Tree - rpms/sssd - CentOS Git server

rpms / sssd

Blame SPECS/sssd.spec

Blob History Raw

		ecf709	`%global rhel7_minor %(%{__grep} -o "7.[0-9]*" /etc/redhat-release \|%{__sed} -s 's/7.//')`
		ecf709
		ecf709	`# we don't want to provide private python extension libs`
		ecf709	`%define __provides_exclude_from %{python_sitearch}/.\.so$\|%{_libdir}/%{name}/modules/libwbclient.so.$`
		ecf709	`%define _hardened_build 1`
		ecf709
		ecf709	`%global install_pcscd_polkit_rule 1`
		ecf709
		ecf709	`# Determine the location of the LDB modules directory`
		ecf709	`%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)`
		ced1f5	`%global ldb_version 1.2.2`
		ecf709
		ecf709
		ecf709	`%if (0%{?fedora} \|\| 0%{?rhel} >= 7)`
		ecf709	`%global with_cifs_utils_plugin 1`
		ecf709	`%else`
		ecf709	`%global with_cifs_utils_plugin_option --disable-cifs-idmap-plugin`
		ecf709	`%endif`
		ecf709
		ecf709	`%global with_krb5_localauth_plugin 1`
		ecf709
		ced1f5	`%global libwbc_alternatives_version 0.14`
		ecf709	`%global libwbc_lib_version %{libwbc_alternatives_version}.0`
		ecf709	`%global libwbc_alternatives_suffix %nil`
		ecf709	`%if 0%{?__isa_bits} == 64`
		ecf709	`%global libwbc_alternatives_suffix -64`
		ecf709	`%endif`
		ecf709
		ecf709	`%global enable_systemtap 1`
		ecf709	`%if (0%{?enable_systemtap} == 1)`
		ecf709	`%global enable_systemtap_opt --enable-systemtap`
		ecf709	`%endif`
		ecf709
		ecf709	`%if (0%{?fedora} >= 23 \|\| 0%{?rhel} >= 7)`
		ecf709	`%global with_kcm 1`
		ecf709	`%global with_kcm_option --with-kcm`
		ecf709	`%else`
		ecf709	`%global with_kcm_option --without-kcm`
		ecf709	`%endif`
		ecf709
		086f82	`# Do not try to detect the idmap version on RHEL6 to avoid conflicts between`
		086f82	`# samba and samba4 package`
		086f82	`%if (0%{?fedora} \|\| 0%{?rhel} >= 7)`
		086f82	`%global detect_idmap_version 1`
		086f82	`%else`
		086f82	`%global with_idmap_version --with-smb-idmap-interface-version=5`
		086f82	`%endif`
		086f82
		ecf709	`Name: sssd`
		ced1f5	`Version: 1.16.0`
		75e304	`Release: 19%{?dist}.8`
		ecf709	`Group: Applications/System`
		ecf709	`Summary: System Security Services Daemon`
		ecf709	`License: GPLv3+`
		ecf709	`URL: https://pagure.io/SSSD/sssd/`
		ecf709	`Source0: https://releases.pagure.org/SSSD/sssd/sssd-%{version}.tar.gz`
		ced1f5	`Source1: cert9.db`
		ced1f5	`Source2: key4.db`
		ecf709	`BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)`
		ecf709
		ecf709	`### Patches ###`
		ced1f5	`Patch0001: 0001-NSS-Move-memcache-setup-to-separate-function.patch`
		ced1f5	`Patch0002: 0002-NSS-Specify-memcache_timeout-0-semantics.patch`
		ced1f5	`Patch0003: 0003-MAN-Document-memcache_timeout-0-meaning.patch`
		ced1f5	`Patch0004: 0004-CONFIG-Add-a-new-option-auto_private_groups.patch`
		ced1f5	`Patch0005: 0005-CONFDB-Remove-the-obsolete-option-magic_private_grou.patch`
		ced1f5	`Patch0006: 0006-SDAP-Allow-the-mpg-flag-for-the-main-domain.patch`
		ced1f5	`Patch0007: 0007-LDAP-Turn-group-request-into-user-request-for-MPG-do.patch`
		ced1f5	`Patch0008: 0008-SYSDB-Prevent-users-and-groups-ID-collision-in-MPG-d.patch`
		ced1f5	`Patch0009: 0009-TESTS-Add-integration-tests-for-the-auto_private_gro.patch`
		ced1f5	`Patch0010: 0010-CACHE_REQ-Copy-the-cr_domain-list-for-each-request.patch`
		ced1f5	`Patch0011: 0011-MAN-GPO-Security-Filtering-limitation.patch`
		ced1f5	`Patch0012: 0012-sudo-always-use-srv_opts-from-id-context.patch`
		ced1f5	`Patch0013: 0013-AD-Remember-last-site-discovered.patch`
		ced1f5	`Patch0014: 0014-sysdb-add-functions-to-get-set-client-site.patch`
		ced1f5	`Patch0015: 0015-AD-Remember-last-site-discovered-in-sysdb.patch`
		ced1f5	`Patch0016: 0016-UTIL-Add-wrapper-function-to-configure-logger.patch`
		ced1f5	`Patch0017: 0017-Add-parameter-logger-to-daemons.patch`
		ced1f5	`Patch0018: 0018-SYSTEMD-Replace-parameter-debug-to-files-with-DEBUG_.patch`
		ced1f5	`Patch0019: 0019-SYSTEMD-Add-environment-file-to-responder-service-fi.patch`
		ced1f5	`Patch0020: 0020-UTIL-Hide-and-deprecate-parameter-debug-to-files.patch`
		ced1f5	`Patch0021: 0021-LDAP-Bind-to-the-LDAP-server-also-in-the-auth.patch`
		ced1f5	`Patch0022: 0022-sss_client-create-nss_common.h.patch`
		ced1f5	`Patch0023: 0023-nss-idmap-add-nss-like-calls-with-timeout-and-flags.patch`
		ced1f5	`Patch0024: 0024-NSS-add-_EX-version-of-some-requests.patch`
		ced1f5	`Patch0025: 0025-NSS-add-support-for-SSS_NSS_EX_FLAG_NO_CACHE.patch`
		ced1f5	`Patch0026: 0026-CACHE_REQ-Add-cache_req_data_set_bypass_dp.patch`
		ced1f5	`Patch0027: 0027-nss-make-memcache_delete_entry-public.patch`
		ced1f5	`Patch0028: 0028-NSS-add-support-for-SSS_NSS_EX_FLAG_INVALIDATE_CACHE.patch`
		ced1f5	`Patch0029: 0029-NSS-TESTS-add-unit-tests-for-_EX-requests.patch`
		ced1f5	`Patch0030: 0030-nss-idmap-add-timeout-version-of-old-sss_nss_-calls.patch`
		ced1f5	`Patch0031: 0031-nss-idmap-allow-empty-buffer-with-SSS_NSS_EX_FLAG_IN.patch`
		ced1f5	`Patch0032: 0032-BUILD-Properly-expand-variables-in-sssd-ifp.service.patch`
		ced1f5	`Patch0033: 0033-SYSTEMD-Clean-pid-file-in-corner-cases.patch`
		ced1f5	`Patch0034: 0034-CHILD-Pass-information-about-logger-to-children.patch`
		ced1f5	`Patch0035: 0035-LDAP-Improve-error-treatment-from-sdap_cli_connect-i.patch`
		ced1f5	`Patch0036: 0036-p11_child-return-multiple-certs.patch`
		ced1f5	`Patch0037: 0037-PAM-handled-multiple-certs-in-the-responder.patch`
		ced1f5	`Patch0038: 0038-pam_sss-refactoring-use-struct-cert_auth_info.patch`
		ced1f5	`Patch0039: 0039-p11_child-use-options-to-select-certificate-for-auth.patch`
		ced1f5	`Patch0040: 0040-pam-add-prompt-string-for-certificate-authentication.patch`
		ced1f5	`Patch0041: 0041-PAM-allow-missing-logon_name-during-certificate-auth.patch`
		ced1f5	`Patch0042: 0042-p11_child-add-descriptions-for-error-codes-to-debug-.patch`
		ced1f5	`Patch0043: 0043-pam-filter-certificates-in-the-responder-not-in-the-.patch`
		ced1f5	`Patch0044: 0044-PAM-add-certificate-s-label-to-the-selection-prompt.patch`
		ced1f5	`Patch0045: 0045-SYSDB-Remove-code-causing-a-covscan-warning.patch`
		ced1f5	`Patch0046: 0046-SYSDB-Better-debugging-for-email-conflicts.patch`
		ced1f5	`Patch0047: 0047-NSS-Use-enum_ctx-as-memory_context-in-_setnetgrent_s.patch`
		ced1f5	`Patch0048: 0048-TOOLS-Add-a-new-sssctl-command-access-report.patch`
		ced1f5	`Patch0049: 0049-dp-use-void-to-express-empty-output-argument-list.patch`
		ced1f5	`Patch0050: 0050-dp-add-method-to-refresh-access-control-rules.patch`
		ced1f5	`Patch0051: 0051-ipa-implement-method-to-refresh-HBAC-rules.patch`
		ced1f5	`Patch0052: 0052-ifp-add-method-to-refresh-access-control-rules-in-do.patch`
		ced1f5	`Patch0053: 0053-sssctl-call-dbus-instead-of-pam-to-refresh-HBAC-rule.patch`
		ced1f5	`Patch0054: 0054-sysdb-be_refresh_get_values_ex-remove-unused-option.patch`
		ced1f5	`Patch0055: 0055-sysdb-do-not-use-objectClass-for-users-and-groups.patch`
		ced1f5	`Patch0056: 0056-sysdb-do-not-use-LDB_SCOPE_ONELEVEL.patch`
		ced1f5	`Patch0057: 0057-sysdb-remove-IDXONE-and-objectClass-from-users-and-g.patch`
		ced1f5	`Patch0058: 0058-mmap_cache-make-checks-independent-of-input-size.patch`
		ced1f5	`Patch0059: 0059-NSS-Fix-covscan-warning.patch`
		ced1f5	`Patch0060: 0060-responder-Fix-talloc-hierarchy-in-sized_output_name.patch`
		ced1f5	`Patch0061: 0061-test_responder-Check-memory-leak-in-sized_output_nam.patch`
		ced1f5	`Patch0062: 0062-UTIL-add-find_domain_by_object_name_ex.patch`
		ced1f5	`Patch0063: 0063-ipa-handle-users-from-different-domains-in-ipa_resol.patch`
		ced1f5	`Patch0064: 0064-overrides-fixes-for-sysdb_invalidate_overrides.patch`
		ced1f5	`Patch0065: 0065-ipa-check-for-SYSDB_OVERRIDE_DN-in-process_members-a.patch`
		ced1f5	`Patch0066: 0066-IPA-use-cache-searches-in-get_groups_dns.patch`
		ced1f5	`Patch0067: 0067-ipa-compare-DNs-instead-of-group-names-in-ipa_s2n_sa.patch`
		ced1f5	`Patch0068: 0068-SDAP-Split-out-utility-function-sdap_get_object_doma.patch`
		ced1f5	`Patch0069: 0069-LDAP-Extract-the-check-whether-to-run-a-POSIX-check-.patch`
		ced1f5	`Patch0070: 0070-LDAP-Only-run-the-POSIX-check-with-a-GC-connection.patch`
		ced1f5	`Patch0071: 0071-SDAP-Search-with-a-NULL-search-base-when-looking-up-.patch`
		ced1f5	`Patch0072: 0072-SDAP-Rename-sdap_posix_check-to-sdap_gc_posix_check.patch`
		ced1f5	`Patch0073: 0073-DP-Create-a-new-handler-function-getAccountDomain.patch`
		ced1f5	`Patch0074: 0074-AD-Implement-a-real-getAccountDomain-handler-for-the.patch`
		ced1f5	`Patch0075: 0075-RESP-Expose-DP-method-getAccountDomain-to-responders.patch`
		ced1f5	`Patch0076: 0076-NEGCACHE-Add-API-for-setting-and-checking-locate-acc.patch`
		ced1f5	`Patch0077: 0077-TESTS-Add-tests-for-the-object-by-id-cache_req-inter.patch`
		ced1f5	`Patch0078: 0078-CACHE_REQ-Export-cache_req_search_ncache_add-as-cach.patch`
		ced1f5	`Patch0079: 0079-CACHE_REQ-Add-plugin-methods-required-for-the-domain.patch`
		ced1f5	`Patch0080: 0080-CACHE_REQ-Add-a-private-request-cache_req_locate_dom.patch`
		ced1f5	`Patch0081: 0081-CACHE_REQ-Implement-the-plugin-methods-that-utilize-.patch`
		ced1f5	`Patch0082: 0082-CACHE_REQ-Use-the-domain-locator-request-to-only-sea.patch`
		ced1f5	`Patch0083: 0083-MAN-Document-how-the-Global-Catalog-is-used-currentl.patch`
		ced1f5	`Patch0084: 0084-p11_child-make-sure-OCSP-checks-are-done.patch`
		ced1f5	`Patch0085: 0085-IPA-Include-SYSDB_OBJECTCATEGORY-not-OBJECTCLASS-in-.patch`
		ced1f5	`Patch0086: 0086-nss-idmap-allow-NULL-result-in-_timeout-calls.patch`
		ced1f5	`Patch0087: 0087-cache-Check-for-max_id-min_id-in-cache_req.patch`
		ced1f5	`Patch0088: 0088-Revert-p11_child-make-sure-OCSP-checks-are-done.patch`
		ced1f5	`Patch0089: 0089-p11_child-properly-check-results-of-CERT_VerifyCerti.patch`
		ced1f5	`Patch0090: 0090-ifp-use-realloc-in-ifp_list_ctx_remaining_capacity.patch`
		ced1f5	`Patch0091: 0091-IPA-Delay-the-first-periodic-refresh-of-trusted-doma.patch`
		ced1f5	`Patch0092: 0092-sysdb-add-userMappedCertificate-to-the-index.patch`
		ced1f5	`Patch0093: 0093-AD-Inherit-the-MPG-setting-from-the-main-domain.patch`
		ced1f5	`Patch0094: 0094-SDAP-skip-builtin-AD-groups-in-sdap_save_grpmem.patch`
		ced1f5	`Patch0095: 0095-SYSDB-Read-the-ldb_message-from-loop-s-index-counter.patch`
		ced1f5	`Patch0096: 0096-nss-idmap-check-timed-muted-return-code.patch`
		ced1f5	`Patch0097: 0097-DESKPROFILE-Add-checks-for-user-and-host-category.patch`
		ced1f5	`Patch0098: 0098-SELINUX-Check-if-SELinux-is-managed-in-selinux_child.patch`
		ced1f5	`Patch0099: 0099-util-Add-sss_-prefix-to-some-functions.patch`
		ced1f5	`Patch0100: 0100-MAN-Explain-how-does-auto_private_groups-affect-subd.patch`
		ced1f5	`Patch0101: 0101-AD-Use-the-right-sdap_domain-for-the-forest-root.patch`
		ced1f5	`Patch0102: 0102-AD-sdap_get_ad_tokengroups_done-allocate-temporary-d.patch`
		ced1f5	`Patch0103: 0103-AD-do-not-allocate-temporary-data-on-long-living-con.patch`
		086f82	`Patch0104: 0104-nss-idmap-do-not-set-a-limit.patch`
		086f82	`Patch0105: 0105-nss-idmap-use-right-group-list-pointer-after-sss_get.patch`
		086f82	`Patch0106: 0106-nss-add-a-netgroup-counter-to-struct-nss_enum_index.patch`
		086f82	`Patch0107: 0107-nss-initialize-nss_enum_index-in-nss_setnetgrent.patch`
		086f82	`Patch0108: 0108-NSS-nss_clear_netgroup_hash_table-do-not-free-data.patch`
		086f82	`Patch0109: 0109-winbind-idmap-plugin-support-inferface-version-6.patch`
		086f82	`Patch0110: 0110-winbind-idmap-plugin-fix-detection.patch`
		086f82	`Patch0111: 0111-Do-not-keep-allocating-external-groups-on-a-long-liv.patch`
		75e304	`Patch0112: 0112-TESTS-Extend-the-schema-with-sshPublicKey-attribute.patch`
		75e304	`Patch0113: 0113-TESTS-Allow-adding-sshPublicKey-for-users.patch`
		75e304	`Patch0114: 0114-TESTS-Add-a-basic-SSH-responder-test.patch`
		75e304	`Patch0115: 0115-SSH-Do-not-exit-abruptly-if-SSHD-closes-its-end-of-t.patch`
		75e304	`Patch0116: 0116-TESTS-Add-a-helper-binary-that-can-trigger-the-SIGPI.patch`
		75e304	`Patch0117: 0117-TESTS-Add-a-regression-test-for-SIGHUP-handling-in-s.patch`
		75e304	`Patch0118: 0118-TESTS-Order-list-of-entries-in-some-lists.patch`
		75e304	`Patch0119: 0119-sysdb-add-sysdb_getgrgid_attrs.patch`
		75e304	`Patch0120: 0120-ipa-use-mpg-aware-group-lookup-in-get_object_from_ca.patch`
		75e304	`Patch0121: 0121-ipa-allow-mpg-group-objects-in-apply_subdomain_homed.patch`
		75e304	`Patch0122: 0122-AD-LDAP-do-not-fall-back-to-mpg-user-lookup-on-GC-co.patch`
		75e304	`Patch0123: 0123-deskprofile-don-t-bail-if-we-fail-to-save-one-profil.patch`
		ecf709
		ecf709	`#This patch should not be removed in RHEL-7`
		ecf709	`Patch999: 0999-NOUPSTREAM-Default-to-root-if-sssd-user-is-not-spec`
		ecf709
		ecf709	`### Dependencies ###`
		ecf709
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709	`Requires: sssd-ldap = %{version}-%{release}`
		ecf709	`Requires: sssd-krb5 = %{version}-%{release}`
		ecf709	`Requires: sssd-ipa = %{version}-%{release}`
		ecf709	`Requires: sssd-ad = %{version}-%{release}`
		ecf709	`Requires: sssd-proxy = %{version}-%{release}`
		ecf709	`Requires: python-sssdconfig = %{version}-%{release}`
		ecf709
		ecf709	`%global servicename sssd`
		ecf709	`%global sssdstatedir %{_localstatedir}/lib/sss`
		ecf709	`%global dbpath %{sssdstatedir}/db`
		ecf709	`%global keytabdir %{sssdstatedir}/keytabs`
		ecf709	`%global pipepath %{sssdstatedir}/pipes`
		ecf709	`%global mcpath %{sssdstatedir}/mc`
		ecf709	`%global pubconfpath %{sssdstatedir}/pubconf`
		ecf709	`%global gpocachepath %{sssdstatedir}/gpo_cache`
		ecf709	`%global secdbpath %{sssdstatedir}/secrets`
		ced1f5	`%global deskprofilepath %{sssdstatedir}/deskprofile`
		ecf709
		ecf709	`### Build Dependencies ###`
		ecf709
		ecf709	`BuildRequires: autoconf`
		ecf709	`BuildRequires: automake`
		ecf709	`BuildRequires: libtool`
		ecf709	`BuildRequires: m4`
		ecf709	`BuildRequires: popt-devel`
		ecf709	`BuildRequires: libtalloc-devel`
		ecf709	`BuildRequires: libtevent-devel`
		ecf709	`BuildRequires: libtdb-devel`
		ecf709
		ecf709	`# LDB needs a strict version match to build`
		ecf709	`BuildRequires: libldb-devel >= %{ldb_version}`
		ecf709	`BuildRequires: libdhash-devel >= 0.4.2`
		ecf709	`BuildRequires: libcollection-devel`
		ecf709	`BuildRequires: libini_config-devel >= 1.3.0`
		ecf709	`BuildRequires: dbus-devel`
		ecf709	`BuildRequires: dbus-libs`
		ecf709	`BuildRequires: openldap-devel`
		ecf709	`BuildRequires: pam-devel`
		ecf709	`BuildRequires: nss-devel`
		ecf709	`BuildRequires: nspr-devel`
		ecf709	`BuildRequires: pcre-devel`
		ecf709	`BuildRequires: libxslt`
		ecf709	`BuildRequires: libxml2`
		ecf709	`BuildRequires: docbook-style-xsl`
		ecf709	`BuildRequires: krb5-devel >= 1.12`
		ecf709	`BuildRequires: c-ares-devel`
		ecf709	`BuildRequires: python-devel`
		ecf709	`BuildRequires: check-devel`
		ecf709	`BuildRequires: doxygen`
		ecf709	`BuildRequires: libselinux-devel`
		ecf709	`BuildRequires: libsemanage-devel`
		ecf709	`BuildRequires: bind-utils`
		ecf709	`BuildRequires: keyutils-libs-devel`
		ecf709	`BuildRequires: gettext-devel`
		ecf709	`BuildRequires: pkgconfig`
		ecf709	`BuildRequires: diffstat`
		ecf709	`BuildRequires: findutils`
		ecf709	`BuildRequires: glib2-devel`
		ecf709	`BuildRequires: selinux-policy-targeted`
		ecf709	`BuildRequires: libnl3-devel`
		ecf709	`BuildRequires: systemd-devel`
		ecf709	`%if (0%{?with_cifs_utils_plugin} == 1)`
		ecf709	`BuildRequires: cifs-utils-devel`
		ecf709	`%endif`
		ecf709	`BuildRequires: libnfsidmap-devel`
		ecf709	`BuildRequires: samba4-devel >= 4.0.0-59beta2`
		086f82	`%if (0%{?detect_idmap_version} == 1)`
		086f82	`BuildRequires: samba-winbind`
		086f82	`%endif`
		ecf709	`BuildRequires: libsmbclient-devel`
		ecf709	`BuildRequires: systemtap-sdt-devel`
		ecf709	`BuildRequires: jansson-devel`
		ecf709	`BuildRequires: http-parser-devel`
		ecf709	`BuildRequires: curl-devel`
		ecf709	`BuildRequires: libuuid-devel`
		ced1f5	`BuildRequires: pkgconfig(gdm-pam-extensions)`
		ecf709
		ecf709	`%description`
		ecf709	`Provides a set of daemons to manage access to remote directories and`
		ecf709	`authentication mechanisms. It provides an NSS and PAM interface toward`
