sssd won't show netgroups with blank domain
71e593
- Resolves: upstream#3660 - confdb_expand_app_domains() always fails
71e593
- Resolves: upstream#3658 - Application domain is not interpreted correctly
71e593
- Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to
71e593
                            json_loads()
71e593
- Resolves: upstream#3386 - KCM: Payload buffer is too small
71e593
- Resolves: upstream#3666 - Fix usage of str.decode() in our tests
71e593
- A few KCM misc fixes
71e593
71e593
* Fri Mar  9 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.1-1
71e593
- New upstream release 1.16.1
71e593
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html
71e593
71e593
* Tue Feb 20 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-13
71e593
- Resolves: upstream#3621 - backport bug found by static analyzers
71e593
71e593
* Wed Feb 14 2018 Fabiano Fidêncio <fidencio@fedoraproject.org> - 1.16.0-12
71e593
- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile
71e593
                           with no specific host/hostgroup set
71e593
- Resolves: upstream#3621 - FleetCommander integration must not require
71e593
                            capability DAC_OVERRIDE
71e593
71e593
* Wed Feb 07 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-11
71e593
- Resolves: upstream#3618 - selinux_child segfaults in a docker container
71e593
71e593
* Tue Feb 06 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-10
71e593
- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl
71e593
71e593
* Thu Jan 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 1.16.0-9
71e593
- Fix systemd executions/requirements
71e593
71e593
* Thu Jan 25 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-8
71e593
- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS
71e593
71e593
* Thu Jan 11 2018 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-7
71e593
- Fix building of sssd-nfs-idmap with libnfsidmap.so.1
71e593
71e593
* Thu Jan 11 2018 Björn Esser <besser82@fedoraproject.org> - 1.16.0-6
71e593
- Rebuilt for libnfsidmap.so.1
71e593
71e593
* Mon Dec 04 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-5
71e593
- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in
71e593
                            setnetgrent_result_timeout
71e593
- Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
71e593
                            or machine swaps
71e593
- Resolves: failure in glibc tests
71e593
            https://sourceware.org/bugzilla/show_bug.cgi?id=22530
71e593
- Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
71e593
                            auth_provider ldap, login fails if the LDAP server
71e593
                            is not allowing anonymous binds
71e593
- Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
71e593
                            corrected with AD
71e593
- Resolves: upstream#3586 - Give a more detailed debug and system-log message
71e593
                            if krb5_init_context() failed
71e593
- Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
71e593
                           in /etc/systemd/system
71e593
- Backport few upstream features from 1.16.1
71e593
71e593
* Tue Nov 21 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-4
71e593
- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next
71e593
71e593
* Fri Nov 17 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.16.0-3
71e593
- Backport extended NSS API from upstream master branch
71e593
71e593
* Fri Nov 03 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-2
71e593
- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade
71e593
71e593
* Fri Oct 20 2017 Lukas Slebodnik <lslebodn@fedoraproject.org> - 1.16.0-1
71e593
- New upstream release 1.16.0
71e593
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html
71e593
71e593
* Wed Oct 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-5
71e593
- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when
71e593
                           searching in local cache database access on
71e593
                           the sock_file system_bus_socket
71e593
71e593
* Mon Sep 11 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-4
71e593
- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write
71e593
                           access on the sock_file system_bus_socket
71e593
- Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
71e593
                           fails to download desktop profile data
71e593
- Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
71e593
- Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients
71e593
                            after applying ID Views for them in IPA server
71e593
- Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id
71e593
                            mapping is applied
71e593
71e593
* Fri Sep 01 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-3
71e593
- Backport few upstream patches/fixes
71e593
71e593
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.3-2
71e593
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
71e593
71e593
* Tue Jul 25 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-1
71e593
- New upstream release 1.15.3
71e593
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html
71e593
71e593
* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.5
71e593
- Rebuild with libldb-1.2.0
71e593
71e593
* Tue Jun 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.4
71e593
- Fix build issues: Update expided certificate in unit tests
71e593
71e593
* Sat Apr 29 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.3
71e593
- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication
71e593
- Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with
71e593
                           file from package sssd-common-1.15.1-1.fc25.x86_64
71e593
- Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
71e593
71e593
* Thu Apr 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.2
71e593
- Fix issue with IPA + SELinux in containers
71e593
- Resolves: upstream https://fedorahosted.org/sssd/ticket/3297
71e593
71e593
* Tue Apr 04 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.3-0.beta.1
71e593
- Backport upstream patches for 1.15.3 pre-release
71e593
- required for building freeipa-4.5.x in rawhide
71e593
71e593
* Thu Mar 16 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.2-1
71e593
- New upstream release 1.15.2
71e593
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html
71e593
71e593
* Mon Mar 06 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.1-1
71e593
- New upstream release 1.15.1
71e593
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html
71e593
71e593
* Wed Feb 22 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.0-4
71e593
- Cherry-pick patches from upstream that enable the files provider
71e593
- Enable the files domain
71e593
- Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch
71e593
  which is superseded by the files domain autoconfiguration
71e593
- Related: rhbz#1357418 - SSSD fast cache for local users
71e593
71e593
* Tue Feb 14 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-3
71e593
- Add missing %%license macro
71e593
71e593
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 1.15.0-2
71e593
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
71e593
71e593
* Fri Jan 27 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.0-1
71e593
- New upstream release 1.15.0
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0
71e593
71e593
* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 1.14.2-3
71e593
- Rebuild for Python 3.6
71e593
71e593
* Tue Dec 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-2
71e593
- Resolves: rhbz#1369130 - nss_sss should not link against libpthread
71e593
- Resolves: rhbz#1392916 - sssd failes to start after update
71e593
- Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses
71e593
                           on the directory /etc/sssd
71e593
71e593
* Thu Oct 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.2-1
71e593
- New upstream release 1.14.2
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2
71e593
71e593
* Fri Oct 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-4
71e593
- libwbclient-sssd: update interface to version 0.13
71e593
71e593
* Thu Sep 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-3
71e593
- Fix regression with krb5_map_user
71e593
- Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore
71e593
- Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError:
71e593
                           default if nonexistent domain is mentioned
71e593
71e593
* Thu Sep 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-2
71e593
- Backport important patches from upstream 1.14.2 prerelease
71e593
- Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after
71e593
                             boot
71e593
- Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14
71e593
71e593
* Fri Aug 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.1-1
71e593
- New upstream release 1.14.0
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1
71e593
71e593
* Mon Aug 15 2016 Stephen Gallagher <sgallagh@redhat.com> - 1.14.0-5
71e593
- Add workaround patch for RHBZ #1366403
71e593
71e593
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.14.0-4
71e593
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
71e593
71e593
* Fri Jul 08 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-3
71e593
- New upstream release 1.14.0
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0
71e593
71e593
* Fri Jul 01 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-2.beta
71e593
- New upstream release 1.14 beta
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta
71e593