		ecf709	`the system and a pluggable backend system to connect to multiple different`
		ecf709	`account sources. It is also the basis to provide client auditing and policy`
		ecf709	`services for projects like FreeIPA.`
		ecf709
		ecf709	`The sssd subpackage is a meta-package that contains the deamon as well as all`
		ecf709	`the existing back ends.`
		ecf709
		ecf709	`%package common`
		ecf709	`Summary: Common files for the SSSD`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`# Conflicts`
		ecf709	`Conflicts: selinux-policy < 3.10.0-46`
		ecf709	`Conflicts: sssd < 1.10.0-8%{?dist}.beta2`
		ecf709	`# Requires`
		ecf709	`Requires: sssd-client%{?_isa} = %{version}-%{release}`
		ecf709	`Requires: libsss_idmap%{?_isa} = %{version}-%{release}`
		ecf709	`Requires: libsss_sudo%{?_isa} = %{version}-%{release}`
		ecf709	`Requires: libsss_autofs%{?_isa} = %{version}-%{release}`
		ecf709	`Requires(post): systemd-units chkconfig`
		ecf709	`Requires(preun): systemd-units chkconfig`
		ecf709	`Requires(postun): systemd-units chkconfig`
		ecf709	`# sssd-common owns sssd.service file and is restarted in posttrans`
		ecf709	`# libwbclient alternative might break restarting sssd`
		ecf709	`# gpo_child -> libsmbclient -> samba-client-libs -> libwbclient`
		ecf709	`OrderWithRequires: libwbclient`
		ecf709	`OrderWithRequires: sssd-libwbclient`
		ecf709
		ecf709	`### Provides ###`
		ecf709	`Provides: libsss_sudo-devel = %{version}-%{release}`
		ecf709	`Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1`
		ecf709
		ecf709	`%description common`
		ecf709	`Common files for the SSSD. The common package includes all the files needed`
		ecf709	`to run a particular back end, however, the back ends are packaged in separate`
		ecf709	`subpackages such as sssd-ldap.`
		ecf709
		ecf709	`%package client`
		ecf709	`Summary: SSSD Client libraries for NSS and PAM`
		ecf709	`Group: Applications/System`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires(post): /sbin/ldconfig`
		ecf709	`Requires(postun): /sbin/ldconfig`
		ecf709	`Requires(post): /usr/sbin/alternatives`
		ecf709	`Requires(preun): /usr/sbin/alternatives`
		ecf709
		ecf709	`%description client`
		ecf709	`Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD`
		ecf709	`service.`
		ecf709
		ecf709	`%package -n libsss_sudo`
		ecf709	`Summary: A library to allow communication between SUDO and SSSD`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires(post): /sbin/ldconfig`
		ecf709	`Requires(postun): /sbin/ldconfig`
		ecf709
		ecf709	`%description -n libsss_sudo`
		ecf709	`A utility library to allow communication between SUDO and SSSD`
		ecf709
		ecf709	`%package -n libsss_autofs`
		ecf709	`Summary: A library to allow communication between Autofs and SSSD`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709
		ecf709	`%description -n libsss_autofs`
		ecf709	`A utility library to allow communication between Autofs and SSSD`
		ecf709
		ecf709	`%package tools`
		ecf709	`Summary: Userspace tools for use with the SSSD`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709	`Requires: python-sss = %{version}-%{release}`
		ecf709	`Requires: python-sssdconfig = %{version}-%{release}`
		ecf709
		ecf709	`%description tools`
		ecf709	`Provides userspace tools for manipulating users, groups, and nested groups in`
		ecf709	`SSSD when using id_provider = local in /etc/sssd/sssd.conf.`
		ecf709
		ecf709	`Also provides several other administrative tools:`
		ecf709	`* sss_debuglevel to change the debug level on the fly`
		ecf709	`* sss_seed which pre-creates a user entry for use in kickstarts`
		ecf709	`* sss_obfuscate for generating an obfuscated LDAP password`
		ecf709	`* sssctl -- an sssd status and control utility`
		ecf709
		ecf709	`%package -n python-sssdconfig`
		ecf709	`Summary: SSSD and IPA configuration file manipulation classes and functions`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`BuildArch: noarch`
		ecf709
		ecf709	`%description -n python-sssdconfig`
		ecf709	`Provides python2 files for manipulation SSSD and IPA configuration files.`
		ecf709
		ecf709	`%package -n python-sss`
		ecf709	`Summary: Python2 bindings for sssd`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709
		ecf709	`%description -n python-sss`
		ecf709	`Provides python2 module for manipulating users, groups, and nested groups in`
		ecf709	`SSSD when using id_provider = local in /etc/sssd/sssd.conf.`
		ecf709
		ecf709	`Also provides several other useful python2 bindings:`
		ecf709	`* function for retrieving list of groups user belongs to.`
		ecf709	`* class for obfuscation of passwords`
		ecf709
		ecf709	`%package -n python-sss-murmur`
		ecf709	`Summary: Python2 bindings for murmur hash function`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709
		ecf709	`%description -n python-sss-murmur`
		ecf709	`Provides python2 module for calculating the murmur hash version 3`
		ecf709
		ecf709	`%package ldap`
		ecf709	`Summary: The LDAP back end of the SSSD`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`Conflicts: sssd < 1.10.0-8.beta2`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709	`Requires: sssd-krb5-common = %{version}-%{release}`
		ecf709
		ecf709	`%description ldap`
		ecf709	`Provides the LDAP back end that the SSSD can utilize to fetch identity data`
		ecf709	`from and authenticate against an LDAP server.`
		ecf709
		ecf709	`%package krb5-common`
		ecf709	`Summary: SSSD helpers needed for Kerberos and GSSAPI authentication`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`Conflicts: sssd < 1.10.0-8.beta2`
		ecf709	`Requires: cyrus-sasl-gssapi%{?_isa}`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709
		ecf709	`%description krb5-common`
		ecf709	`Provides helper processes that the LDAP and Kerberos back ends can use for`
		ecf709	`Kerberos user or host authentication.`
		ecf709
		ecf709	`%package krb5`
		ecf709	`Summary: The Kerberos authentication back end for the SSSD`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`Conflicts: sssd < 1.10.0-8.beta2`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709	`Requires: sssd-krb5-common = %{version}-%{release}`
		ecf709
		ecf709	`%description krb5`
		ecf709	`Provides the Kerberos back end that the SSSD can utilize authenticate`
		ecf709	`against a Kerberos server.`
		ecf709
		ecf709	`%package common-pac`
		ecf709	`Summary: Common files needed for supporting PAC processing`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709
		ecf709	`%description common-pac`
		ecf709	`Provides common files needed by SSSD providers such as IPA and Active Directory`
		ecf709	`for handling Kerberos PACs.`
		ecf709
		ecf709	`%package ipa`
		ecf709	`Summary: The IPA back end of the SSSD`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`Conflicts: sssd < 1.10.0-8.beta2`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709	`Requires: sssd-krb5-common = %{version}-%{release}`
		ecf709	`Requires: libipa_hbac%{?_isa} = %{version}-%{release}`
		ecf709	`Requires: bind-utils`
		ecf709	`Requires: sssd-common-pac = %{version}-%{release}`
		ecf709	`Requires(pre): shadow-utils`
		ecf709
		ecf709	`%description ipa`
		ecf709	`Provides the IPA back end that the SSSD can utilize to fetch identity data`
		ecf709	`from and authenticate against an IPA server.`
		ecf709
		ecf709	`%package ad`
		ecf709	`Summary: The AD back end of the SSSD`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`Conflicts: sssd < 1.10.0-8.beta2`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709	`Requires: sssd-krb5-common = %{version}-%{release}`
		ecf709	`Requires: bind-utils`
		ecf709	`Requires: sssd-common-pac = %{version}-%{release}`
		ecf709
		ecf709	`%description ad`
		ecf709	`Provides the Active Directory back end that the SSSD can utilize to fetch`
		ecf709	`identity data from and authenticate against an Active Directory server.`
		ecf709
		ecf709	`%package proxy`
		ecf709	`Summary: The proxy back end of the SSSD`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`Conflicts: sssd < 1.10.0-8.beta2`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709
		ecf709	`%description proxy`
		ecf709	`Provides the proxy back end which can be used to wrap an existing NSS and/or`
		ecf709	`PAM modules to leverage SSSD caching.`
		ecf709
		ecf709	`%package -n libsss_idmap`
		ecf709	`Summary: FreeIPA Idmap library`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires(post): /sbin/ldconfig`
		ecf709	`Requires(postun): /sbin/ldconfig`
		ecf709
		ecf709	`%description -n libsss_idmap`
		ecf709	`Utility library to convert SIDs to Unix uids and gids`
		ecf709
		ecf709	`%package -n libsss_idmap-devel`
		ecf709	`Summary: FreeIPA Idmap library`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires: libsss_idmap = %{version}-%{release}`
		ecf709
		ecf709	`%description -n libsss_idmap-devel`
		ecf709	`Utility library to SIDs to Unix uids and gids`
		ecf709
		ecf709	`%package -n libipa_hbac`
		ecf709	`Summary: FreeIPA HBAC Evaluator library`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires(post): /sbin/ldconfig`
		ecf709	`Requires(postun): /sbin/ldconfig`
		ecf709
		ecf709	`%description -n libipa_hbac`
		ecf709	`Utility library to validate FreeIPA HBAC rules for authorization requests`
		ecf709
		ecf709	`%package -n libipa_hbac-devel`
		ecf709	`Summary: FreeIPA HBAC Evaluator library`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires: libipa_hbac = %{version}-%{release}`
		ecf709
		ecf709	`%description -n libipa_hbac-devel`
		ecf709	`Utility library to validate FreeIPA HBAC rules for authorization requests`
		ecf709
		ecf709	`%package -n python-libipa_hbac`
		ecf709	`Summary: Python2 bindings for the FreeIPA HBAC Evaluator library`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires: libipa_hbac = %{version}-%{release}`
		ecf709	`Provides: libipa_hbac-python = %{version}-%{release}`
		ecf709	`Obsoletes: libipa_hbac-python < 1.12.90`
		ecf709
		ecf709	`%description -n python-libipa_hbac`
		ecf709	`The python-libipa_hbac contains the bindings so that libipa_hbac can be`
		ecf709	`used by Python applications.`
		ecf709
		ecf709	`%package -n libsss_nss_idmap`
		ecf709	`Summary: Library for SID and certificate based lookups`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires(post): /sbin/ldconfig`
		ecf709	`Requires(postun): /sbin/ldconfig`
		ecf709
		ecf709	`%description -n libsss_nss_idmap`
		ecf709	`Utility library for SID and certificate based lookups`
		ecf709
		ecf709	`%package -n libsss_nss_idmap-devel`
		ecf709	`Summary: Library for SID and certificate based lookups`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires: libsss_nss_idmap = %{version}-%{release}`
		ecf709
		ecf709	`%description -n libsss_nss_idmap-devel`
		ecf709	`Utility library for SID and certificate based lookups`
		ecf709
		ecf709	`%package -n python-libsss_nss_idmap`
		ecf709	`Summary: Python2 bindings for libsss_nss_idmap`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires: libsss_nss_idmap = %{version}-%{release}`
		ecf709	`Provides: libsss_nss_idmap-python = %{version}-%{release}`
		ecf709	`Obsoletes: libsss_nss_idmap-python < 1.12.90`
		ecf709
		ecf709	`%description -n python-libsss_nss_idmap`
		ecf709	`The python-libsss_nss_idmap contains the bindings so that libsss_nss_idmap can`
		ecf709	`be used by Python applications.`
		ecf709
		ecf709	`%package dbus`
		ecf709	`Summary: The D-Bus responder of the SSSD`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709
		ecf709	`%description dbus`
		ecf709	`Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows`
		ecf709	`the information from the SSSD to be transmitted over the system bus.`
		ecf709
		ecf709	`%if (0%{?install_pcscd_polkit_rule} == 1)`
		ecf709	`%package polkit-rules`
		ecf709	`Summary: Rules for polkit integration for SSSD`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`Requires: polkit >= 0.106`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709
		ecf709	`%description polkit-rules`
		ecf709	`Provides rules for polkit integration with SSSD. This is required`
		ecf709	`for smartcard support.`
		ecf709	`%endif`
		ecf709
		ecf709	`%package -n libsss_simpleifp`
		ecf709	`Summary: The SSSD D-Bus responder helper library`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: GPLv3+`
		ecf709	`Requires: sssd-dbus = %{version}-%{release}`
		ecf709	`Requires(post): /sbin/ldconfig`
		ecf709	`Requires(postun): /sbin/ldconfig`
		ecf709
		ecf709	`%description -n libsss_simpleifp`
		ecf709	`Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.`
		ecf709
		ecf709	`%package -n libsss_simpleifp-devel`
		ecf709	`Summary: The SSSD D-Bus responder helper library`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: GPLv3+`
		ecf709	`Requires: dbus-devel`
		ecf709	`Requires: libsss_simpleifp = %{version}-%{release}`
		ecf709
		ecf709	`%description -n libsss_simpleifp-devel`
		ecf709	`Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.`
		ecf709
		ecf709	`%package libwbclient`
		ecf709	`Summary: The SSSD libwbclient implementation`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+ and LGPLv3+`
		ecf709	`Conflicts: libwbclient < 4.1.12`
		ecf709
		ecf709	`%description libwbclient`
		ecf709	`The SSSD libwbclient implementation.`
		ecf709
		ecf709	`%package libwbclient-devel`
		ecf709	`Summary: Development libraries for the SSSD libwbclient implementation`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: GPLv3+ and LGPLv3+`
		ecf709	`Conflicts: libwbclient-devel < 4.1.12`
		ecf709
		ecf709	`%description libwbclient-devel`
		ecf709	`Development libraries for the SSSD libwbclient implementation.`
		ecf709
		ecf709	`%package winbind-idmap`
		ecf709	`Summary: SSSD's idmap_sss Backend for Winbind`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+ and LGPLv3+`
		ecf709
		ecf709	`%description winbind-idmap`
		ecf709	`The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs`
		ecf709	`and SIDs.`
		ecf709
		ecf709	`%package -n libsss_certmap`
		ecf709	`Summary: SSSD Certficate Mapping Library`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires(post): /sbin/ldconfig`
		ecf709	`Requires(postun): /sbin/ldconfig`
		ecf709
		ecf709	`%description -n libsss_certmap`
		ecf709	`Library to map certificates to users based on rules`
		ecf709
		ecf709	`%package -n libsss_certmap-devel`
		ecf709	`Summary: SSSD Certficate Mapping Library`
		ecf709	`Group: Development/Libraries`
		ecf709	`License: LGPLv3+`
		ecf709	`Requires: libsss_certmap = %{version}-%{release}`
		ecf709
		ecf709	`%description -n libsss_certmap-devel`
		ecf709	`Library to map certificates to users based on rules`
		ecf709
		ecf709	`%if (0%{?with_kcm} == 1)`
		ecf709	`%package kcm`
		ecf709	`Summary: An implementation of a Kerberos KCM server`
		ecf709	`Group: Applications/System`
		ecf709	`License: GPLv3+`
		ecf709	`Requires: sssd-common = %{version}-%{release}`
		ecf709
		ecf709	`%description kcm`
		ecf709	`An implementation of a Kerberos KCM server. Use this package if you want to`
		ecf709	`use the KCM: Kerberos credentials cache.`
		ecf709	`%endif`
		ecf709
		ecf709	`%prep`
		ecf709	`# Update timestamps on the files touched by a patch, to avoid non-equal`
		ecf709	`# .pyc/.pyo files across the multilib peers within a build, where "Level"`
		ecf709	`# is the patch prefix option (e.g. -p1)`
		ecf709	`# Taken from specfile for python-simplejson`
		ecf709	`UpdateTimestamps() {`
		ecf709	`Level=$1`
		ecf709	`PatchFile=$2`
		ecf709
		ecf709	`# Locate the affected files:`
		ecf709	`for f in $(diffstat $Level -l $PatchFile); do`
		ecf709	`# Set the files to have the same timestamp as that of the patch:`
		ecf709	`touch -r $PatchFile $f`
		ecf709	`done`
		ecf709	`}`
		ecf709
		ecf709	`%setup -q`
		ecf709
		ecf709	`for p in %patches ; do`
		ecf709	`%__patch -p1 -i $p`
		ecf709	`UpdateTimestamps -p1 $p`
		ecf709	`done`
		ecf709
		ced1f5	`cp %{SOURCE1} src/tests/cmocka/p11_nssdb_2certs/`
		ced1f5	`cp %{SOURCE2} src/tests/cmocka/p11_nssdb_2certs/`
		ced1f5
		ecf709	`%build`
		ecf709	`autoreconf -ivf`
		ecf709
		ecf709	`%configure \`
		ecf709	`--with-test-dir=/dev/shm \`
		ecf709	`--with-db-path=%{dbpath} \`
		ecf709	`--with-mcache-path=%{mcpath} \`
		ecf709	`--with-pipe-path=%{pipepath} \`
		ecf709	`--with-pubconf-path=%{pubconfpath} \`
		ecf709	`--with-gpo-cache-path=%{gpocachepath} \`
		ecf709	`--with-init-dir=%{_initrddir} \`
		ecf709	`--with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \`
		ecf709	`--enable-nsslibdir=%{_libdir} \`
		ecf709	`--enable-pammoddir=%{_libdir}/security \`
		ecf709	`--enable-nfsidmaplibdir=%{_libdir}/libnfsidmap \`
		ecf709	`--disable-static \`
		ecf709	`--disable-rpath \`
		ecf709	`--with-sssd-user=sssd \`
		ecf709	`--with-initscript=systemd \`
		ecf709	`--with-syslog=journald \`
		ecf709	`--enable-sss-default-nss-plugin \`
		ecf709	`%{?with_cifs_utils_plugin_option} \`
		ecf709	`--without-python3-bindings \`
		ecf709	`--with-ad-gpo-default=permissive \`
		ecf709	`%{?enable_polkit_rules_option} \`
		ecf709	`%{?enable_systemtap_opt} \`
		086f82	`%{?with_kcm_option} \`
		086f82	`%{?with_idmap_version}`
		ecf709
		ecf709	`make %{?_smp_mflags} all docs`
		ecf709
		ecf709	`%check`
		ecf709	`export CK_TIMEOUT_MULTIPLIER=10`
		ecf709	`make %{?_smp_mflags} check VERBOSE=yes`
		ecf709	`unset CK_TIMEOUT_MULTIPLIER`
		ecf709
		ecf709	`%install`
		ecf709
		ecf709	`make install DESTDIR=$RPM_BUILD_ROOT`
		ecf709
		ecf709	`if [ ! -f $RPM_BUILD_ROOT/%{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version} ]`
		ecf709	`then`
		ecf709	`echo "Expected libwbclient version not found, please check if version has changed."`
		ecf709	`exit -1`
		ecf709	`fi`
		ecf709
		ecf709	`# Prepare language files`
		ecf709	`/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sssd`
		ecf709
		ecf709	`# Copy default logrotate file`
		ecf709	`mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d`
		ecf709	`install -m644 src/examples/logrotate $RPM_BUILD_ROOT%{_sysconfdir}/logrotate.d/sssd`
		ecf709
		ecf709	`# Make sure SSSD is able to run on read-only root`
		ecf709	`mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d`
		ecf709	`install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd`
		ecf709
		ecf709	`%if (0%{?with_cifs_utils_plugin} == 1)`
		ecf709	`# Create directory for cifs-idmap alternative`
		ecf709	`# Otherwise this directory could not be owned by sssd-client`
		ecf709	`mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/cifs-utils`
		ecf709	`%endif`
		ecf709
		ecf709	`# Remove .la files created by libtool`
		ecf709	`find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;`
		ecf709
		ecf709	`# Suppress developer-only documentation`
		ecf709	`rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}`
		ecf709
		ecf709	`# Older versions of rpmbuild can only handle one -f option`
		ecf709	`# So we need to append to the sssd*.lang file`
		ecf709	for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null`
		ecf709	`do`
		ecf709	echo %{python_sitelib}/`basename $file` >> python_sssdconfig.lang
		ecf709	`done`
		ecf709
		ecf709	`touch sssd.lang`
		ecf709	`for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \`
		ecf709	`sssd_client sssd_dbus sssd_winbind_idmap \`
		ecf709	`libsss_certmap sssd_kcm`
		ecf709	`do`
		ecf709	`touch $subpackage.lang`
		ecf709	`done`
		ecf709
		ecf709	for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f \| sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
		ecf709	`do`
		ecf709	lang=`echo $man \| cut -c 1-2`
		ecf709	case `basename $man` in
		ecf709	`sss_cache*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd.lang`
		ecf709	`;;`
		ecf709	`sss_ssh*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd.lang`
		ecf709	`;;`
		ecf709	`sss_*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_tools.lang`
		ecf709	`;;`
		ecf709	`sssctl*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_tools.lang`
		ecf709	`;;`
		ecf709	`sssd_krb5_*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_client.lang`
		ecf709	`;;`
		ecf709	`pam_sss*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_client.lang`
		ecf709	`;;`
		ecf709	`sssd-ldap*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_ldap.lang`
		ecf709	`;;`
		ecf709	`sssd-krb5*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_krb5.lang`
		ecf709	`;;`
		ecf709	`sssd-ipa*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_ipa.lang`
		ecf709	`;;`
		ecf709	`sssd-ad*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_ad.lang`
		ecf709	`;;`
		ecf709	`sssd-proxy*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_proxy.lang`
		ecf709	`;;`
		ecf709	`sssd-ifp*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_dbus.lang`
		ecf709	`;;`
		ecf709	`sssd-kcm*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_kcm.lang`
		ecf709	`;;`
		ecf709	`idmap_sss*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd_winbind_idmap.lang`
		ecf709	`;;`
		ecf709	`sss-certmap*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> libsss_certmap.lang`
		ecf709	`;;`
		ecf709	`*)`
		ecf709	`echo \%lang$${lang}$ \%{_mandir}/${man}\* >> sssd.lang`
		ecf709	`;;`
		ecf709	`esac`
		ecf709	`done`
		ecf709
		ecf709	`# Print these to the rpmbuild log`
		ecf709	`echo "sssd.lang:"`
		ecf709	`cat sssd.lang`
		ecf709
		ecf709	`echo "python_sssdconfig.lang:"`
		ecf709	`cat python_sssdconfig.lang`
		ecf709
		ecf709	`for subpackage in sssd_ldap sssd_krb5 sssd_ipa sssd_ad sssd_proxy sssd_tools \`
		ecf709	`sssd_client sssd_dbus sssd_winbind_idmap \`
		ecf709	`libsss_certmap sssd_kcm`
		ecf709	`do`
		ecf709	`echo "$subpackage.lang:"`
		ecf709	`cat $subpackage.lang`
		ecf709	`done`
		ecf709
		ecf709	`%files`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license COPYING`
		ecf709
		ecf709	`%files common -f sssd.lang`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license COPYING`
		ecf709	`%doc src/examples/sssd-example.conf`
		ecf709	`%{_sbindir}/sssd`
		ecf709	`%{_unitdir}/sssd.service`
		ecf709	`%{_unitdir}/sssd-autofs.socket`
		ecf709	`%{_unitdir}/sssd-autofs.service`
		ecf709	`%{_unitdir}/sssd-nss.socket`
		ecf709	`%{_unitdir}/sssd-nss.service`
		ecf709	`%{_unitdir}/sssd-pac.socket`
		ecf709	`%{_unitdir}/sssd-pac.service`
		ecf709	`%{_unitdir}/sssd-pam.socket`
		ecf709	`%{_unitdir}/sssd-pam-priv.socket`
		ecf709	`%{_unitdir}/sssd-pam.service`
		ecf709	`%{_unitdir}/sssd-ssh.socket`
		ecf709	`%{_unitdir}/sssd-ssh.service`
		ecf709	`%{_unitdir}/sssd-sudo.socket`
		ecf709	`%{_unitdir}/sssd-sudo.service`
		ecf709	`%{_unitdir}/sssd-secrets.socket`
		ecf709	`%{_unitdir}/sssd-secrets.service`
		ecf709
		ecf709	`%dir %{_libexecdir}/%{servicename}`
		ecf709	`%{_libexecdir}/%{servicename}/sssd_be`
		ecf709	`%{_libexecdir}/%{servicename}/sssd_nss`
		ecf709	`%{_libexecdir}/%{servicename}/sssd_pam`
		ecf709	`%{_libexecdir}/%{servicename}/sssd_autofs`
		ecf709	`%{_libexecdir}/%{servicename}/sssd_secrets`
		ecf709	`%{_libexecdir}/%{servicename}/sssd_ssh`
		ecf709	`%{_libexecdir}/%{servicename}/sssd_sudo`
		ecf709	`%{_libexecdir}/%{servicename}/p11_child`
		ecf709	`%{_libexecdir}/%{servicename}/sssd_check_socket_activated_responders`
		ecf709
		ecf709	`%dir %{_libdir}/%{name}`
		ecf709	`# The files provider is intentionally packaged in -common`
		ecf709	`%{_libdir}/%{name}/libsss_files.so`
		ecf709	`%{_libdir}/%{name}/libsss_simple.so`
		ecf709
		ecf709	`#Internal shared libraries`
		ecf709	`%{_libdir}/%{name}/libsss_child.so`
		ecf709	`%{_libdir}/%{name}/libsss_crypt.so`
		ecf709	`%{_libdir}/%{name}/libsss_cert.so`
		ecf709	`%{_libdir}/%{name}/libsss_debug.so`
		ecf709	`%{_libdir}/%{name}/libsss_krb5_common.so`
		ecf709	`%{_libdir}/%{name}/libsss_ldap_common.so`
		ecf709	`%{_libdir}/%{name}/libsss_util.so`
		ecf709	`%{_libdir}/%{name}/libsss_semanage.so`
		ecf709
		ecf709	`# 3rd party application libraries`
		ecf709	`%{_libdir}/libnfsidmap/sss.so`
		ecf709
		ecf709	`%{ldb_modulesdir}/memberof.so`
		ecf709	`%{_bindir}/sss_ssh_authorizedkeys`
		ecf709	`%{_bindir}/sss_ssh_knownhostsproxy`
		ecf709	`%{_sbindir}/sss_cache`
		ecf709	`%{_libexecdir}/%{servicename}/sss_signal`
		ecf709
		ecf709	`%dir %{sssdstatedir}`
		ecf709	`%dir %{_localstatedir}/cache/krb5rcache`
		ecf709	`%attr(700,sssd,sssd) %dir %{dbpath}`
		ecf709	`%attr(755,sssd,sssd) %dir %{mcpath}`
		ecf709	`%attr(700,root,root) %dir %{secdbpath}`
		ced1f5	`%attr(755,root,root) %dir %{deskprofilepath}`
		ecf709	`%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/passwd`
		ecf709	`%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/group`
		ecf709	`%ghost %attr(0644,sssd,sssd) %verify(not md5 size mtime) %{mcpath}/initgroups`
		ecf709	`%attr(755,sssd,sssd) %dir %{pipepath}`
		ecf709	`%attr(750,sssd,root) %dir %{pipepath}/private`
		ecf709	`%attr(755,sssd,sssd) %dir %{pubconfpath}`
		ecf709	`%attr(755,sssd,sssd) %dir %{gpocachepath}`
		ecf709	`%attr(750,sssd,sssd) %dir %{_var}/log/%{name}`
		ecf709	`%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd`
		ecf709	`%attr(711,sssd,sssd) %dir %{_sysconfdir}/sssd/conf.d`
		ecf709	`%ghost %attr(0600,sssd,sssd) %config(noreplace) %{_sysconfdir}/sssd/sssd.conf`
		ecf709	`%dir %{_sysconfdir}/logrotate.d`
		ecf709	`%config(noreplace) %{_sysconfdir}/logrotate.d/sssd`
		ecf709	`%dir %{_sysconfdir}/rwtab.d`
		ecf709	`%config(noreplace) %{_sysconfdir}/rwtab.d/sssd`
		ecf709	`%dir %{_datadir}/sssd`
		ecf709	`%{_sysconfdir}/pam.d/sssd-shadowutils`
		ecf709	`%{_libdir}/%{name}/conf/sssd.conf`
		ecf709
		ecf709	`%{_datadir}/sssd/cfg_rules.ini`
		ecf709	`%{_datadir}/sssd/sssd.api.conf`
		ecf709	`%{_datadir}/sssd/sssd.api.d`
		ecf709	`%{_mandir}/man1/sss_ssh_authorizedkeys.1*`
		ecf709	`%{_mandir}/man1/sss_ssh_knownhostsproxy.1*`
		ecf709	`%{_mandir}/man5/sssd.conf.5*`
		ecf709	`%{_mandir}/man5/sssd-files.5*`
		ecf709	`%{_mandir}/man5/sssd-simple.5*`
		ecf709	`%{_mandir}/man5/sssd-sudo.5*`
		ced1f5	`%{_mandir}/man5/sssd-session-recording.5*`
		ecf709	`%{_mandir}/man5/sssd-secrets.5*`
		ecf709	`%{_mandir}/man5/sss_rpcidmapd.5*`
		ecf709	`%{_mandir}/man8/sssd.8*`
		ecf709	`%{_mandir}/man8/sss_cache.8*`
		ecf709	`%if (0%{?enable_systemtap} == 1)`
		ecf709	`%dir %{_datadir}/sssd/systemtap`
		ecf709	`%{_datadir}/sssd/systemtap/id_perf.stp`
		ecf709	`%{_datadir}/sssd/systemtap/nested_group_perf.stp`
		ced1f5	`%{_datadir}/sssd/systemtap/dp_request.stp`
		ecf709	`%dir %{_datadir}/systemtap`
		ecf709	`%dir %{_datadir}/systemtap/tapset`
		ecf709	`%{_datadir}/systemtap/tapset/sssd.stp`
		ecf709	`%{_datadir}/systemtap/tapset/sssd_functions.stp`
		ced1f5	`%{_mandir}/man5/sssd-systemtap.5*`
		ecf709	`%endif`
		ecf709
		ecf709	`%if (0%{?install_pcscd_polkit_rule} == 1)`
		ecf709	`%files polkit-rules`
		ecf709	`%{_datadir}/polkit-1/rules.d/*`
		ecf709	`%endif`
		ecf709
		ecf709	`%files ldap -f sssd_ldap.lang`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license COPYING`
		ecf709	`%{_libdir}/%{name}/libsss_ldap.so`
		ecf709	`%{_mandir}/man5/sssd-ldap.5*`
		ecf709
		ecf709	`%files krb5-common`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license COPYING`
		ecf709	`%attr(755,sssd,sssd) %dir %{pubconfpath}/krb5.include.d`
		ecf709	`%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/ldap_child`
		ecf709	`%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/krb5_child`
		ecf709
		ecf709	`%files krb5 -f sssd_krb5.lang`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license COPYING`
		ecf709	`%{_libdir}/%{name}/libsss_krb5.so`
		ecf709	`%{_mandir}/man5/sssd-krb5.5*`
		ecf709
		ecf709	`%files common-pac`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license COPYING`
		ecf709	`%{_libexecdir}/%{servicename}/sssd_pac`
		ecf709
		ecf709	`%files ipa -f sssd_ipa.lang`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license COPYING`
		ecf709	`%attr(700,sssd,sssd) %dir %{keytabdir}`
		ecf709	`%{_libdir}/%{name}/libsss_ipa.so`
		ecf709	`%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/selinux_child`
		ecf709	`%{_mandir}/man5/sssd-ipa.5*`
		ecf709
		ecf709	`%files ad -f sssd_ad.lang`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license COPYING`
		ecf709	`%{_libdir}/%{name}/libsss_ad.so`
		ecf709	`%{_libexecdir}/%{servicename}/gpo_child`
		ecf709	`%{_mandir}/man5/sssd-ad.5*`
		ecf709
		ecf709	`%files proxy`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license COPYING`
		ecf709	`%attr(4750,root,sssd) %{_libexecdir}/%{servicename}/proxy_child`
		ecf709	`%{_libdir}/%{name}/libsss_proxy.so`
		ecf709
		ecf709	`%files dbus -f sssd_dbus.lang`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license COPYING`
		ecf709	`%{_libexecdir}/%{servicename}/sssd_ifp`
		ecf709	`%{_mandir}/man5/sssd-ifp.5*`
		ecf709	`%{_unitdir}/sssd-ifp.service`
		ecf709	`# InfoPipe DBus plumbing`
		ecf709	`%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf`
		ecf709	`%{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service`
		ecf709
		ecf709	`%files -n libsss_simpleifp`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%{_libdir}/libsss_simpleifp.so.*`
		ecf709
		ecf709	`%files -n libsss_simpleifp-devel`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%doc sss_simpleifp_doc/html`
		ecf709	`%{_includedir}/sss_sifp.h`
		ecf709	`%{_includedir}/sss_sifp_dbus.h`
		ecf709	`%{_libdir}/libsss_simpleifp.so`
		ecf709	`%{_libdir}/pkgconfig/sss_simpleifp.pc`
		ecf709
		ecf709	`%files client -f sssd_client.lang`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license src/sss_client/COPYING src/sss_client/COPYING.LESSER`
		ecf709	`%{_libdir}/libnss_sss.so.2`
		ecf709	`%{_libdir}/security/pam_sss.so`
		ecf709	`%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so`
		ecf709	`%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so`
		ecf709	`%if (0%{?with_cifs_utils_plugin} == 1)`
		ecf709	`%dir %{_libdir}/cifs-utils`
		ecf709	`%{_libdir}/cifs-utils/cifs_idmap_sss.so`
		ecf709	`%dir %{_sysconfdir}/cifs-utils`
		ecf709	`%ghost %{_sysconfdir}/cifs-utils/idmap-plugin`
		ecf709	`%endif`
		ecf709	`%if (0%{?with_krb5_localauth_plugin} == 1)`
		ecf709	`%dir %{_libdir}/%{name}`
		ecf709	`%dir %{_libdir}/%{name}/modules`
		ecf709	`%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so`
		ecf709	`%endif`
		ecf709	`%{_mandir}/man8/pam_sss.8*`
		ecf709	`%{_mandir}/man8/sssd_krb5_locator_plugin.8*`
		ecf709
		ecf709	`%files -n libsss_sudo`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license src/sss_client/COPYING`
		ecf709	`%{_libdir}/libsss_sudo.so*`
		ecf709
		ecf709	`%files -n libsss_autofs`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license src/sss_client/COPYING src/sss_client/COPYING.LESSER`
		ecf709	`%dir %{_libdir}/%{name}/modules`
		ecf709	`%{_libdir}/%{name}/modules/libsss_autofs.so`
		ecf709
		ecf709	`%files tools -f sssd_tools.lang`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license COPYING`
		ecf709	`%{_sbindir}/sss_useradd`
		ecf709	`%{_sbindir}/sss_userdel`
		ecf709	`%{_sbindir}/sss_usermod`
		ecf709	`%{_sbindir}/sss_groupadd`
		ecf709	`%{_sbindir}/sss_groupdel`
		ecf709	`%{_sbindir}/sss_groupmod`
		ecf709	`%{_sbindir}/sss_groupshow`
		ecf709	`%{_sbindir}/sss_obfuscate`
		ecf709	`%{_sbindir}/sss_override`
		ecf709	`%{_sbindir}/sss_debuglevel`
		ecf709	`%{_sbindir}/sss_seed`
		ecf709	`%{_sbindir}/sssctl`
		ecf709	`%{_mandir}/man8/sss_groupadd.8*`
		ecf709	`%{_mandir}/man8/sss_groupdel.8*`
		ecf709	`%{_mandir}/man8/sss_groupmod.8*`
		ecf709	`%{_mandir}/man8/sss_groupshow.8*`
		ecf709	`%{_mandir}/man8/sss_useradd.8*`
		ecf709	`%{_mandir}/man8/sss_userdel.8*`
		ecf709	`%{_mandir}/man8/sss_usermod.8*`
		ecf709	`%{_mandir}/man8/sss_obfuscate.8*`
		ecf709	`%{_mandir}/man8/sss_override.8*`
		ecf709	`%{_mandir}/man8/sss_debuglevel.8*`
		ecf709	`%{_mandir}/man8/sss_seed.8*`
		ecf709	`%{_mandir}/man8/sssctl.8*`
		ecf709
		ecf709	`%files -n python-sssdconfig -f python_sssdconfig.lang`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%dir %{python_sitelib}/SSSDConfig`
		ecf709	`%{python_sitelib}/SSSDConfig/.py`
		ecf709