71e593
* Tue Jun 21 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.14.0-1.alpha
71e593
- New upstream release 1.14 alpha
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha
71e593
71e593
* Fri May 13 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-3
71e593
- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element():
71e593
                           sssd_ifp killed by SIGSEGV
71e593
71e593
* Fri Apr 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-2
71e593
- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6
71e593
71e593
* Thu Apr 14 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.4-1
71e593
- New upstream release 1.13.4
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4
71e593
71e593
* Tue Mar 22 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-6
71e593
- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password
71e593
                           prompts (e.g. Password + Token)
71e593
- Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed
71e593
                           by remote host" if locale not available
71e593
71e593
* Thu Feb 25 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-5
71e593
- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA
71e593
                           groups during getgrnam and getgrgid
71e593
- Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses
71e593
                           in call to 'print'
71e593
71e593
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.13.3-4
71e593
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
71e593
71e593
* Wed Jan 20 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-3
71e593
- Additional upstream fixes
71e593
71e593
* Tue Jan 19 2016 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-2
71e593
- Resolves: rhbz#1256849 - SUDO: Support the IPA schema
71e593
71e593
* Wed Dec 16 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.3-1
71e593
- New upstream release 1.13.3
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3
71e593
71e593
* Fri Nov 20 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.2-1
71e593
- New upstream release 1.13.2
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2
71e593
71e593
* Fri Nov 06 2015 Robert Kuska <rkuska@redhat.com> - 1.13.1-5
71e593
- Rebuilt for Python3.5 rebuild
71e593
71e593
* Tue Oct 27 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-4
71e593
- Fix building pac responder with the krb5-1.14
71e593
71e593
* Mon Oct 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-3
71e593
- python-sssdconfig: Fix parssing sssd.conf without config_file_version
71e593
- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
71e593
71e593
* Wed Oct 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-2
71e593
- Fix few segfaults
71e593
- Resolves: upstream #2811 - PAM responder crashed if user was not set
71e593
- Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step
71e593
71e593
* Thu Oct 01 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.1-1
71e593
- New upstream release 1.13.1
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
71e593
71e593
* Thu Sep 10 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-6
71e593
- Fix OTP bug
71e593
- Resolves: upstream #2729 - Do not send SSS_OTP if both factors were
71e593
                             entered separately
71e593
71e593
* Mon Sep 07 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-5
71e593
- Backport upstream patches required by FreeIPA 4.2.1
71e593
71e593
* Tue Jul 21 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-4
71e593
- Fix ipa-migration bug
71e593
- Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled
71e593
                             migration mode
71e593
71e593
* Wed Jul 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-3
71e593
- New upstream release 1.13.0
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0
71e593
71e593
* Tue Jun 30 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-2.alpha
71e593
- Unify return type of list_active_domains for python{2,3}
71e593
71e593
* Mon Jun 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-1.alpha
71e593
- New upstream release 1.13 alpha
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha
71e593
71e593
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.5-4
71e593
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
71e593
71e593
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-3
71e593
- Fix libwbclient alternatives
71e593
71e593
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-2
71e593
- Backport important patches from upstream 1.13 prerelease
71e593
71e593
* Fri Jun 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.5-1
71e593
- New upstream release 1.12.5
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5
71e593
71e593
* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-8
71e593
- Backport important patches from upstream 1.13 prerelease
71e593
- Resolves: rhbz#1060325 - Does sssd-ad use the most suitable
71e593
                           attribute for group name
71e593
- Resolves: upstream #2335 - Investigate using the krb5 responder
71e593
                             for driving the PAM conversation with OTPs
71e593
- Enable cmocka tests for secondary architectures
71e593
71e593
* Fri May 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-7
71e593
- Backport patches from upstream 1.12.5 prerelease - contains many fixes
71e593
71e593
* Wed Apr 15 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-6
71e593
- Fix slow login with ipa and SELinux
71e593
- Resolves: upstream #2624 - Only set the selinux context if the context
71e593
                             differs from the local one
71e593
71e593
* Mon Mar 23 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-5
71e593
- Fix regressions with ipa and SELinux
71e593
- Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security
71e593
                             context on client is staff_u
71e593
71e593
* Fri Mar  6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-4
71e593
- Also relax libldb Requires
71e593
- Remove --enable-ldb-version-check
71e593
71e593
* Fri Mar  6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.4-3
71e593
- Relax libldb BuildRequires to be greater-or-equal
71e593
71e593
* Wed Feb 25 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-2
71e593
- Add support for python3 bindings
71e593
- Add requirement to python3 or python3 bindings
71e593
- Resolves: rhbz#1014594 - sssd: Support Python 3
71e593
71e593
* Wed Feb 18 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.4-1
71e593
- New upstream release 1.12.4
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4
71e593
71e593
* Sat Feb 14 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-7
71e593
- Backport patches with Python3 support from upstream
71e593
71e593
* Thu Feb 12 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-6
71e593
- Fix double free in monitor
71e593
- Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort():
71e593
                        sssd killed by SIGABRT
71e593
71e593
* Wed Jan 28 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.3-5
71e593
- Rebuild for new libldb
71e593
71e593
* Thu Jan 22 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-4
71e593
- Decrease priority of sssd-libwbclient 20 -> 5
71e593
- It should be lower than priority of samba veriosn of libwbclient.
71e593
- https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18
71e593
71e593
* Mon Jan 19 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-3
71e593
- Apply a number of patches from upstream to fix issues found 1.12.3
71e593
- Resolves: rhbz#1176373 - dyndns_iface does not accept multiple
71e593
                           interfaces, or isn't documented to be able to
71e593
- Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is
71e593
                          not running
71e593
- Resolves: upstream #2557  authentication failure with user from AD
71e593
71e593
* Fri Jan 09 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-2
71e593
- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus
71e593
- Resolves: rhbz#1179379 - gzip: stdin: file size changed while
71e593
                           zipping when rotating logfile
71e593
71e593
* Thu Jan 08 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.3-1
71e593
- New upstream release 1.12.3
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3
71e593
- Fix spelling errors in description (fedpkg lint)
71e593
71e593
* Tue Jan  6 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-8
71e593
- Rebuild for libldb 1.1.19
71e593
71e593
* Fri Dec 19 2014 Sumit Bose <sbose@redhat.com> - 1.12.2-7
71e593
- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes
71e593
                           crash in wbinfo
71e593
                           - in addition to the patch libwbclient.so is
71e593
                             filtered out of the Provides list of the package
71e593
71e593
* Wed Dec 17 2014 Lukas Slebodnik <lslebodn@redhat.com> - 1.12.2-6
71e593
- Fix regressions and bugs in sssd upstream 1.12.2
71e593
- https://fedorahosted.org/sssd/ticket/{id}
71e593
- Regressions: #2471, #2475, #2483, #2487, #2529, #2535
71e593
- Bugs: #2287, #2445
71e593
71e593
* Sun Dec  7 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-5
71e593
- Rebuild for libldb 1.1.18
71e593
71e593
* Wed Nov 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-4
71e593
- Fix typo in libwbclient-devel %%preun
71e593
71e593
* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-3
71e593
- Use alternatives for libwbclient
71e593
71e593
* Wed Oct 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-2
71e593
- Backport several patches from upstream.