		ecf709	`%files -n python-sss`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%{python_sitearch}/pysss.so`
		ecf709
		ecf709	`%files -n python-sss-murmur`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%{python_sitearch}/pysss_murmur.so`
		ecf709
		ecf709	`%files -n libsss_idmap`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license src/sss_client/COPYING src/sss_client/COPYING.LESSER`
		ecf709	`%{_libdir}/libsss_idmap.so.*`
		ecf709
		ecf709	`%files -n libsss_idmap-devel`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%doc idmap_doc/html`
		ecf709	`%{_includedir}/sss_idmap.h`
		ecf709	`%{_libdir}/libsss_idmap.so`
		ecf709	`%{_libdir}/pkgconfig/sss_idmap.pc`
		ecf709
		ecf709	`%files -n libipa_hbac`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license src/sss_client/COPYING src/sss_client/COPYING.LESSER`
		ecf709	`%{_libdir}/libipa_hbac.so.*`
		ecf709
		ecf709	`%files -n libipa_hbac-devel`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%doc hbac_doc/html`
		ecf709	`%{_includedir}/ipa_hbac.h`
		ecf709	`%{_libdir}/libipa_hbac.so`
		ecf709	`%{_libdir}/pkgconfig/ipa_hbac.pc`
		ecf709
		ecf709	`%files -n libsss_nss_idmap`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license src/sss_client/COPYING src/sss_client/COPYING.LESSER`
		ecf709	`%{_libdir}/libsss_nss_idmap.so.*`
		ecf709
		ecf709	`%files -n libsss_nss_idmap-devel`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%doc nss_idmap_doc/html`
		ecf709	`%{_includedir}/sss_nss_idmap.h`
		ecf709	`%{_libdir}/libsss_nss_idmap.so`
		ecf709	`%{_libdir}/pkgconfig/sss_nss_idmap.pc`
		ecf709
		ecf709	`%files -n python-libsss_nss_idmap`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%{python_sitearch}/pysss_nss_idmap.so`
		ecf709
		ecf709	`%files -n python-libipa_hbac`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%{python_sitearch}/pyhbac.so`
		ecf709
		ecf709	`%files libwbclient`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%dir %{_libdir}/%{name}`
		ecf709	`%dir %{_libdir}/%{name}/modules`
		ecf709	`%{_libdir}/%{name}/modules/libwbclient.so.*`
		ecf709
		ecf709	`%files libwbclient-devel`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%{_includedir}/wbclient_sssd.h`
		ecf709	`%{_libdir}/%{name}/modules/libwbclient.so`
		ecf709	`%{_libdir}/pkgconfig/wbclient_sssd.pc`
		ecf709
		ecf709	`%files winbind-idmap -f sssd_winbind_idmap.lang`
		ecf709	`%dir %{_libdir}/samba/idmap`
		ecf709	`%{_libdir}/samba/idmap/sss.so`
		ecf709	`%{_mandir}/man8/idmap_sss.8*`
		ecf709
		ecf709	`%files -n libsss_certmap -f libsss_certmap.lang`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%license src/sss_client/COPYING src/sss_client/COPYING.LESSER`
		ecf709	`%{_libdir}/libsss_certmap.so.*`
		ecf709	`%{_mandir}/man5/sss-certmap.5*`
		ecf709
		ecf709	`%files -n libsss_certmap-devel`
		ecf709	`%defattr(-,root,root,-)`
		ecf709	`%doc certmap_doc/html`
		ecf709	`%{_includedir}/sss_certmap.h`
		ecf709	`%{_libdir}/libsss_certmap.so`
		ecf709	`%{_libdir}/pkgconfig/sss_certmap.pc`
		ecf709
		ecf709	`%pre ipa`
		ecf709	`getent group sssd >/dev/null \|\| groupadd -r sssd`
		ecf709	`getent passwd sssd >/dev/null \|\| useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd`
		ecf709
		ecf709	`%pre krb5-common`
		ecf709	`getent group sssd >/dev/null \|\| groupadd -r sssd`
		ecf709	`getent passwd sssd >/dev/null \|\| useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd`
		ecf709
		ecf709	`%if (0%{?with_kcm} == 1)`
		ecf709	`%files kcm -f sssd_kcm.lang`
		ecf709	`%{_libexecdir}/%{servicename}/sssd_kcm`
		ced1f5	`%dir %{_datadir}/sssd-kcm`
		ced1f5	`%{_datadir}/sssd-kcm/kcm_default_ccache`
		ecf709	`%{_unitdir}/sssd-kcm.socket`
		ecf709	`%{_unitdir}/sssd-kcm.service`
		ecf709	`%{_mandir}/man8/sssd-kcm.8*`
		ecf709	`%endif`
		ecf709
		ecf709	`%pre common`
		ecf709	`getent group sssd >/dev/null \|\| groupadd -r sssd`
		ecf709	`getent passwd sssd >/dev/null \|\| useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssd`
		ecf709	`/bin/systemctl is-active --quiet sssd.service && touch /var/tmp/sssd_is_running \|\| :`
		ecf709
		ecf709	`%post common`
		ecf709	`%systemd_post sssd.service`
		ecf709	`%systemd_post sssd-autofs.socket`
		ecf709	`%systemd_post sssd-nss.socket`
		ecf709	`%systemd_post sssd-pac.socket`
		ecf709	`%systemd_post sssd-pam.socket`
		ecf709	`%systemd_post sssd-pam-priv.socket`
		ecf709	`%systemd_post sssd-secrets.socket`
		ecf709	`%systemd_post sssd-ssh.socket`
		ecf709	`%systemd_post sssd-sudo.socket`
		ecf709
		ecf709	`%preun common`
		ecf709	`%systemd_preun sssd.service`
		ecf709	`%systemd_preun sssd-autofs.socket`
		ecf709	`%systemd_preun sssd-nss.socket`
		ecf709	`%systemd_preun sssd-pac.socket`
		ecf709	`%systemd_preun sssd-pam.socket`
		ecf709	`%systemd_preun sssd-pam-priv.socket`
		ecf709	`%systemd_preun sssd-secrets.socket`
		ecf709	`%systemd_preun sssd-ssh.socket`
		ecf709	`%systemd_preun sssd-sudo.socket`
		ecf709
		ecf709	`%postun common`
		ecf709	`%systemd_postun_with_restart sssd-autofs.socket`
		ecf709	`%systemd_postun_with_restart sssd-autofs.service`
		ecf709	`%systemd_postun_with_restart sssd-nss.socket`
		ecf709	`%systemd_postun_with_restart sssd-nss.service`
		ecf709	`%systemd_postun_with_restart sssd-pac.socket`
		ecf709	`%systemd_postun_with_restart sssd-pac.service`
		ecf709	`%systemd_postun_with_restart sssd-pam.socket`
		ecf709	`%systemd_postun_with_restart sssd-pam-priv.socket`
		ecf709	`%systemd_postun_with_restart sssd-pam.service`
		ecf709	`%systemd_postun_with_restart sssd-secrets.socket`
		ecf709	`%systemd_postun_with_restart sssd-secrets.service`
		ecf709	`%systemd_postun_with_restart sssd-ssh.socket`
		ecf709	`%systemd_postun_with_restart sssd-ssh.service`
		ecf709	`%systemd_postun_with_restart sssd-sudo.socket`
		ecf709	`%systemd_postun_with_restart sssd-sudo.service`
		ecf709
		ecf709	`%post dbus`
		ecf709	`%systemd_post sssd-ifp.service`
		ecf709
		ecf709	`%preun dbus`
		ecf709	`%systemd_preun sssd-ifp.service`
		ecf709
		ecf709	`%postun dbus`
		ecf709	`%systemd_postun_with_restart sssd-ifp.service`
		ecf709
		ecf709	`%if (0%{?with_kcm} == 1)`
		ecf709	`%post kcm`
		ecf709	`%systemd_post sssd-kcm.socket`
		ecf709
		ecf709	`%preun kcm`
		ecf709	`%systemd_preun sssd-kcm.socket`
		ecf709
		ecf709	`%postun kcm`
		ecf709	`%systemd_postun_with_restart sssd-kcm.socket`
		ecf709	`%systemd_postun_with_restart sssd-kcm.service`
		ecf709	`%endif`
		ecf709
		ecf709	`%if (0%{?with_cifs_utils_plugin} == 1)`
		ecf709	`%post client`
		ecf709	`/sbin/ldconfig`
		ecf709	`/usr/sbin/alternatives --install /etc/cifs-utils/idmap-plugin cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so 20`
		ecf709
		ecf709	`%preun client`
		ecf709	`if [ $1 -eq 0 ] ; then`
		ecf709	`/usr/sbin/alternatives --remove cifs-idmap-plugin %{_libdir}/cifs-utils/cifs_idmap_sss.so`
		ecf709	`fi`
		ecf709	`%else`
		ecf709	`%post client -p /sbin/ldconfig`
		ecf709	`%endif`
		ecf709
		ecf709	`%postun client -p /sbin/ldconfig`
		ecf709
		ecf709	`%post -n libsss_sudo -p /sbin/ldconfig`
		ecf709
		ecf709	`%postun -n libsss_sudo -p /sbin/ldconfig`
		ecf709
		ecf709	`%post -n libipa_hbac -p /sbin/ldconfig`
		ecf709
		ecf709	`%postun -n libipa_hbac -p /sbin/ldconfig`
		ecf709
		ecf709	`%post -n libsss_idmap -p /sbin/ldconfig`
		ecf709
		ecf709	`%postun -n libsss_idmap -p /sbin/ldconfig`
		ecf709
		ecf709	`%post -n libsss_nss_idmap -p /sbin/ldconfig`
		ecf709
		ecf709	`%postun -n libsss_nss_idmap -p /sbin/ldconfig`
		ecf709
		ecf709	`%post -n libsss_simpleifp -p /sbin/ldconfig`
		ecf709
		ecf709	`%postun -n libsss_simpleifp -p /sbin/ldconfig`
		ecf709
		ecf709	`%post -n libsss_certmap -p /sbin/ldconfig`
		ecf709
		ecf709	`%postun -n libsss_certmap -p /sbin/ldconfig`
		ecf709
		ecf709	`%post libwbclient`
		ecf709	`%{_sbindir}/update-alternatives \`
		ecf709	`--install %{_libdir}/libwbclient.so.%{libwbc_alternatives_version} \`
		ecf709	`libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \`
		ecf709	`%{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version} 20`
		ecf709	`/sbin/ldconfig`
		ecf709
		ecf709	`%preun libwbclient`
		ecf709	`if [ $1 -eq 0 ]; then`
		ecf709	`%{_sbindir}/update-alternatives \`
		ecf709	`--remove libwbclient.so.%{libwbc_alternatives_version}%{libwbc_alternatives_suffix} \`
		ecf709	`%{_libdir}/%{name}/modules/libwbclient.so.%{libwbc_lib_version}`
		ecf709	`fi`
		ecf709	`/sbin/ldconfig`
		ecf709
		ecf709	`%post libwbclient-devel`
		ecf709	`%{_sbindir}/update-alternatives --install %{_libdir}/libwbclient.so \`
		ecf709	`libwbclient.so%{libwbc_alternatives_suffix} \`
		ecf709	`%{_libdir}/%{name}/modules/libwbclient.so 20`
		ecf709
		ecf709	`%preun libwbclient-devel`
		ecf709	`if [ $1 -eq 0 ]; then`
		ecf709	`%{_sbindir}/update-alternatives --remove \`
		ecf709	`libwbclient.so%{libwbc_alternatives_suffix} \`
		ecf709	`%{_libdir}/%{name}/modules/libwbclient.so`
		ecf709	`fi`
		ecf709
		ecf709	`%posttrans common`
		086f82	`systemctl try-restart sssd >/dev/null 2>&1 \|\| :`
		ecf709	`# After changing order of sssd-common and *libwbclient,`
		ecf709	`# older version of sssd will restart sssd.service in postun scriptlet`
		ecf709	`# It failed due to missing alternative to libwbclient. Start it again.`
		ecf709	`/bin/systemctl is-active --quiet sssd.service \|\| {`
		ecf709	`if [ -f /var/tmp/sssd_is_running ]; then`
		ecf709	`systemctl start sssd.service >/dev/null 2>&1;`
		ecf709	`rm -f /var/tmp/sssd_is_running;`
		ecf709	`fi`
		ecf709	`}`
		ecf709
		ecf709	`%changelog`
		75e304	`* Thu Jul 26 2018 Jakub Hrozek <jhrozek@redhat.com> - 1.16.0-19.8`
		75e304	`- Resolves: rhbz#1601360 - SSSD bails out saving desktop profiles in case an invalid profile is found [rhel-7.5.z]`
		75e304
		75e304	`* Tue Jul 24 2018 Jakub Hrozek <jhrozek@redhat.com> - 1.16.0-19.7`
		75e304	`- Resolves: rhbz#1596292 - home dir disappear in sssd cache on the IPA master for AD users [rhel-7.5.z]`
		75e304
		75e304	`* Fri Jul 20 2018 Jakub Hrozek <jhrozek@redhat.com> - 1.16.0-19.6`
		75e304	`- Resolves: rhbz#1594178 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 [rhel-7.5.z]`
		75e304
		086f82	`* Thu May 31 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-19.5`
		086f82	`- Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z]`
		086f82
		086f82	`* Mon May 21 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-19.4`
		086f82	`- Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z]`
		086f82
		086f82	`* Fri May 18 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-19.3`
		086f82	`- Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z]`
		086f82
		086f82	`* Fri May 18 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-19.2`
		086f82	`- Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z]`
		086f82
		086f82	`* Mon Apr 23 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-19.1`
		086f82	`- Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z]`
		086f82
		ced1f5	`* Wed Feb 21 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-19`
		ced1f5	`- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket`
		ced1f5
		ced1f5	`* Wed Feb 21 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-18`
		ced1f5	`- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems.`
		ced1f5	`- Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket`
		ced1f5
		ced1f5	`* Mon Feb 19 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-17`
		ced1f5	`- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD`
		ced1f5	`server`
		ced1f5
		ced1f5	`* Tue Feb 6 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-16`
		ced1f5	`- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile`
		ced1f5	`with no specific host/hostgroup set`
		ced1f5	`- Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser`
		ced1f5	`- Related: rhbz#1327705 - [RFE] Automatic creation of user private groups`
		ced1f5	`on RHEL clients joined to AD via sssd [RHEL 7]`
		ced1f5
		ced1f5	`* Wed Jan 24 2018 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-15`
		ced1f5	`- Resolves: rhbz#1517971 - AD Domain goes offline immediately during`
		ced1f5	`subdomain initialization - IPA AD Trust`
		ced1f5	`- Related: rhbz#1482555 - sysdb index improvements - missing ghost`
		ced1f5	`attribute indexing, unneeded objectclass index`
		ced1f5	`etc..`
		ced1f5	`- Related: rhbz#1327705 - [RFE] Automatic creation of user private groups`
		ced1f5	`on RHEL clients joined to AD via sssd [RHEL 7]`
		ced1f5	`- Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with`
		ced1f5	`gidNumber = 0`
		ced1f5	`- Related: rhbz#1461899 - Loading enterprise principals doesn't work with`
		ced1f5	`a primed cache`
		ced1f5	`- Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker`
		ced1f5	`threads`
		ced1f5
		ced1f5	`* Fri Dec 15 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-14`
		ced1f5	`- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert`
		ced1f5
		ced1f5	`* Thu Dec 14 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-13`
		ced1f5	`- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert`
		ced1f5	`on smart card`
		ced1f5
		ced1f5	`* Mon Dec 11 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-12`
		ced1f5	`- Resolves: rhbz#1512027 - NSS by-id requests are not checked against`
		976a3f	`max_id/min_id ranges before triggering the`
		ced1f5	`backend`
		ced1f5
		ced1f5	`* Fri Dec 08 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-11`
		ced1f5	`- Related: rhbz#1507614 - Improve Smartcard integration if multiple`
		ced1f5	`certificates or multiple mapped identities are`
		ced1f5	`available`
		ced1f5	`- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked`
		ced1f5	`cert on smart card`
		ced1f5	`- Resolves: rhbz#1520984 - getent output is not showing home directory`
		ced1f5	`for IPA AD trusted user`
		ced1f5	`- Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker`
		ced1f5	`threads`
		ced1f5
		ced1f5	`* Wed Dec 06 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-10`
		ced1f5	`- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for`
		ced1f5	`gidnumber lookup, resulting in unacceptable`
		ced1f5	`delay for large forests`
		ced1f5
		ced1f5	`* Fri Dec 01 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-9`
		ced1f5	`- Resolves: rhbz#1482231 - sssd_nss consumes more memory until`
		ced1f5	`restarted or machine swaps`
		ced1f5	`- Resolves: rhbz#1512508 - SSSD fails to fetch group information after`
		ced1f5	`switching IPA client to a non-default view`
		ced1f5
		ced1f5	`* Thu Nov 30 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-8`
		ced1f5	`- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache`
		ced1f5	`and logging error in /var/log/messages and`
		ced1f5	`/var/log/sssd/sssd_nss.log`
		ced1f5
		ced1f5	`* Mon Nov 27 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-7`
		ced1f5	`- Resolves: rhbz#1272214 - [RFE] Create a local per system report about`
		ced1f5	`who can access that IDM client (attestation)`
		ced1f5	`- Resolves: rhbz#1482555 - sysdb index improvements - missing ghost`
		ced1f5	`attribute indexing, unneeded objectclass index`
		ced1f5	`etc..`
		ced1f5	`- Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be`
		ced1f5	`hog the cpu for a long time.`
		ced1f5	`- Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk`
		ced1f5	`calls`
		ced1f5	`- Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release`
		ced1f5
		ced1f5	`* Tue Nov 14 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-6`
		ced1f5	`- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different`
		ced1f5	`- Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in`
		ced1f5	`/etc/systemd/system`
		ced1f5	`- Related: rhbz#1507614 - Improve Smartcard integration if multiple`
		ced1f5	`certificates or multiple mapped identities are`
		ced1f5	`available`
		ced1f5
		ced1f5	`* Mon Nov 13 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-5`
		ced1f5	`- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple`
		ced1f5	`certificates or multiple mapped identities are`
		ced1f5	`available`
		ced1f5	`- Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when`
		ced1f5	`searching in local cache database [rhel-7.5]`
		ced1f5	`- Resolves: rhbz#1408294 - SSSD authentication fails when two IPA`
		ced1f5	`accounts share an email address without a`
		ced1f5	`clear way to debug the problem`
		ced1f5	`- Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in`
		ced1f5	`nss_setnetgrent_timeout`
		ced1f5
		ced1f5	`* Sun Nov 12 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-4`
		ced1f5	`- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different`
		ced1f5	`- Related: rhbz#1459609 - When sssd is configured with id_provider proxy`
		ced1f5	`and auth_provider ldap, login fails if the LDAP`
		ced1f5	`server is not allowing anonymous binds.`
		ced1f5
		ced1f5	`* Mon Nov 06 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-3`
		ced1f5	`- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker`
		ced1f5	`threads`
		ced1f5
		ced1f5	`* Fri Nov 03 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-2`
		ced1f5	`- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to`
		ced1f5	`disable the memory cache`
		ced1f5	`- Resolves: rhbz#1327705 - Automatic creation of user private groups on`
		ced1f5	`RHEL clients joined to AD via sssd [RHEL 7]`
		ced1f5	`- Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain`
		ecf709	`list and a request that is using the list can`
		ced1f5	`cause a segfault is sssd_nss`
		ced1f5	`- Resolves: rhbz#1462343 - document information on why SSSD does not use`
		ced1f5	`host-based security filtering when processing`
		ced1f5	`AD GPOs`
		ced1f5	`- Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after`
		ced1f5	`completing full refresh of sudo rules`
		ced1f5	`- Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from`
		ced1f5	`first search`
		ced1f5	`- Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different`
		ced1f5	`- Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy`
		ced1f5	`and auth_provider ldap, login fails if the LDAP`
		ced1f5	`server is not allowing anonymous binds.`
		ced1f5
		ced1f5	`* Fri Oct 20 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.16.0-1`
		ced1f5	`- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+`
		ced1f5	`- Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local`
		ced1f5	`users whose sudo rules stored in ldap server`
		ced1f5	`- Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain`
		ced1f5	`is not reachable`
		ced1f5	`- Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default`
		ced1f5	`- Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact`
		ced1f5	`servers, goes offline`
		ced1f5	`- Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser`
		ced1f5	`- Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug`
		ced1f5	`_level, resulting in set_option():`
		ced1f5	`/usr/lib/python2.7/site-packages/SSSDConfig/__init__.py`
		ced1f5	`killed by TypeError`
		ced1f5	`- Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not`
		ced1f5	`allowed in section 'secrets'`
		ced1f5	`- Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid`
		ced1f5	`succession segfaults the secrets responder`
		ced1f5	`- Resolves: rhbz#1464049 - Idle nss file descriptors should be closed`
		ced1f5	`- Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules`
		ced1f5	`refresh`
		ced1f5	`- Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can`
		ced1f5	`mark the AD domain offline`
		ced1f5	`- Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4`
		ced1f5	`- Resolves: rhbz#1479983 - id root triggers an LDAP lookup`
		ced1f5	`- Resolves: rhbz#1489895 - Issues with certificate mapping rules`
		ced1f5	`- Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is`
		ced1f5	`the wrong section`
		ced1f5	`- Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if`
		ced1f5	`the output of trusted domains user resolution should`
		ced1f5	`be shortnames only`
		ced1f5	`- Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when`
		ced1f5	`searching in local cache database [rhel-7.5]`
		ced1f5	`- Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a`
		ced1f5	`primed cache`
		ced1f5	`- Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after`
		ced1f5	`applying ID Views for them in IPA server`
		ced1f5	`- Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping`
		ced1f5	`is applied`
		ced1f5	`- Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter.`
		ced1f5	`- Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD`
		ced1f5	`Trust object with parenthesis`
		ced1f5	`- Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0`
		ced1f5	`(1.1.30)`
		ced1f5	`- Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC`
		ced1f5	`responder`
		ced1f5	`- Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect`
		ced1f5	`mail with asterisks or spaces`
		ced1f5	`- Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri`
		ced1f5	`localname rules`
		ced1f5
		ced1f5	`* Tue Oct 17 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-51`
		ced1f5	`- Require the 7.5 libldb version which broke ABI`
		ced1f5	`- Related: rhbz#1469791 - Rebase SSSD to version 1.16+`
		ecf709
		ecf709	`* Wed Jun 21 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-50`
		ecf709	`- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly`
		ecf709	`connected to AD child domain`
		ecf709
		ecf709	`* Wed Jun 21 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-49`
		ecf709	`- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users`
		ecf709	`from trusted domains with the same name when`
		ecf709	`shortname user resolution is enabled`
		ecf709
		ecf709	`* Fri Jun 16 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-48`
		ecf709	`- Resolves: rhbz#1459846 - krb5: properly handle 'password expired'`
		ecf709	`information retured by the KDC during`
		ecf709	`PKINIT/Smartcard authentication`
		ecf709
		ecf709	`* Thu Jun 15 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-47`
		ecf709	`- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate`
		ecf709	`most of the entries once the cleanup task kicks in`
		ecf709
		ecf709	`* Thu Jun 15 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-46`
		ecf709	`- Resolves: rhbz#1455254 - Make domain available as user attribute`
		ecf709
		ecf709	`* Thu Jun 8 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-45`
		ecf709	`- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password`
		ecf709
		ecf709	`* Thu Jun 8 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-44`
		ecf709	`- Resolves: rhbz#1457927 - getent failed to fetch netgroup information`
		ecf709	`after changing default_domain_suffix to`
		ecf709	`ADdomin in /etc/sssd/sssd.conf`
		ecf709
		ecf709	`* Mon Jun 5 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-43`
		ecf709	`- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working`
		ecf709	`properly in v 1.15`
		ecf709
		ecf709	`* Mon Jun 5 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-42`
		ecf709	`- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master`
		ecf709
		ecf709	`* Mon Jun 5 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-41`
		ecf709	`- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to`
		ecf709	`IdM user and AD user`
		ecf709
		ecf709	`* Mon Jun 5 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-40`
		ecf709	`- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups`
		ecf709	`does not resolve groups into names with AD`
		ecf709
		ecf709	`* Thu Jun 1 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-39`
		ecf709	`- Resolves: rhbz#1450094 - Properly support IPA's promptusername config`
		ecf709	`option`
		ecf709
		ecf709	`* Thu Jun 1 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-38`
		ecf709	`- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in`
		ecf709	`sssd.conf due to an off-by-one error when`
		ecf709	`constructing the child send buffer`
		ecf709	`- Resolves: rhbz#1456531 - Option name typos are not detected with validator`
		ecf709	`function of sssctl config-check command in domain`
		ecf709	`sections`
		ecf709
		ecf709	`* Fri May 26 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-37`
		ecf709	`- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups`
		ecf709	`for an AD user in IPA-AD trust environment.`
		ecf709
		ecf709	`* Fri May 26 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-36`
		ecf709	`- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name`
		ecf709	`might fail`
		ecf709	`- Fix Coverity issues in patches for rhbz#1445445`
		ecf709
		ecf709	`* Wed May 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-35`
		ecf709	`- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to`
		ecf709	`IdM user and AD user`
		ecf709
		ecf709	`* Wed May 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-34`
		ecf709	`- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition`
		ecf709	`between two concurrent requests`
		ecf709
		ecf709	`* Tue May 23 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-33`
		ecf709	`- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail`
		ecf709
		ecf709	`* Tue May 23 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-32`
		ecf709	`- Resolves: rhbz#1306707 - Need better debug message when krb5_child`
		ecf709	`returns an unhandled error, leading to a`
		ecf709	`System Error PAM code`
		ecf709
		ecf709	`* Mon May 22 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-31`
		ecf709	`- Resolves: rhbz#1446535 - Group resolution does not work in subdomain`
		ecf709	`without ad_server option`
		ecf709
		ecf709	`* Wed May 17 2017 Sumit Bose <sbose@redhat.com> - 1.15.2-30`
		ecf709	`- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from`
		ecf709	`multiple domains`
		ecf709	`- Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by`
		ecf709	`certificate`
		ecf709	`- Additional patch for rhbz#1440132`
		ecf709
		ecf709	`* Thu May 11 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-29`
		ecf709	`- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient`
		ecf709	`- Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4`
		ecf709	`- Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64)`
		ecf709	`scriptlet failed, exit status 3`
		ecf709
		ecf709	`* Thu May 11 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-28`
		ecf709	`- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working`
		ecf709	`properly in v 1.15`
		ecf709	`- Also apply an additional patch for rhbz#1441545`
		ecf709
		ecf709	`* Thu May 4 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-25`
		ecf709	`- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to`
		ecf709	`IdM user and AD user`
		ecf709
		ecf709	`* Wed May 3 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-24`
		ecf709	`- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain`
		ecf709	`with ad_access_filter`
		ecf709
		ecf709	`* Wed May 3 2017 Lukas Slebodnik <lslebodn@redhat.com> - 1.15.2-23`
		ecf709	`- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and`
		ecf709	`sss_ssh_knownhostsproxy manuals to be packaged`
		ecf709	`into sssd-common package`
		ecf709
		ecf709	`* Tue May 2 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-22`
		ecf709	`- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains`
		ecf709	`for group-by-GID requests, causing unnecessary`
		ecf709	`searches`
		ecf709
		ecf709	`* Tue May 2 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-21`
		ecf709	`- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not`
		ecf709	`return the users with overrides`
		ecf709
		ecf709	`* Tue May 2 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-20`
		ecf709	`- Resolves: rhbz#1441545 - With multiple subdomain sections id command`
		ecf709	`output for user is not displayed for both domains`
		ecf709
		ecf709	`* Tue May 2 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-19`
		ecf709	`- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option`
		ecf709	`in sssd.conf causes nameservice lookups to fail.`
		ecf709
		ecf709	`* Tue May 2 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-18`
		ecf709	`- Remove an unused variable from the sssd-secrets responder`
		ecf709	`- Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http`
		ecf709	`- Improve two DEBUG messages in the client trust code to aid troubleshooting`
		ecf709	`- Fix standalone application domains`
		ecf709	`- Related: rhbz#1425891 - Support delivering non-POSIX users and groups`
		ecf709	`through the IFP and PAM interfaces`
		ecf709
		ecf709	`* Wed Apr 26 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-17`
		ecf709	`- Allow completely server-side unqualified name resolution if the domain order is set,`
		ecf709	`do not require any client-side changes`
		ecf709	`- Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from`
		ecf709	`all domains when domain autodiscovery is used or when`
		ecf709	`IPA client resolves trusted AD domain users`
		ecf709
		ecf709	`* Mon Apr 24 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-16`
		ecf709	`- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate`
		ecf709	`group information for trusted AD users`
		ecf709
		ecf709	`* Thu Apr 13 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-15`
		ecf709	`- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long`
		ecf709	`host name`
		ecf709
		ecf709	`* Wed Apr 12 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-14`
		ecf709	`- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in`
		ecf709	`unprivileged container unless`
		ecf709	`selinux_provider = none is used`
		ecf709
		ecf709	`* Wed Apr 12 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-13`
		ecf709	`- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function():`
		ecf709	`/usr/libexec/sssd/sssd_pam killed by 6`
		ecf709
		ecf709	`* Tue Apr 11 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-12`
		ecf709	`- Resolves: rhbz#1432112 - sssctl config-check does not give any error`
		ecf709	`when default configuration file is not present`
		ecf709
		ecf709	`* Tue Apr 11 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-11`
		ecf709	`- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf():`
		ecf709	`/usr/libexec/sssd/sssd_be killed by 11`
		ecf709
		ecf709	`* Tue Apr 11 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-10`
		ecf709	`- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted`
		ecf709	`or machine swaps`
		ecf709
		ecf709	`* Mon Apr 10 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-9`
		ecf709	`- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a`
		ecf709	`failure is in SSSD or not when using layered`
		ecf709	`products like RH-SSO/CFME etc`
		ecf709
		ecf709	`* Thu Mar 30 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-8`
		ecf709	`- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http`
		ecf709
		ecf709	`* Thu Mar 30 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-7`
		ecf709	`- Fix off-by-one error in the KCM responder`
		ecf709	`- Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD`
		ecf709
		ecf709	`* Thu Mar 30 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-6`
		ecf709	`- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups`
		ecf709	`through the IFP and PAM interfaces`
		ecf709
		ecf709	`* Wed Mar 29 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-5`
		ecf709	`- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in`
		ecf709	`ssh respoder`
		ecf709
		ecf709	`* Wed Mar 29 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-4`
		ecf709	`- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for`
		ecf709	`users from all domains when domain autodiscovery`
		ecf709	`is used or when IPA client resolves trusted AD`
		ecf709	`domain users`
		ecf709	`- Also backport some buildtime fixes for the KCM responder`
		ecf709	`- Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD`
		ecf709
		ecf709	`* Mon Mar 27 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-3`
		ecf709	`- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD`
		ecf709
		ecf709	`* Thu Mar 23 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-2`