71e593
- Fix a potential crash against old (pre-4.0) IPA servers
71e593
71e593
* Mon Oct 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-1
71e593
- New upstream release 1.12.2
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2
71e593
71e593
* Mon Sep 15 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-2
71e593
- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user
71e593
                           private group from server
71e593
71e593
* Mon Sep  8 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-1
71e593
- New upstream release 1.12.1
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1
71e593
71e593
* Fri Aug 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-7
71e593
- Do not crash on resolving a group SID in IPA server mode
71e593
71e593
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-6
71e593
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
71e593
71e593
* Thu Jul 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.12.0-5
71e593
- Fix release version for upgrades
71e593
71e593
* Wed Jul 09 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1
71e593
- New upstream release 1.12.0
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0
71e593
71e593
* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.0-4.beta2
71e593
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
71e593
71e593
* Wed Jun 04 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta2
71e593
- New upstream release 1.12 beta2
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2
71e593
71e593
* Mon Jun 02 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-2.beta1
71e593
- Fix tests on big-endian
71e593
- Fix previous changelog entry
71e593
71e593
* Fri May 30 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1.beta1
71e593
- New upstream release 1.12 beta1
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1
71e593
71e593
* Thu May 29 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-4
71e593
- Rebuild against new ding-libs
71e593
71e593
* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-3
71e593
- Make LDB dependency a strict equivalency
71e593
71e593
* Thu May 08 2014 Stephen Gallagher <sgallagh@redhat.com> - 1.11.5.1-2
71e593
- Rebuild against new libldb
71e593
71e593
* Fri Apr 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-1
71e593
- New upstream release 1.11.5.1
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1
71e593
71e593
* Thu Apr 10 2014 Stephen Gallagher <sgallagh@redhat.com> 1.11.5-2
71e593
- Fix bug in generation of systemd unit file
71e593
71e593
* Tue Apr 08 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5-1
71e593
- New upstream release 1.11.5
71e593
- Remove upstreamed patch
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5
71e593
71e593
* Thu Mar 13 2014 Sumit Bose <sbose@redhat.com> - 1.11.4-3
71e593
- Handle new error code for IPA password migration
71e593
71e593
* Tue Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-2
71e593
- Include couple of patches from upstream 1.11 branch
71e593
71e593
* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-1
71e593
- New upstream release 1.11.4
71e593
- Remove upstreamed patch
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
71e593
71e593
* Tue Feb 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-2
71e593
- Handle OTP response from FreeIPA server gracefully
71e593
71e593
* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-1
71e593
- New upstream release 1.11.3
71e593
- Remove upstreamed patches
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3
71e593
71e593
* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-1
71e593
- New upstream release 1.11.2
71e593
- Remove upstreamed patches
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2
71e593
71e593
* Wed Oct 16 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-5
71e593
- Fix potential crash with external groups in trusted IPA-AD setup
71e593
71e593
* Mon Oct 14 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-4
71e593
- Add plugin for cifs-utils
71e593
- Resolves: rhbz#998544
71e593
71e593
* Tue Oct 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-3
71e593
- Fix failover from Global Catalog to LDAP in case GC is not available
71e593
71e593
* Fri Oct 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-2
71e593
- Remove the ability to create public ccachedir (#1015089)
71e593
71e593
* Fri Sep 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-1
71e593
- New upstream release 1.11.1
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1
71e593
71e593
* Thu Sep 26 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-3
71e593
- Fix multicast checks in the SSSD
71e593
- Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source
71e593
                           code getting the host info
71e593
71e593
* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-2
71e593
- Backport simplification of ccache management from 1.11.1
71e593
- Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login
71e593
71e593
* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-1
71e593
- New upstream release 1.11.0
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0
71e593
71e593
* Fri Aug 23 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-0.4.beta2
71e593
- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid:
71e593
                      Process /usr/libexec/sssd/sssd_nss was killed by
71e593
                      signal 11 (SIGSEGV)
71e593
- Resolves: #996214 - sssd proxy_child segfault
71e593
71e593
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.11.0-0.3.beta2
71e593
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
71e593
71e593
* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.2beta2
71e593
- Resolves: #906427 - Do not use %%{_lib} in specfile for the nss and
71e593
                      pam libraries
71e593
71e593
* Wed Jul 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.1beta2
71e593
- New upstream release 1.11 beta 2
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2
71e593
71e593
* Thu Jul 18 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-1
71e593
- New upstream release 1.10.1
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1
71e593
71e593
* Mon Jul 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-17
71e593
- sssd-tools should require sssd-common, not sssd
71e593
71e593
* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-16
71e593
- Move sssd_pac to the sssd-ipa and sssd-ad subpackages
71e593
- Trim out RHEL5-specific macros since we don't build on RHEL 5
71e593
- Trim out macros for Fedora older than F18
71e593
- Update libldb requirement to 1.1.16
71e593
- Trim RPM changelog down to the last year
71e593
71e593
* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-15
71e593
- Move sssd_pac to the sssd-krb5 subpackage
71e593
71e593
* Mon Jul 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-14
71e593
- Fix Obsoletes: to account for dist tag
71e593
- Convert post and pre scripts to run on the sssd-common subpackage
71e593
- Remove old conversion from SYSV
71e593
71e593
* Thu Jun 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-13
71e593
- New upstream release 1.10
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0
71e593
71e593
* Mon Jun 17 2013 Dan Horák <dan[at]danny.cz> - 1.10.0-12.beta2
71e593
- the cmocka toolkit exists only on selected arches
71e593
71e593
* Sun Jun 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-11.beta2
71e593
- Apply a number of patches from upstream to fix issues found post-beta,
71e593
  in particular:
71e593
  -- segfault with a high DEBUG level
71e593
  -- Fix IPA password migration (upstream #1873)
71e593
  -- Fix fail over when retrying SRV resolution (upstream #1886)
71e593
71e593
* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-10.beta2
71e593
- Only BuildRequire libcmocka on Fedora
71e593
71e593
* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-9.beta2
71e593
- Fix typo in Requires that prevented an upgrade (#973916)
71e593
- Use a hardcoded version in Conflicts, not less-than-current
71e593
71e593
* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta1
71e593
- Enable hardened build for RHEL7
71e593
71e593
* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta2
71e593
- New upstream release 1.10 beta2
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2
71e593
- BuildRequire libcmocka-devel in order to run all upstream tests during build
71e593
- BuildRequire libnl3 instead of libnl1
71e593
- No longer BuildRequire initscripts, we no longer use /sbin/service
71e593
- Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any
71e593
  older krb5-libs version
71e593
71e593
* Fri May 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-7.beta1
71e593
- Apply a couple of patches from upstream git that resolve crashes when
71e593
  ID mapping object was not initialized properly but needed later
71e593
71e593
* Tue May 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-6.beta1
71e593
- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during
71e593
                          realm join
71e593
- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by
71e593
                          default for AD Provider
71e593
- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file
71e593
                          parent directory when logging in
71e593
71e593
* Tue May  7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-5.beta1
71e593
- BuildRequire recent libini_config to ensure consistent behaviour
71e593
71e593
* Tue May  7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-4.beta1
71e593
- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug
71e593
  in ding-libs
71e593
- Fix SSH integration with fully-qualified domains
71e593
- Add the ability to dynamically discover the NetBIOS name
71e593
71e593
* Fri May  3 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-3.beta1
71e593
- New upstream release 1.10 beta1
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1
71e593
71e593
* Wed Apr 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-2.alpha1
71e593
- Add a patch to fix krb5 ccache creation issue with krb5 1.11
71e593
71e593
* Tue Apr  2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-1.alpha1
71e593
- New upstream release 1.10 alpha1
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1
71e593
71e593
* Fri Mar 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.5-10
71e593
- Add a patch to fix krb5 unit tests
71e593
71e593
* Fri Mar 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.9.4-9
71e593
- Split internal helper libraries into a shared object
71e593
- Significantly reduce disk-space usage
71e593
71e593
* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-8
71e593
- Fix the Kerberos password expiration warning (#912223)
71e593
71e593
* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-7
71e593
- Do not write out dots in the domain-realm mapping file (#905650)
71e593
71e593
* Mon Feb 11 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-6
71e593
- Include upstream patch to build with krb5-1.11
71e593
71e593
* Thu Feb 07 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-5
71e593
- Rebuild against new libldb
71e593
71e593
* Mon Feb 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-4
71e593
- Fix build with new automake versions
71e593
71e593
* Wed Jan 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-3
71e593
- Recreate Kerberos ccache directory if it's missing
71e593
- Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache
71e593
                          directory /run/user/UID/ccdir does not exist
71e593
71e593
* Tue Jan 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-2
71e593
- Fix changelog dates to make F19 rpmbuild happy
71e593
71e593
* Mon Jan 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-1
71e593
- New upstream release 1.9.4
71e593
71e593
* Thu Dec 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.3-1
71e593
- New upstream release 1.9.3
71e593
71e593
* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-5
71e593
- Resolve groups from AD correctly
71e593
71e593
* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-4
71e593
- Check the validity of naming context
71e593
71e593
* Thu Oct 18 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-3
71e593
- Move the sss_cache tool to the main package
71e593
71e593
* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-2
71e593
- Include the 1.9.2 tarball
71e593
71e593
* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-1
71e593
- New upstream release 1.9.2
71e593
71e593
* Sun Oct 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.1-1
71e593
- New upstream release 1.9.1
71e593
71e593
* Wed Oct 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24
71e593
- require the latest libldb
71e593
71e593
* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24
71e593
- Use mcpath insted of mcachepath macro to be consistent with
71e593
  upsteam spec file
71e593
71e593
* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-23
71e593
- New upstream release 1.9.0
71e593
71e593
* Fri Sep 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-22.rc1
71e593
- New upstream release 1.9.0 rc1
71e593
71e593
* Thu Sep 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-21.beta7
71e593
- New upstream release 1.9.0 beta7
71e593
- obsoletes patches #1-#3
71e593
71e593
* Mon Sep 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-20.beta6
71e593
- Rebuild against libldb 1.12
71e593
71e593
* Tue Aug 28 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-19.beta6
71e593
- Rebuild against libldb 1.11
71e593
71e593
* Fri Aug 24 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-18.beta6
71e593
- Change the default ccache location to DIR:/run/user/${UID}/krb5cc
71e593
  and patch man page accordingly
71e593
- Resolves: rhbz#851304
71e593
71e593
* Mon Aug 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-17.beta6
71e593
- Rebuild against libldb 1.10
71e593
71e593
* Fri Aug 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-16.beta6
71e593
- Only create the SELinux login file if there are SELinux mappings on
71e593
  the IPA server
71e593
71e593
* Fri Aug 10 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-14.beta6
71e593
- Don't discard HBAC rule processing result if SELinux is on
71e593
  Resolves: rhbz#846792 (CVE-2012-3462)
71e593
71e593
* Thu Aug 02 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-13.beta6
71e593
- New upstream release 1.9.0 beta 6
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6
71e593
- A new option, override_shell was added. If this option is set, all users
71e593
  managed by SSSD will have their shell set to its value.
71e593
- Fixes for the support for setting default SELinux user context from FreeIPA.
71e593
- Fixed a regression introduced in beta 5 that broke LDAP SASL binds
71e593
- The SSSD supports the concept of a Primary Server and a Back Up Server in
71e593
  failover
71e593
- A new command-line tool sss_seed is available to help prime the cache with
71e593
  a user record when deploying a new machine
71e593
- SSSD is now able to discover and save the domain-realm mappings
71e593
  between an IPA server and a trusted Active Directory server.
71e593
- Packaging changes to fix ldconfig usage in subpackages (#843995)
71e593
- Rebuild against libldb 1.1.9
71e593
71e593
* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.0-13.beta5
71e593
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
71e593
71e593
* Thu Jul 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-12.beta5
71e593
- New upstream release 1.9.0 beta 5
71e593
- Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5
71e593
- Many fixes for the support for setting default SELinux user context from
71e593
  FreeIPA, most notably fixed the specificity evaluation
71e593
- Fixed an incorrect default in the krb5_canonicalize option of the AD
71e593
  provider which was preventing password change operation
71e593
- The shadowLastChange attribute value is now correctly updated with the
71e593
  number of days since the Epoch, not seconds
71e593
71e593
* Mon Jul 16 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-11.beta4
71e593
- Fix broken ARM build
71e593
- Add missing DP_OPTION_TERMINATOR in AD provider options
71e593
71e593
* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-10.beta4
71e593
- Own several directories create during make install (#839782)
71e593
71e593
* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-9.beta4
71e593
- New upstream release 1.9.0 beta 4
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4
71e593
- Add a new AD provider to improve integration with Active Directory 2008 R2
71e593
  or later servers
71e593
- SUDO integration was completely rewritten. The new implementation works
71e593
  with multiple domains and uses an improved refresh mechanism to download
71e593
  only the necessary rules
71e593
- The IPA authentication provider now supports subdomains
71e593
- Fixed regression for setups that were setting default_tkt_enctypes
71e593
  manually by reverting a previous workaround.