		ecf709	`- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for`
		ecf709	`authentication to distinct logon accounts`
		ecf709
		ecf709	`* Wed Mar 15 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.2-1`
		ecf709	`- Update to upstream 1.15.2`
		ecf709	`- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html`
		ecf709	`- Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict`
		ecf709	`entries`
		ecf709	`- Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones`
		ecf709	`are configured as non-secure and secure`
		ecf709	`- Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain`
		ecf709	`in the SSSD server mode`
		ecf709
		ecf709	`* Thu Mar 9 2017 Fabiano Fidêncio <fidencio@redhat.com> - 1.15.1-2`
		ecf709	`- Drop "NOUPSTREAM: Bundle http-parser" patch`
		ecf709	`Related: rhbz#1393819 - New package: http-parser`
		ecf709
		ecf709	`* Sat Mar 4 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.1-1`
		ecf709	`- Update to upstream 1.15.1`
		ecf709	`- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html`
		ecf709	`- Resolves: rhbz#1327085 - Don't prompt for password if there is already`
		ecf709	`one on the stack`
		ecf709	`- Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME`
		ecf709	`request aware of UPNs and aliases`
		ecf709	`- Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider`
		ecf709	`- Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page`
		ecf709	`- Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no`
		ecf709	`conversation function is provided by the`
		ecf709	`client app`
		ecf709	`- Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are`
		ecf709	`two user entries in an ldap role with the same`
		ecf709	`sudo user`
		ecf709	`- Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case`
		ecf709	`resulting in users unable to sign in`
		ecf709
		ecf709	`* Wed Feb 1 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.0-2`
		ecf709	`- Fix several packaging issues, notably the p11_child is no longer setuid`
		ecf709	`and the libwbclient used a wrong version number in the symlink`
		ecf709
		ecf709	`* Mon Jan 30 2017 Jakub Hrozek <jhrozek@redhat.com> - 1.15.0-1`
		ecf709	`- Update to upstream 1.15.0`
		ecf709	`- Resolves: rhbz#1393824 - Rebase SSSD to version 1.15`
		ecf709	`- Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL`
		ecf709	`- Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory`
		ecf709	`- Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is`
		ecf709	`writeable and readable at the same time`
		ecf709	`- Resolves: rhbz#1393085 - bz - ldap group names don't resolve after`
		ecf709	`upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0`
		ecf709	`- Resolves: rhbz#1392444 - sssd_be keeps crashing`
		ecf709	`- Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3`
		ecf709	`- Resolves: rhbz#1382602 - autofs map resolution doesn't work offline`
		ecf709	`- Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains`
		ecf709	`- Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page`
		ecf709	`- Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error`
		ecf709	`- Resolves: rhbz#1306707 - Need better handling of "Server not found in`
		ecf709	`Kerberos database"`
		ecf709	`- Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth`
		ecf709	`plugin config`
		ecf709
		ecf709	`* Mon Nov 7 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-46`
		ecf709	`- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check`
		ecf709
		ecf709	`* Mon Nov 7 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-45`
		ecf709	`- Resolves: rhbz#1378911 - No supplementary groups are resolved for users`
		ecf709	`in nested OUs when domain stanza differs from AD`
		ecf709	`domain`
		ecf709
		ecf709	`* Mon Nov 7 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-44`
		ecf709	`- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local`
		ecf709	`group with the AD provider when following AGGUDLP`
		ecf709	`group structure across domains`
		ecf709
		ecf709	`* Tue Sep 20 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-43`
		ecf709	`- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo`
		ecf709
		ecf709	`* Fri Sep 16 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-42`
		ecf709	`- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when`
		ecf709	`smartcard authentication is not enabled`
		ecf709
		ecf709	`* Wed Sep 14 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-41`
		ecf709	`- Resolves: rhbz#1373420 - sss_override fails to export`
		ecf709
		ecf709	`* Wed Sep 14 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-40`
		ecf709	`- Resolves: rhbz#1375299 - sss_groupshow <user> fails with error "No such`
		ecf709	`group in local domain. Printing groups only`
		ecf709	`allowed in local domain"`
		ecf709
		ecf709	`* Wed Sep 14 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-39`
		ecf709	`- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns`
		ecf709	`sizelimit exceeded`
		ecf709
		ecf709	`* Mon Sep 12 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-38`
		ecf709	`- Resolves: rhbz#1372753 - Access denied for user when access_provider =`
		ecf709	`krb5 is set in sssd.conf`
		ecf709
		ecf709	`* Mon Sep 12 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-37`
		ecf709	`- Resolves: rhbz#1373444 - unable to create group in sssd cache`
		ecf709	`- Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd`
		ecf709
		ecf709	`* Wed Sep 7 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-36`
		ecf709	`- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL`
		ecf709
		ecf709	`* Mon Sep 5 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-35`
		ecf709	`- Fix permissions for the private pipe directory`
		ecf709	`- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user`
		ecf709
		ecf709	`* Fri Sep 2 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-34`
		ecf709	`- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14`
		ecf709
		ecf709	`* Fri Sep 2 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-33`
		ecf709	`- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias`
		ecf709
		ecf709	`* Fri Sep 2 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-32`
		ecf709	`- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust`
		ecf709	`if the principal attribute doesn't exist on the`
		ecf709	`AD side`
		ecf709
		ecf709	`* Fri Aug 26 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-31`
		ecf709	`- Apply forgotten patch`
		ecf709	`- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias`
		ecf709	`- Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if`
		ecf709	`re-initializing the persistent cache`
		ecf709	`- Fix deleting non-existent secret`
		ecf709	`- Related: rhbz#1311056 - Add a Secrets as a Service component`
		ecf709
		ecf709	`* Fri Aug 26 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-30`
		ecf709	`- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user`
		ecf709
		ecf709	`* Fri Aug 26 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-29`
		ecf709	`- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias`
		ecf709
		ecf709	`* Fri Aug 26 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-28`
		ecf709	`- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards`
		ecf709	`after boot`
		ecf709
		ecf709	`* Fri Aug 19 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-27`
		ecf709	`- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs`
		ecf709	`contains mail`
		ecf709
		ecf709	`* Fri Aug 19 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-26`
		ecf709	`- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages`
		ecf709	`sssd-common and libsss_autofs`
		ecf709
		ecf709	`* Fri Aug 19 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-25`
		ecf709	`- Fix RPM scriptlet plumbing for the sssd-secrets responder`
		ecf709	`- Related: rhbz#1311056 - Add a Secrets as a Service component`
		ecf709
		ecf709	`* Wed Aug 17 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-24`
		ecf709	`- Add socket-activation plumbing for the sssd-secrets responder`
		ecf709	`- Related: rhbz#1311056 - Add a Secrets as a Service component`
		ecf709
		ecf709	`* Wed Aug 17 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-23`
		ecf709	`- Own the secrets directory`
		ecf709	`- Related: rhbz#1311056 - Add a Secrets as a Service component`
		ecf709
		ecf709	`* Wed Aug 17 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-22`
		ecf709	`- Resolves: rhbz#1268874 - Add an option to disable checking for trusted`
		ecf709	`domains in the subdomains provider`
		ecf709
		ecf709	`* Tue Aug 16 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-21`
		ecf709	`- Resolves: rhbz#1271280 - sssd stores and returns incorrect information`
		ecf709	`about empty netgroup (ldap-server: 389-ds)`
		ecf709
		ecf709	`* Tue Aug 16 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-20`
		ecf709	`- Resolves: rhbz#1290500 - [feat] command to manually list`
		ecf709	`fo_add_server_to_list information`
		ecf709
		ecf709	`* Tue Aug 16 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-19`
		ecf709	`- Add several small fixes related to the config API`
		ecf709	`- Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)`
		ecf709
		ecf709	`* Thu Aug 11 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-18`
		ecf709	`- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is`
		ecf709	`never created`
		ecf709
		ecf709	`* Wed Aug 10 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-17`
		ecf709	`- Fix regressions in the simple access provider`
		ecf709	`- Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used`
		ecf709	`with simple access provider`
		ecf709	`- Apply a number of specfile patches to better match the upstream spefile`
		ecf709	`- Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3`
		ecf709
		ecf709	`* Wed Aug 10 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-16`
		ecf709	`- Cherry-pick patches from upstream that fix several regressions`
		ecf709	`- Avoid checking local users in all cases`
		ecf709	`- Resolves: rhbz#1353951 - sssd_pam leaks file descriptors`
		ecf709
		ecf709	`* Mon Aug 8 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-15`
		ecf709	`- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function():`
		ecf709	`/usr/libexec/sssd/sssd_nss killed by 11`
		ecf709	`- Resolves: rhbz#1361563 - Wrong pam error code returned for password`
		ecf709	`change in offline mode`
		ecf709
		ecf709	`* Fri Jul 29 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-14`
		ecf709	`- Resolves: rhbz#1309745 - Support multiple principals for IPA users`
		ecf709
		ecf709	`* Fri Jul 29 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-13`
		ecf709	`- Resolves: rhbz#1304992 - Handle overriden name of members in the`
		ecf709	`memberUid attribute`
		ecf709
		ecf709	`* Wed Jul 27 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-12`
		ecf709	`- handle unresolvable sites more gracefully`
		ecf709	`- Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a`
		ecf709	`subdomain, not the root domain.`
		ecf709	`- fix compilation warnings in unit tests`
		ecf709
		ecf709	`* Wed Jul 27 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-11`
		ecf709	`- fix capaths output`
		ecf709	`- Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain`
		ecf709	`user logins across IPA - AD trust`
		ecf709	`- also fix Coverity issues in the secrets responder and suppress noisy`
		ecf709	`debug messages when setting the timestamp cache`
		ecf709
		ecf709	`* Tue Jul 19 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-10`
		ecf709	`- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information`
		ecf709
		ecf709	`* Tue Jul 19 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-9`
		ecf709	`- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not`
		ecf709	`visible unless rm -f /var/lib/sss/db/cache`
		ecf709
		ecf709	`* Mon Jul 18 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-8`
		ecf709	`- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains`
		ecf709
		ecf709	`* Thu Jul 14 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-7`
		ecf709	`- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send():`
		ecf709	`sssd_be killed by SIGSEGV`
		ecf709
		ecf709	`* Wed Jul 13 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-6`
		ecf709	`- Resolves: rhbz#1349882 - sssd does not work under non-root user`
		ecf709	`- Also cherry-pick a few patches from upstream to fix config schema`
		ecf709	`- Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)`
		ecf709
		ecf709	`* Wed Jul 13 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-5`
		ecf709	`- Sync a few minor patches from upstream`
		ecf709	`- Fix sssctl manpage`
		ecf709	`- Fix nss-tests unit test on big-endian machines`
		ecf709	`- Fix several issues in the config schema`
		ecf709	`- Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)`
		ecf709
		ecf709	`* Wed Jul 13 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-4`
		ecf709	`- Bundle http-parser`
		ecf709	`- Resolves: rhbz#1311056 - Add a Secrets as a Service component`
		ecf709
		ecf709	`* Tue Jul 12 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-3`
		ecf709	`- Sync a few minor patches from upstream`
		ecf709	`- Fix a failover issue`
		ecf709	`- Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on`
		ecf709	`searches that time out`
		ecf709
		ecf709	`* Mon Jul 11 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-2`
		ecf709	`- Explicitly BuildRequire newer ding-libs`
		ecf709	`- Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)`
		ecf709
		ecf709	`* Fri Jul 8 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0-1`
		ecf709	`- New upstream release 1.14.0`
		ecf709	`- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3`
		ecf709	`- Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload`
		ecf709	`- Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)`
		ecf709	`- Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults`
		ecf709	`- Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name`
		ecf709	`- Resolves: rhbz#1300663 - Improve sudo protocol to support configurations`
		ecf709	`with default_domain_suffix`
		ecf709	`- Resolves: rhbz#1312275 - Support authentication indicators from IPA`
		ecf709
		ecf709	`* Thu Jun 30 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0beta1-2`
		ecf709	`- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3`
		ecf709	`- Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf`
		ecf709	`- Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups`
		ecf709	`- Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview`
		ecf709	`- Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would`
		ecf709	`specify which server to update DNS with`
		ecf709	`- Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large`
		ecf709	`environments`
		ecf709	`- Resolves: rhbz#883886 - sssd: incorrect checks on length values during`
		ecf709	`packet decoding`
		ecf709	`- Resolves: rhbz#988207 - sssd does not detail which line in configuration`
		ecf709	`is invalid`
		ecf709	`- Resolves: rhbz#1007969 - sssd_cache does not remove have an option to`
		ecf709	`remove the sssd database`
		ecf709	`- Resolves: rhbz#1103249 - PAC responder needs much time to process large`
		ecf709	`group lists`
		ecf709	`- Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are`
		ecf709	`not resovable`
		ecf709	`- Resolves: rhbz#1269018 - Too much logging from sssd_be`
		ecf709	`- Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains`
		ecf709	`- Resolves: rhbz#1308935 - After removing certificate from user in IPA`
		ecf709	`and even after sss_cache, FindByCertificate`
		ecf709	`still finds the user`
		ecf709	`- Resolves: rhbz#1315766 - SSSD PAM module does not support multiple`
		ecf709	`password prompts (e.g. Password + Token) with sudo`
		ecf709	`- Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory`
		ecf709	`- Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb`
		ecf709	`sp 00007ffc7d66a3b0 error 4 in`
		ecf709	`libsss_ipa.so[7ff889fcf000+5d000]`
		ecf709
		ecf709	`* Mon Jun 20 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.14.0alpha-1`
		ecf709	`- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3`
		ecf709	`- The rebase includes fixes for the following bugzillas:`
		ecf709	`- Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema`
		ecf709	`- Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for`
		ecf709	`any AD domain`
		ecf709	`- Resolves: rhbz#1233200 - man sssd.conf should clarify details about`
		ecf709	`subdomain_inherit option.`
		ecf709	`- Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd`
		ecf709	`- Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding`
		ecf709	`--help flag to some commands`
		ecf709	`- Resolves: rhbz#1269512 - sss_override: memory violation`
		ecf709	`- Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used`
		ecf709	`and pam_strerror prints non-ASCII characters`
		ecf709	`- Resolves: rhbz#1283686 - groups get deleted from the cache`
		ecf709	`- Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View`
		ecf709	`- Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so`
		ecf709	`plug-in when resolving groups with many members`
		ecf709	`- Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record`
		ecf709	`- Resolves: rhbz#1294670 - Local users with local sudo rules causes`
		ecf709	`LDAP queries`
		ecf709	`- Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in`
		ecf709	`SSSD cache if user has no secondary groups anymore`
		ecf709	`- Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12`
		ecf709	`to 1.13`
		ecf709	`- Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root`
		ecf709	`- Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos`
		ecf709	`Host Keytabs`
		ecf709	`- Resolves: rhbz#1313014 - sssd is not closing sockets properly`
		ecf709	`- Resolves: rhbz#1318996 - SSSD does not fail over to next GC`
		ecf709	`- Resolves: rhbz#1327270 - local overrides: issues with sub-domain users`
		ecf709	`and mixed case names`
		ecf709	`- Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not`
		ecf709	`fail on lookup errors`
		ecf709
		ecf709	`* Tue May 24 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-50`
		ecf709	`- Build the PAC plugin with krb5-1.14`
		ecf709	`- Related: rhbz#1336688 - sssd tries to resolve global catalog servers`
		ecf709	`from AD forest sub-domains in AD-IPA trust setup`
		ecf709
		ecf709	`* Tue May 24 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-49`
		ecf709	`- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers`
		ecf709	`from AD forest sub-domains in AD-IPA trust setup`
		ecf709
		ecf709	`* Tue May 24 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-48`
		ecf709	`- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd`
		ecf709	`cache for much more than expected.`
		ecf709
		ecf709	`* Mon May 23 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-47`
		ecf709	`- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying`
		ecf709	`to retrieve non-existing netgroups`
		ecf709
		ecf709	`* Tue May 17 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-46`
		ecf709	`- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted`
		ecf709	`to AD user even if the user is disabled on AD.`
		ecf709
		ecf709	`* Tue May 17 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-45`
		ecf709	`- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a`
		ecf709	`trusted domain is requested`
		ecf709
		ecf709	`* Mon Apr 18 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-44`
		ecf709	`- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin`
		ecf709	`- More patches from upstream related to the memory leak`
		ecf709
		ecf709	`* Fri Apr 1 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-43`
		ecf709	`- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin`
		ecf709
		ecf709	`* Wed Feb 24 2016 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-42`
		ecf709	`- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships`
		ecf709	`of IPA groups during getgrnam and getgrgid`
		ecf709
		ecf709	`* Tue Nov 24 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-41`
		ecf709	`- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17`
		ecf709
		ecf709	`* Wed Oct 14 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-40`
		ecf709	`- Resolves: rhbz#1270827 - local overrides: don't contact server with`
		ecf709	`overridden name/id`
		ecf709
		ecf709	`* Wed Oct 7 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-39`
		ecf709	`- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step`
		ecf709
		ecf709	`* Wed Oct 7 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-38`
		ecf709	`- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.`
		ecf709
		ecf709	`* Wed Oct 7 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-37`
		ecf709	`- Resolves: rhbz#1267836 - PAM responder crashed if user was not set`
		ecf709
		ecf709	`* Wed Sep 30 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-36`
		ecf709	`- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on`
		ecf709	`uninitialised value`
		ecf709
		ecf709	`* Wed Sep 23 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-35`
		ecf709	`- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA`
		ecf709	`subdomain code`
		ecf709
		ecf709	`* Tue Sep 22 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-34`
		ecf709	`- Fix a Coverity warning in dyndns code`
		ecf709	`- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead`
		ecf709	`of processing other commands`
		ecf709	`* Tue Sep 22 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-33`
		ecf709	`- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead`
		ecf709	`of processing other commands`
		ecf709
		ecf709	`* Tue Sep 22 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-32`
		ecf709	`- Resolves: rhbz#1263735 - Could not resolve AD user from root domain`
		ecf709
		ecf709	`* Tue Sep 22 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-31`
		ecf709	`- Remove -d from sss_override manpage`
		ecf709	`- Related: rhbz#1259512 - sss_override : The local override user is not found`
		ecf709
		ecf709	`* Tue Sep 22 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-30`
		ecf709	`- Patches required for better handling of failover with one-way trusts`
		ecf709	`- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain`
		ecf709	`code`
		ecf709
		ecf709	`* Fri Sep 18 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-29`
		ecf709	`- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307`
		ecf709	`and ghost users`
		ecf709
		ecf709	`* Fri Sep 18 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-28`
		ecf709	`- Resolves: rhbz#1259512 - sss_override : The local override user is not found`
		ecf709
		ecf709	`* Fri Sep 18 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-27`
		ecf709	`- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code`
		ecf709
		ecf709	`* Tue Sep 1 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-26`
		ecf709	`- Resolves: rhbz#1256398 - sssd cannot resolve user names containing`
		ecf709	`backslash with ldap provider`
		ecf709
		ecf709	`* Tue Aug 25 2015 Martin Kosek <mkosek@redhat.com> - 1.13.0-25`
		ecf709	`- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug`
		ecf709	`but is not listed in the man page or in`
		ecf709	`the arguments help`
		ecf709
		ecf709	`* Thu Aug 20 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-24`
		ecf709	`- Resolves: rhbz#1254518 - Fix crash in nss responder`
		ecf709
		ecf709	`* Thu Aug 20 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-23`
		ecf709	`- Support import/export for local overrides`
		ecf709	`- Support FQDNs for local overrides`
		ecf709	`- Resolves: rhbz#1254184 - sss_override does not work correctly when`
		ecf709	`'use_fully_qualified_names = True'`
		ecf709
		ecf709	`* Tue Aug 18 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-22`
		ecf709	`- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to`
		ecf709	`other cache attributes`
		ecf709
		ecf709	`* Mon Aug 17 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-21`
		ecf709	`- Resolves: rhbz#1250415 - sssd: p11_child hardening`
		ecf709
		ecf709	`* Mon Aug 17 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-20`
		ecf709	`- Related: rhbz#1250135 - Detect re-established trusts in the IPA`
		ecf709	`subdomain code`
		ecf709
		ecf709	`* Mon Aug 17 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-19`
		ecf709	`- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC`
		ecf709	`identity certificates`
		ecf709
		ecf709	`* Mon Aug 17 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-18`
		ecf709	`- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected`
		ecf709
		ecf709	`* Mon Aug 17 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-17`
		ecf709	`- Fix wildcard_limit=0`
		ecf709	`- Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface`
		ecf709
		ecf709	`* Mon Aug 17 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-16`
		ecf709	`- Fix race condition in invalidating the memory cache`
		ecf709	`- Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups`
		ecf709
		ecf709	`* Mon Aug 17 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-15`
		ecf709	`- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo`
		ecf709	`enabled`
		ecf709
		ecf709	`* Thu Aug 6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-14`
		ecf709	`- Bump release number`
		ecf709	`- Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module`
		ecf709	`named pysss"`
		ecf709
		ecf709	`* Thu Aug 6 2015 Lukas Slebodnik <lslebodn@redhat.com> - 1.13.0-13`
		ecf709	`- Fix missing dependency of sssd-tools`
		ecf709	`- Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module`
		ecf709	`named pysss"`
		ecf709
		ecf709	`* Wed Aug 5 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-12`
		ecf709	`- More memory cache related fixes`
		ecf709	`- Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups`
		ecf709
		ecf709	`* Tue Aug 4 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-11`
		ecf709	`- Remove binary blob from SC patches as patch(1) can't handle those`
		ecf709	`- Related: rhbz#854396 - [RFE] Support for smart cards`
		ecf709
		ecf709	`* Tue Aug 4 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-10`
		ecf709	`- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client`
		ecf709	`prevents getpw*`
		ecf709
		ecf709	`* Tue Aug 4 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-9`
		ecf709	`- Fix memory cache integration tests`
		ecf709	`- Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups`
		ecf709	`- Resolves: rhbz#854396 - [RFE] Support for smart cards`
		ecf709
		ecf709	`* Tue Jul 28 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-8`
		ecf709	`- Remove OTP from PAM stack correctly`
		ecf709	`- Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when`
		ecf709	`user logs in with password and token code from IPA`
		ecf709	`- Handle sssd-owned keytabs when sssd runs as root`
		ecf709	`- Related: rhbz#1205144 - RFE: Support one-way trusts for IPA`
		ecf709
		ecf709	`* Mon Jul 27 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-7`
		ecf709	`- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients`
		ecf709
		ecf709	`* Fri Jul 24 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-6`
		ecf709	`- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support`
		ecf709	`- Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant`
		ecf709	`v6 in ipa domain`
		ecf709
		ecf709	`* Fri Jul 17 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-5`
		ecf709	`- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes`
		ecf709
		ecf709	`* Fri Jul 17 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-4`
		ecf709	`- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2`
		ecf709
		ecf709	`* Thu Jul 16 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-3`
		ecf709	`- Add support for InfoPipe wildcard requests`
		ecf709	`- Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface`
		ecf709
		ecf709	`* Mon Jul 6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-2`
		ecf709	`- Also package the initgr memcache`
		ecf709	`- Related: rhbz#1205554 - Rebase SSSD to 1.13.x`
		ecf709
		ecf709	`* Mon Jul 6 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0-1`
		ecf709	`- Rebase to 1.13.0 upstream`
		ecf709	`- Related: rhbz#1205554 - Rebase SSSD to 1.13.x`
		ecf709	`- Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD`
		ecf709	`- Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups`
		ecf709
		ecf709	`* Wed Jul 1 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0.3alpha`
		ecf709	`- Don't default to SSSD user`
		ecf709	`- Related: rhbz#1205554 - Rebase SSSD to 1.13.x`
		ecf709
		ecf709	`* Tue Jun 23 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0.2alpha`
		ecf709	`- Related: rhbz#1205554 - Rebase SSSD to 1.13.x`
		ecf709	`- GPO default should be permissve`
		ecf709
		ecf709	`* Mon Jun 22 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.13.0.1alpha`
		ecf709	`- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x`
		ecf709	`- Relax the libldb requirement`
		ecf709	`- Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in`
		ecf709	`libtevent.so.0.9.21`
		ecf709	`- Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to`
		ecf709	`binary SIDs`
		ecf709	`- Resolves: rhbz#1219285 - Unable to resolve group memberships for AD`
		ecf709	`users when using sssd-1.12.2-58.el7_1.6.x86_64`
		ecf709	`client in combination with`
		ecf709	`ipa-server-3.0.0-42.el6.x86_64 with AD Trust`
		ecf709	`- Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers`
		ecf709	`- Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains`
		ecf709	`- Resolves: rhbz#1217127 - Override for IPA users with login does not list`
		ecf709	`user all groups`
		ecf709	`- Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix`
		ecf709	`and use_fully_qualified_names set`
		ecf709	`- Resolves: rhbz#1214719 - Group resolution is inconsistent with group`
		ecf709	`overrides`
		ecf709	`- Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers`
		ecf709	`group membership resolution`
		ecf709	`- Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name`
		ecf709	`does not work`
		ecf709	`- Resolves: rhbz#1214337 - Overrides with --login work in second attempt`
		ecf709	`- Resolves: rhbz#1212489 - Disable the cleanup task by default`
		ecf709	`- Resolves: rhbz#1211830 - external users do not resolve with`
		ecf709	`"default_domain_suffix" set in IPA server sssd.conf`
		ecf709	`- Resolves: rhbz#1210854 - Only set the selinux context if the context`
		ecf709	`differs from the local one`
		ecf709	`- Resolves: rhbz#1209483 - When using id_provider=proxy with`
		ecf709	`auth_provider=ldap, it does not work as expected`
		ecf709	`- Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management`
		ecf709	`Editor naming for some policies but not for all`
		ecf709	`- Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters`
		ecf709	`- Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface`
		ecf709	`- Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if`
		ecf709	`the IPA domain differs from machine hostname's`
		ecf709	`domain`
		ecf709	`- Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix`
		ecf709	`when checking for host keys`
		ecf709	`- Resolves: rhbz#1204203 - sssd crashes intermittently`
		ecf709	`- Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because`
		ecf709	`sss is written in nsswitch.conf as default`
		ecf709	`- Resolves: rhbz#1203642 - GPO access control looks for computer object`
		ecf709	`in user's domain only`
		ecf709	`- Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough`
		ecf709	`with broken replication entries`
		ecf709	`- Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by`
		ecf709	`UPN and doesn't find anything`
		ecf709	`- Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when`
		ecf709	`user logs in with password and token code from IPA`