71e593
71e593
* Mon Jun 25 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-8.beta3
71e593
- New upstream release 1.9.0 beta 3
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3
71e593
- Add a new PAC responder for dealing with cross-realm Kerberos trusts
71e593
- Terminate idle connections to the NSS and PAM responders
71e593
71e593
* Wed Jun 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-7.beta2
71e593
- Switch unicode library from libunistring to Glib
71e593
- Drop unnecessary explicit Requires on keyutils
71e593
- Guarantee that versioned Requires include the correct architecture
71e593
71e593
* Mon Jun 18 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-6.beta2
71e593
- Fix accidental disabling of the DIR cache support
71e593
71e593
* Fri Jun 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-5.beta2
71e593
- New upstream release 1.9.0 beta 2
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2
71e593
- Add support for the Kerberos DIR cache for storing multiple TGTs
71e593
  automatically
71e593
- Major performance enhancement when storing large groups in the cache
71e593
- Major performance enhancement when performing initgroups() against Active
71e593
  Directory
71e593
- SSSDConfig data file default locations can now be set during configure for
71e593
  easier packaging
71e593
71e593
* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-4.beta1
71e593
- Fix regression in endianness patch
71e593
71e593
* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-3.beta1
71e593
- Rebuild SSSD against ding-libs 0.3.0beta1
71e593
- Fix endianness bug in service map protocol
71e593
71e593
* Thu May 24 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-2.beta1
71e593
- Fix several regressions since 1.5.x
71e593
- Ensure that the RPM creates the /var/lib/sss/mc directory
71e593
- Add support for Netscape password warning expiration control
71e593
- Rebuild against libldb 1.1.6
71e593
71e593
* Fri May 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-1.beta1
71e593
- New upstream release 1.9.0 beta 1
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1
71e593
- Add native support for autofs to the IPA provider
71e593
- Support for ID-mapping when connecting to Active Directory
71e593
- Support for handling very large (> 1500 users) groups in Active Directory
71e593
- Support for sub-domains (will be used for dealing with trust relationships)
71e593
- Add a new fast in-memory cache to speed up lookups of cached data on
71e593
  repeated requests
71e593
71e593
* Thu May 03 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.3-11
71e593
- New upstream release 1.8.3
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3
71e593
- Numerous manpage and translation updates
71e593
- LDAP: Handle situations where the RootDSE isn't available anonymously
71e593
- LDAP: Fix regression for users using non-standard LDAP attributes for user
71e593
  information
71e593
71e593
* Mon Apr 09 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.2-10
71e593
- New upstream release 1.8.2
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2
71e593
- Several fixes to case-insensitive domain functions
71e593
- Fix for GSSAPI binds when the keytab contains unrelated principals
71e593
- Fixed several segfaults
71e593
- Workarounds added for LDAP servers with unreadable RootDSE
71e593
- SSH knownhostproxy will no longer enter an infinite loop preventing login
71e593
- The provided SYSV init script now starts SSSD earlier at startup and stops
71e593
  it later during shutdown
71e593
- Assorted minor fixes for issues discovered by static analysis tools
71e593
71e593
* Mon Mar 26 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-9
71e593
- Don't duplicate libsss_autofs.so in two packages
71e593
- Set explicit package contents instead of globbing
71e593
71e593
* Wed Mar 21 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-8
71e593
- Fix uninitialized value bug causing crashes throughout the code
71e593
- Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup
71e593
71e593
* Mon Mar 12 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-7
71e593
- New upstream release 1.8.1
71e593
- Resolve issue where we could enter an infinite loop trying to connect to an
71e593
  auth server
71e593
- Fix serious issue with complex (3+ levels) nested groups
71e593
- Fix netgroup support for case-insensitivity and aliases
71e593
- Fix serious issue with lookup bundling resulting in requests never
71e593
  completing
71e593
- IPA provider will now check the value of nsAccountLock during pam_acct_mgmt
71e593
  in addition to pam_authenticate
71e593
- Fix several regressions in the proxy provider
71e593
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
71e593
                          against AD
71e593
- Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work
71e593
71e593
* Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-6
71e593
- New upstream release 1.8.0
71e593
- Support for the service map in NSS
71e593
- Support for setting default SELinux user context from FreeIPA
71e593
- Support for retrieving SSH user and host keys from LDAP (Experimental)
71e593
- Support for caching autofs LDAP requests (Experimental)
71e593
- Support for caching SUDO rules (Experimental)
71e593
- Include the IPA AutoFS provider
71e593
- Fixed several memory-corruption bugs
71e593
- Fixed a regression in group enumeration since 1.7.0
71e593
- Fixed a regression in the proxy provider
71e593
- Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD
71e593
- Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is
71e593
                          logged at each login
71e593
- Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process
71e593
                          /usr/sbin/sssd was killed by signal 11 (SIGSEGV)
71e593
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
71e593
                          against AD
71e593
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
71e593
                          new LDAP features
71e593
- Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc
71e593
71e593
* Wed Feb 22 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-5.beta3
71e593
- Change default kerberos credential cache location to /run/user/<username>
71e593
71e593
* Wed Feb 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-4.beta3
71e593
- New upstream release 1.8.0 beta 3
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3
71e593
- Fixed a regression in group enumeration since 1.7.0
71e593
- Fixed several memory-corruption bugs
71e593
- Finalized the ABI for the autofs support
71e593
- Fixed a regression in the proxy provider
71e593
71e593
* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 1.8.0-3.beta2
71e593
- Rebuild against PCRE 8.30
71e593
71e593
* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta2
71e593
- New upstream release
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2
71e593
- Fix two minor manpage bugs
71e593
- Include the IPA AutoFS provider
71e593
71e593
* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta1
71e593
- New upstream release
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1
71e593
- Support for the service map in NSS
71e593
- Support for setting default SELinux user context from FreeIPA
71e593
- Support for retrieving SSH user and host keys from LDAP (Experimental)
71e593
- Support for caching autofs LDAP requests (Experimental)
71e593
- Support for caching SUDO rules (Experimental)
71e593
71e593
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-5
71e593
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
71e593
                          new LDAP features - fix netgroups and sudo as well
71e593
71e593
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-4
71e593
- Fixes a serious memory hierarchy bug causing unpredictable behavior in the
71e593
  LDAP provider.
71e593
71e593
* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-3
71e593
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
71e593
                          new LDAP features
71e593
71e593
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.0-2
71e593
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
71e593
71e593
* Thu Dec 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-1
71e593
- New upstream release 1.7.0
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0
71e593
- Support for case-insensitive domains
71e593
- Support for multiple search bases in the LDAP provider
71e593
- Support for the native FreeIPA netgroup implementation
71e593
- Reliability improvements to the process monitor
71e593
- New DEBUG facility with more consistent log levels
71e593
- New tool to change debug log levels without restarting SSSD
71e593
- SSSD will now disconnect from LDAP server when idle
71e593
- FreeIPA HBAC rules can choose to ignore srchost options for significant
71e593
  performance gains
71e593
- Assorted performance improvements in the LDAP provider
71e593
71e593
* Mon Dec 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.4-1
71e593
- New upstream release 1.6.4
71e593
- Rolls up previous patches applied to the 1.6.3 tarball
71e593
- Fixes a rare issue causing crashes in the failover logic
71e593
- Fixes an issue where SSSD would return the wrong PAM error code for users
71e593
  that it does not recognize.
71e593
71e593
* Wed Dec 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-5
71e593
- Rebuild against libldb 1.1.4
71e593
71e593
* Tue Nov 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-4
71e593
- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the
71e593
                          username in getpwnam()
71e593
- Resolves: rhbz#758425 - LDAP failover not working if server refuses
71e593
                          connections
71e593
71e593
* Thu Nov 24 2011 Jakub Hrozek <jhrozek@redhat.com> - 1.6.3-3
71e593
- Rebuild for libldb 1.1.3
71e593
71e593
* Thu Nov 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-2
71e593
- Resolves: rhbz#752495 - Crash when apply settings
71e593
71e593
* Fri Nov 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-1
71e593
- New upstream release 1.6.3
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3
71e593
- Fixes a major cache performance issue introduced in 1.6.2
71e593
- Fixes a potential infinite-loop with certain LDAP layouts
71e593
71e593
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.2-5
71e593
- Rebuilt for glibc bug#747377
71e593
71e593
* Sun Oct 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-4
71e593
- Change selinux policy requirement to Conflicts: with the old version,
71e593
  rather than Requires: the supported version.
71e593
71e593
* Fri Oct 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-3
71e593
- Add explicit requirement on selinux-policy version to address new SBUS
71e593
  symlinks.
71e593
71e593
* Wed Oct 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-2
71e593
- Remove %%files reference to sss_debuglevel copied from wrong upstreeam
71e593
  spec file.
71e593
71e593
* Tue Oct 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-1
71e593
- Improved handling of users and groups with multi-valued name attributes
71e593
  (aliases)
71e593
- Performance enhancements
71e593
    Initgroups on RFC2307bis/FreeIPA
71e593
    HBAC rule processing
71e593
- Improved process-hang detection and restarting
71e593
- Enabled the midpoint cache refresh by default (fewer cache misses on
71e593
  commonly-used entries)
71e593
- Cleaned up the example configuration
71e593
- New tool to change debug level on the fly
71e593
71e593
* Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.1-1
71e593
- New upstream release 1.6.1
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1
71e593
- Fixes a serious issue with LDAP connections when the communication is
71e593
  dropped (e.g. VPN disconnection, waking from sleep)
71e593
- SSSD is now less strict when dealing with users/groups with multiple names
71e593
  when a definitive primary name cannot be determined
71e593
- The LDAP provider will no longer attempt to canonicalize by default when
71e593
  using SASL. An option to re-enable this has been provided.
71e593
- Fixes for non-standard LDAP attribute names (e.g. those used by Active
71e593
  Directory)
71e593
- Three HBAC regressions have been fixed.
71e593
- Fix for an infinite loop in the deref code
71e593
71e593
* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-2
71e593
- Build with _hardened_build macro
71e593
71e593
* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-1
71e593
- New upstream release 1.6.0
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0
71e593
- Add host access control support for LDAP (similar to pam_host_attr)
71e593
- Finer-grained control on principals used with Kerberos (such as for FAST or
71e593
- validation)
71e593
- Added a new tool sss_cache to allow selective expiring of cached entries
71e593
- Added support for LDAP DEREF and ASQ controls
71e593
- Added access control features for Novell Directory Server
71e593
- FreeIPA dynamic DNS update now checks first to see if an update is needed
71e593
- Complete rewrite of the HBAC library
71e593
- New libraries: libipa_hbac and libipa_hbac-python
71e593
71e593
* Tue Jul 05 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.11-2
71e593
- New upstream release 1.5.11
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11
71e593
- Fix a serious regression that prevented SSSD from working with ldaps:// URIs
71e593
- IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6
71e593
- address being saved to the AAAA record
71e593
71e593
* Fri Jul 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.10-1
71e593
- New upstream release 1.5.10
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10
71e593
- Fixed a regression introduced in 1.5.9 that could result in blocking calls
71e593
- to LDAP
71e593
71e593
* Thu Jun 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.9-1
71e593
- New upstream release 1.5.9
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9
71e593
- Support for overriding home directory, shell and primary GID locally
71e593
- Properly honor TTL values from SRV record lookups
71e593
- Support non-POSIX groups in nested group chains (for RFC2307bis LDAP
71e593
- servers)
71e593
- Properly escape IPv6 addresses in the failover code
71e593
- Do not crash if inotify fails (e.g. resource exhaustion)
71e593
- Don't add multiple TGT renewal callbacks (too many log messages)
71e593
71e593
* Fri May 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.8-1
71e593
- New upstream release 1.5.8
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8
71e593
- Support for the LDAP paging control
71e593
- Support for multiple DNS servers for name resolution
71e593
- Fixes for several group membership bugs
71e593
- Fixes for rare crash bugs
71e593
71e593
* Mon May 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-3
71e593
- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d
71e593
- Make sure to properly convert to systemd if upgrading from newer
71e593
- updates for Fedora 14
71e593
71e593
* Mon May 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-2
71e593
- Fix segfault in TGT renewal
71e593
71e593
* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1
71e593
- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites
71e593
-                         cached password with predicatable filename
71e593
71e593
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6.1-1
71e593
- Re-add manpage translations
71e593
71e593
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6-1
71e593
- New upstream release 1.5.6
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
71e593
- Fixed a serious memory leak in the memberOf plugin
71e593
- Fixed a regression with the negative cache that caused it to be essentially
71e593
- nonfunctional
71e593
- Fixed an issue where the user's full name would sometimes be removed from
71e593
- the cache
71e593
- Fixed an issue with password changes in the kerberos provider not working
71e593
- with kpasswd
71e593
71e593
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-5
71e593
- Resolves: rhbz#697057 - kpasswd fails when using sssd and
71e593
-                         kadmin server != kdc server
71e593
- Upgrades from SysV should now maintain enabled/disabled status
71e593
71e593
* Mon Apr 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-4
71e593
- Fix %%postun
71e593
71e593
* Thu Apr 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-3
71e593
- Fix systemd conversion. Upgrades from SysV to systemd weren't properly
71e593
- enabling the systemd service.
71e593
- Fix a serious memory leak in the memberOf plugin
71e593
- Fix an issue where the user's full name would sometimes be removed
71e593
- from the cache
71e593
71e593
* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-2
71e593
- Install systemd unit file instead of sysv init script
71e593
71e593
* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-1
71e593
- New upstream release 1.5.5
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5
71e593
- Fixes for several crash bugs
71e593
- LDAP group lookups will no longer abort if there is a zero-length member
71e593
- attribute
71e593
- Add automatic fallback to 'cn' if the 'gecos' attribute does not exist
71e593
71e593
* Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.4-1
71e593
- New upstream release 1.5.4
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4
71e593
- Fixes for Active Directory when not all users and groups have POSIX attributes
71e593
- Fixes for handling users and groups that have name aliases (aliases are ignored)
71e593
- Fix group memberships after initgroups in the IPA provider
71e593
71e593
* Thu Mar 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-2
71e593
- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication
71e593
71e593
* Fri Mar 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-1
71e593
- New upstream release 1.5.3
71e593
- Support for libldb >= 1.0.0
71e593
71e593
* Thu Mar 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.2-1
71e593
- New upstream release 1.5.2
71e593
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2
71e593
- Fixes for support of FreeIPA v2
71e593
- Fixes for failover if DNS entries change
71e593
- Improved sss_obfuscate tool with better interactive mode
71e593
- Fix several crash bugs
71e593
- Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this
71e593
- Delete users from the local cache if initgroups calls return 'no such user'
71e593
- (previously only worked for getpwnam/getpwuid)
71e593
- Use new Transifex.net translations
71e593
- Better support for automatic TGT renewal (now survives restart)
71e593
- Netgroup fixes
71e593
71e593
* Sun Feb 27 2011 Simo Sorce <ssorce@redhat.com> - 1.5.1-9
71e593
- Rebuild sssd against libldb 1.0.2 so the memberof module loads again.
71e593
- Related: rhbz#677425
71e593
71e593
* Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8
71e593
- Resolves: rhbz#677768 - name service caches names, so id command shows
71e593
-                         recently deleted users
71e593
71e593
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-7
71e593
- Ensure that SSSD builds against libldb-1.0.0 on F15 and later
71e593
- Remove .la for memberOf
71e593
71e593
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-6
71e593
- Fix memberOf install path
71e593
71e593
* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-5
71e593
- Add support for libldb 1.0.0
71e593
71e593
* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.1-4
71e593
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
71e593
71e593
* Tue Feb 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-3
71e593
- Fix nested group member filter sanitization for RFC2307bis
71e593
- Put translated tool manpages into the sssd-tools subpackage
71e593
71e593
* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2
71e593
- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during
71e593
- rpmbuild
71e593
71e593
* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-1
71e593
- New upstream release 1.5.1
71e593
- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
71e593
- Vast performance improvements when enumerate = true
71e593
- All PAM actions will now perform a forced initgroups lookup instead of just
71e593
- a user information lookup
71e593
-   This guarantees that all group information is available to other
71e593
-   providers, such as the simple provider.
71e593
- For backwards-compatibility, DNS lookups will also fall back to trying the
71e593
- SSSD domain name as a DNS discovery domain.
71e593
- Support for more password expiration policies in LDAP
71e593
-    389 Directory Server
71e593
-    FreeIPA
71e593
-    ActiveDirectory
71e593
- Support for ldap_tls_{cert,key,cipher_suite} config options
71e593
-Assorted bugfixes
71e593
71e593
* Tue Jan 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-2
71e593
- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
71e593
71e593
* Wed Dec 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-1
71e593
- New upstream release 1.5.0
71e593
- Fixed issues with LDAP search filters that needed to be escaped
71e593
- Add Kerberos FAST support on platforms that support it
71e593
- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
71e593
- Added a Kerberos access provider to honor .k5login
71e593
- Addressed several thread-safety issues in the sss_client code
71e593
- Improved support for delayed online Kerberos auth
71e593
- Significantly reduced time between connecting to the network/VPN and
71e593
- acquiring a TGT
71e593
- Added feature for automatic Kerberos ticket renewal
71e593
- Provides the kerberos ticket for long-lived processes or cron jobs
71e593
- even when the user logs out
71e593
- Added several new features to the LDAP access provider
71e593
- Support for 'shadow' access control
71e593
- Support for authorizedService access control
71e593
- Ability to mix-and-match LDAP access control features
71e593
- Added an option for a separate password-change LDAP server for those
71e593
- platforms where LDAP referrals are not supported
71e593
- Added support for manpage translations
71e593
71e593
71e593
* Thu Nov 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-3
71e593
- Solve a shutdown race-condition that sometimes left processes running
71e593
- Resolves: rhbz#606887 - SSSD stops on upgrade
71e593
71e593
* Tue Nov 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-2
71e593
- Log startup errors to the syslog
71e593
- Allow cache cleanup to be disabled in sssd.conf
71e593
71e593
* Mon Nov 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-1
71e593
- New upstream release 1.4.1
71e593
- Add support for netgroups to the proxy provider
71e593
- Fixes a minor bug with UIDs/GIDs >= 2^31
71e593
- Fixes a segfault in the kerberos provider
71e593
- Fixes a segfault in the NSS responder if a data provider crashes
71e593
- Correctly use sdap_netgroup_search_base
71e593
71e593
* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-2
71e593
- Fix incorrect tarball URL
71e593
71e593
* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-1
71e593
- New upstream release 1.4.0
71e593
- Added support for netgroups to the LDAP provider
71e593
- Performance improvements made to group processing of RFC2307 LDAP servers
71e593
- Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin
71e593
- Build-system improvements to support Gentoo
71e593
- Split out several libraries into the ding-libs tarball
71e593
- Manpage reviewed and updated
71e593
71e593
* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-35
71e593
- Fix pre and post script requirements
71e593
71e593
* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-34
71e593
- Resolves: rhbz#606887 - sssd stops on upgrade
71e593
71e593
* Fri Oct 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-33
71e593
- Resolves: rhbz#626205 - Unable to unlock screen
71e593
71e593
* Tue Sep 28 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-32
71e593
- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but
71e593
-                         doesn't require it
71e593
71e593
* Thu Sep 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-31
71e593
- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib
71e593
71e593
* Tue Aug 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-30
71e593
- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate
71e593
-                           against LDAP
71e593
71e593
* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 1.2.91-21
71e593
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
71e593
71e593
* Fri Jul 09 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.91-20
71e593
- New upstream version 1.2.91 (1.3.0rc1)
71e593
- Improved LDAP failover
71e593
- Synchronous sysdb API (provides performance enhancements)
71e593
- Better online reconnection detection
71e593
71e593
* Mon Jun 21 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-15
71e593
- New stable upstream version 1.2.1
71e593
- Resolves: rhbz#595529 - spec file should eschew %%define in favor of
71e593
-                         %%global
71e593
- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service
71e593
-                         to fail while restart.
71e593
- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel
71e593
-                         keyring
71e593
- Resolves: rhbz#599724 - sssd is broken on Rawhide
71e593
71e593
* Mon May 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-12
71e593
- New stable upstream version 1.2.0
71e593
- Support ServiceGroups for FreeIPA v2 HBAC rules
71e593
- Fix long-standing issue with auth_provider = proxy
71e593
- Better logging for TLS issues in LDAP
71e593
71e593
* Tue May 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11
71e593
- New LDAP access provider allows for filtering user access by LDAP attribute
71e593
- Reduced default timeout for detecting offline status with LDAP
71e593
- GSSAPI ticket lifetime made configurable
71e593
- Better offline->online transition support in Kerberos
71e593
71e593
* Fri May 07 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.91-10
71e593
- Release new upstream version 1.1.91
71e593
- Enhancements when using SSSD with FreeIPA v2
71e593
- Support for deferred kinit
71e593
- Support for DNS SRV records for failover
71e593
71e593
* Fri Apr 02 2010 Simo Sorce <ssorce@redhat.com> - 1.1.1-3
71e593
- Bump up release number to avoid library sub-packages version issues with
71e593
  previous releases.
71e593
71e593
* Thu Apr 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.1-1
71e593
- New upstream release 1.1.1
71e593
- Fixed the IPA provider (which was segfaulting at start)
71e593
- Fixed a bug in the SSSDConfig API causing some options to revert to
71e593
- their defaults
71e593
- This impacted the Authconfig UI
71e593
- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal
71e593
71e593
* Tue Mar 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2
71e593
- Release SSSD 1.1.0 final
71e593
- Fix two potential segfaults
71e593
- Fix memory leak in monitor
71e593
- Better error message for unusable confdb
71e593
71e593
* Wed Mar 17 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1.pre20100317git0ea7f19
71e593
- Release candidate for SSSD 1.1
71e593
- Add simple access provider
71e593
- Create subpackages for libcollection, libini_config, libdhash and librefarray
71e593
- Support IPv6
71e593
- Support LDAP referrals
71e593
- Fix cache issues
71e593
- Better feedback from PAM when offline
71e593
71e593
* Wed Feb 24 2010 Stephen Gallagehr <sgallagh@redhat.com> - 1.0.5-2
71e593
- Rebuild against new libtevent
71e593
71e593
* Fri Feb 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.5-1
71e593
- Fix licenses in sources and on RPMs
71e593
71e593
* Mon Jan 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1
71e593
- Fix regression on 64-bit platforms
71e593
71e593
* Fri Jan 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1
71e593
- Fixes link error on platforms that do not do implicit linking
71e593
- Fixes double-free segfault in PAM
71e593
- Fixes double-free error in async resolver
71e593
- Fixes support for TCP-based DNS lookups in async resolver
71e593
- Fixes memory alignment issues on ARM processors
71e593
- Manpage fixes
71e593
71e593
* Thu Jan 14 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1
71e593
- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online
71e593
- Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests
71e593
- Several segfault bugfixes
71e593
71e593
* Mon Jan 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1
71e593
- Fix CVE-2010-0014
71e593
71e593
* Mon Dec 21 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-2
71e593
- Patch SSSDConfig API to address
71e593
- https://bugzilla.redhat.com/show_bug.cgi?id=549482
71e593
71e593
* Fri Dec 18 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
71e593
- New upstream stable release 1.0.0
71e593
71e593
* Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1
71e593
- New upstream bugfix release 0.99.1
71e593
71e593
* Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
71e593
- New upstream release 0.99.0
71e593
71e593
* Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1
71e593
- Fix segfault in sssd_pam when cache_credentials was enabled
71e593
- Update the sample configuration
71e593
- Fix upgrade issues caused by data provider service removal
71e593
71e593
* Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
71e593
- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
71e593
71e593
* Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
71e593
- New upstream release 0.7.0
71e593
71e593
* Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
71e593
- Fix missing file permissions for sssd-clients
71e593
71e593
* Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1
71e593
- Add SSSDConfig API
71e593
- Update polish translation for 0.6.0
71e593
- Fix long timeout on ldap operation
71e593
- Make dp requests more robust
71e593
71e593
* Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1
71e593
- Ensure that the configuration upgrade script always writes the config
71e593
  file with 0600 permissions
71e593
- Eliminate an infinite loop in group enumerations
71e593
71e593
* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
71e593
- New upstream release 0.6.0
71e593
71e593
* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
71e593
- New upstream release 0.5.0
71e593
71e593
* Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4
71e593
- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
71e593
  without a password. (Patch by Stephen Gallagher)
71e593
71e593
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
71e593
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
71e593
71e593
* Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
71e593
- Fix a couple of segfaults that may happen on reload
71e593
71e593
* Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1
71e593
- add missing configure check that broke stopping the daemon
71e593
- also fix default config to add a missing required option
71e593
71e593
* Mon Jun  8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0
71e593
- latest upstream release.
71e593
- also add a patch that fixes debugging output (potential segfault)
71e593
71e593
* Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
71e593
- release out of the official 0.3.2 tarball
71e593
71e593
* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1
71e593
- bugfix release 0.3.2
71e593
- includes previous release patches
71e593
- change permissions of the /etc/sssd/sssd.conf to 0600
71e593
71e593
* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2
71e593
- Add last minute bug fixes, found in testing the package
71e593
71e593
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
71e593
- Version 0.3.1
71e593
- includes previous release patches
71e593
71e593
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2
71e593
- Try to fix build adding automake as an explicit BuildRequire
71e593
- Add also a couple of last minute patches from upstream
71e593
71e593
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1
71e593
- Version 0.3.0
71e593
- Provides file based configuration and lots of improvements
71e593
71e593
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
71e593
- Version 0.2.1
71e593
71e593
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
71e593
- Version 0.2.0
71e593
71e593
* Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
71e593
- package git snapshot
71e593
71e593
* Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
71e593
- fixed items found during review
71e593
- added initscript
71e593
71e593
* Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
71e593
- added sss_client
71e593
71e593
* Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
71e593
- Small cleanup and fixes in the spec file
71e593
71e593
* Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
71e593
- Initial release (based on version 0.1.0 upstream code)