		ecf709	`- Resolves: rhbz#1199541 - Read and use the TTL value when resolving a`
		ecf709	`SRV query`
		ecf709	`- Resolves: rhbz#1199533 - [RFE] Implement background refresh for users,`
		ecf709	`groups or other cache objects`
		ecf709	`- Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute`
		ecf709	`for group name?`
		ecf709	`- Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error`
		ecf709	`- Resolves: rhbz#1187103 - [RFE] User's home directories are not taken`
		ecf709	`from AD when there is an IPA trust with AD`
		ecf709	`- Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set`
		ecf709	`to AD domain, IPA user are not able to log unless`
		ecf709	`use_fully_qualified_names is set`
		ecf709	`- Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when`
		ecf709	`account naturally expires`
		ecf709	`- Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option:`
		ecf709	`kerberos discovery is not using this option`
		ecf709	`- Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due`
		ecf709	`to missing or invalid keytab`
		ecf709
		ecf709	`* Wed Apr 22 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-61`
		ecf709	`- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID`
		ecf709
		ecf709	`* Wed Apr 22 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-60`
		ecf709	`- Filter out domain-local groups during AD initgroups operation`
		ecf709	`- Related: rhbz#1201840 - SSSD downloads too much information when fetching`
		ecf709	`information about groups`
		ecf709
		ecf709	`* Wed Apr 22 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-59`
		ecf709	`- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching`
		ecf709	`information about groups`
		ecf709
		ecf709	`* Thu Mar 19 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-58.6`
		ecf709	`- Initialize variable in the views code in one success and one failure path`
		ecf709	`- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD`
		ecf709	`trusted domain) client at`
		ecf709	`src/providers/ipa/ipa_s2n_exop.c:1605`
		ecf709
		ecf709	`* Tue Mar 17 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-58.5`
		ecf709	`- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD`
		ecf709	`trusted domain) client at`
		ecf709	`src/providers/ipa/ipa_s2n_exop.c:1605`
		ecf709
		ecf709	`* Tue Mar 17 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-58.4`
		ecf709	`- Handle case where there is no default and no rules`
		ecf709	`- Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security`
		ecf709	`context on client is staff_u`
		ecf709
		ecf709	`* Thu Mar 5 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-58.3`
		ecf709	`- Set a pointer in ldap_child to NULL to avoid warnings`
		ecf709	`- Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error`
		ecf709
		ecf709	`* Thu Mar 5 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-58.2`
		ecf709	`- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security`
		ecf709	`context on client is staff_u`
		ecf709
		ecf709	`* Thu Mar 5 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-58.1`
		ecf709	`- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error`
		ecf709
		ecf709	`* Tue Feb 3 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-57`
		ecf709	`- Run the restart in sssd-common posttrans`
		ecf709	`- Explicitly require libwbclient`
		ecf709	`- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade`
		ecf709
		ecf709	`* Fri Jan 30 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-56`
		ecf709	`- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade`
		ecf709
		ecf709	`* Fri Jan 30 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-55`
		ecf709	`- Fix endianess bug in fill_id()`
		ecf709	`- Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares`
		ecf709
		ecf709	`* Fri Jan 30 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-54`
		ecf709	`- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view`
		ecf709
		ecf709	`* Fri Jan 30 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-53`
		ecf709	`- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in`
		ecf709	`non-default view`
		ecf709
		ecf709	`* Tue Jan 27 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-52`
		ecf709	`- Resolves: rhbz#1184982 - Need to set different umask in selinux_child`
		ecf709
		ecf709	`* Tue Jan 27 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-51`
		ecf709	`- Bump the release number`
		ecf709	`- Related: rhbz#1184140 - Users saved throug extop don't have the`
		ecf709	`originalMemberOf attribute`
		ecf709
		ecf709	`* Tue Jan 27 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-50`
		ecf709	`- Add a patch dependency`
		ecf709	`- Related: rhbz#1184140 - Users saved throug extop don't have the`
		ecf709	`originalMemberOf attribute`
		ecf709
		ecf709	`* Tue Jan 27 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-49`
		ecf709	`- Process ghost members only once`
		ecf709	`- Fix processing of universal groups with members from different domains`
		ecf709	`- Related: rhbz#1168904 - gid is overridden by uid in default trust view`
		ecf709
		ecf709	`* Tue Jan 27 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-48`
		ecf709	`- Related: rhbz#1184140 - Users saved throug extop don't have the`
		ecf709	`originalMemberOf attribute`
		ecf709
		ecf709	`* Fri Jan 23 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-47`
		ecf709	`- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved`
		ecf709
		ecf709	`* Fri Jan 23 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-46`
		ecf709	`- Handle GID override in MPG domains`
		ecf709	`- Handle views with mixed-case domains`
		ecf709	`- Related: rhbz#1168904 - gid is overridden by uid in default trust view`
		ecf709
		ecf709	`* Wed Jan 21 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-45`
		ecf709	`- Open socket to the PAC responder in krb5_child before dropping root`
		ecf709	`- Related: rhbz#1184140 - Users saved throug extop don't have the`
		ecf709	`originalMemberOf attribute`
		ecf709
		ecf709	`* Tue Jan 20 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-44`
		ecf709	`- Resolves: rhbz#1184140 - Users saved throug extop don't have the`
		ecf709	`originalMemberOf attribute`
		ecf709
		ecf709	`* Mon Jan 19 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-43`
		ecf709	`- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with`
		ecf709	`user from AD`
		ecf709
		ecf709	`* Wed Jan 14 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-42`
		ecf709	`- Resolves: rhbz#889206 - On clock skew sssd returns system error`
		ecf709
		ecf709	`* Wed Jan 14 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-41`
		ecf709	`- Related: rhbz#1168904 - gid is overridden by uid in default trust view`
		ecf709
		ecf709	`* Tue Jan 13 2015 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-40`
		ecf709	`- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf`
		ecf709	`- Related: rhbz#1168904 - gid is overridden by uid in default trust view`
		ecf709
		ecf709	`* Fri Dec 19 2014 Sumit Bose <sbose@redhat.com> - 1.12.2-39`
		ecf709	`- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow`
		ecf709	`rules are used`
		ecf709	`- Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes`
		ecf709	`crash in wbinfo`
		ecf709	`- in addition to the patch libwbclient.so is`
		ecf709	`filtered out of the Provides list of the package`
		ecf709
		ecf709	`* Wed Dec 17 2014 Sumit Bose <sbose@redhat.com> - 1.12.2-38`
		ecf709	`- Resolves: rhbz#1171215 - Crash in function get_object_from_cache`
		ecf709	`- Resolves: rhbz#1171383 - getent fails for posix group with AD users after`
		ecf709	`login`
		ecf709	`- Resolves: rhbz#1171382 - getent of AD universal group fails after group users`
		ecf709	`login`
		ecf709	`- Resolves: rhbz#1170300 - Access is not rejected for disabled domain`
		ecf709	`- Resolves: rhbz#1162486 - Error processing external groups with`
		ecf709	`getgrnam/getgrgid in the server mode`
		ecf709	`- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view`
		ecf709
		ecf709	`* Wed Dec 17 2014 Sumit Bose <sbose@redhat.com> - 1.12.2-37`
		ecf709	`- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC`
		ecf709	`Policies are unclear`
		ecf709	`- Related: rhbz#1113783 - sssd should run under unprivileged user`
		ecf709
		ecf709	`* Mon Dec 15 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-35`
		ecf709	`- Rebuild to add several forgotten Patch entries`
		ecf709	`- Resolves: rhbz#1173482 - MAN: Document that only user names are checked`
		ecf709	`for pam_trusted_users`
		ecf709	`- Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail`
		ecf709	`when domains=<emtpy value>`
		ecf709
		ecf709	`* Sun Dec 14 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-35`
		ecf709	`- Remove Coverity warnings in krb5_child code`
		ecf709	`- Related: rhbz#1113783 - sssd should run under unprivileged user`
		ecf709
		ecf709	`* Sat Dec 13 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-34`
		ecf709	`- Resolves: rhbz#1173482 - MAN: Document that only user names are checked`
		ecf709	`for pam_trusted_users`
		ecf709	`- Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail`
		ecf709	`when domains=<emtpy value>`
		ecf709
		ecf709	`* Sat Dec 13 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-33`
		ecf709	`- Don't error out on chpass with OTPs`
		ecf709	`- Related: rhbz#1109756 - Rebase SSSD to 1.12`
		ecf709
		ecf709	`* Mon Dec 8 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-32`
		ecf709	`- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss`
		ecf709	`is written in nsswitch.conf as default.`
		ecf709
		ecf709	`* Mon Dec 8 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-31`
		ecf709	`- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted`
		ecf709	`AD users`
		ecf709	`- Enable running unit tests without cmocka`
		ecf709	`- Related: rhbz#1113783 - sssd should run under unprivileged user`
		ecf709
		ecf709	`* Wed Dec 3 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-30`
		ecf709	`- krb5_child and ldap_child do not call Kerberos calls as root`
		ecf709	`- Related: rhbz#1113783 - sssd should run under unprivileged user`
		ecf709
		ecf709	`* Wed Dec 3 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-29`
		ecf709	`- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware`
		ecf709
		ecf709	`* Wed Nov 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-28`
		ecf709	`- Fix typo in libwbclient-devel alternatives invocation`
		ecf709	`- Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares`
		ecf709
		ecf709	`* Wed Nov 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-27`
		ecf709	`- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from`
		ecf709	`the same domain are allowed to auth.`
		ecf709
		ecf709	`* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-26`
		ecf709	`- Handle migrating clients between views`
		ecf709	`- Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync`
		ecf709	`solution to the trust solution`
		ecf709
		ecf709	`* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-25`
		ecf709	`- Use alternatives for libwbclient`
		ecf709	`- Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares`
		ecf709
		ecf709	`* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-24`
		ecf709	`- Resolves: rhbz#1165794 - sssd does not work with custom value of option`
		ecf709	`re_expression`
		ecf709
		ecf709	`* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-23`
		ecf709	`- Add an option that describes where to put generated krb5 files to`
		ecf709	`- Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12`
		ecf709
		ecf709	`* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-22`
		ecf709	`- Handle IPA group names returned from the extop plugin`
		ecf709	`- Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync`
		ecf709	`solution to the trust solution`
		ecf709
		ecf709	`* Tue Nov 25 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-21`
		ecf709	`- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header`
		ecf709
		ecf709	`* Thu Nov 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-20`
		ecf709	`- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds`
		ecf709	`= true" do not work after enabling journald`
		ecf709	`with sssd.`
		ecf709
		ecf709	`* Thu Nov 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-19`
		ecf709	`- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving`
		ecf709	`is incomplete`
		ecf709
		ecf709	`* Thu Nov 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-18`
		ecf709	`- Support views for IPA users`
		ecf709	`- Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync`
		ecf709	`solution to the trust solution`
		ecf709
		ecf709	`* Thu Nov 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-17`
		ecf709	`- Update man page to clarify TGs should be disabled with a custom search base`
		ecf709	`- Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases`
		ecf709
		ecf709	`* Wed Nov 19 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-16`
		ecf709	`- Use upstreamed patches for the rootless sssd`
		ecf709	`- Related: rhbz#1113783 - sssd should run under unprivileged user`
		ecf709
		ecf709	`* Wed Nov 19 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-15`
		ecf709	`- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive`
		ecf709	`users and groups with case_sensitive=preserving`
		ecf709
		ecf709	`* Wed Nov 19 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-14`
		ecf709	`- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases`
		ecf709
		ecf709	`* Wed Nov 19 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-13`
		ecf709	`- Resolves: rhbz#1162480 - dereferencing failure against openldap server`
		ecf709
		ecf709	`* Wed Nov 12 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-12`
		ecf709	`- Move adding the user from pretrans to pre, copy adding the user to`
		ecf709	`sssd-krb5-common and sssd-ipa as well in order to work around yum`
		ecf709	`ordering issue`
		ecf709	`- Related: rhbz#1113783 - sssd should run under unprivileged user`
		ecf709
		ecf709	`* Tue Nov 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-11`
		ecf709	`- Resolves: rhbz#1113783 - sssd should run under unprivileged user`
		ecf709
		ecf709	`* Fri Nov 7 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-10`
		ecf709	`- Fix two regressions in the new selinux_child process`
		ecf709	`- Related: rhbz#1113783 - sssd should run under unprivileged user`
		ecf709	`- Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used`
		ecf709
		ecf709	`* Wed Nov 5 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-9`
		ecf709	`- Include the ldap_child and selinux_child patches for rootless sssd`
		ecf709	`- Related: rhbz#1113783 - sssd should run under unprivileged user`
		ecf709
		ecf709	`* Wed Nov 5 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-8`
		ecf709	`- Support overriding SSH public keys with views`
		ecf709	`- Support extended attributes via the extop plugin`
		ecf709	`- Related: rhbz#1109756 - Rebase SSSD to 1.12`
		ecf709	`- Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask`
		ecf709	`refresh is enabled`
		ecf709
		ecf709	`* Thu Oct 30 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-7`
		ecf709	`- Resolves: rhbz#1153518 - service lookups returned in lowercase with`
		ecf709	`case_sensitive=preserving`
		ecf709	`- Resolves: rhbz#1158809 - Enumeration shows only a single group multiple`
		ecf709	`times`
		ecf709
		ecf709	`* Wed Oct 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-6`
		ecf709	`- Include the responder and packaging patches for rootless sssd`
		ecf709	`- Related: rhbz#1113783 - sssd should run under unprivileged user`
		ecf709
		ecf709	`* Wed Oct 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-5`
		ecf709	`- Amend the sssd-ldap man page with info about lockout setup`
		ecf709	`- Related: rhbz#1109756 - Rebase SSSD to 1.12`
		ecf709	`- Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD`
		ecf709	`- Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)`
		ecf709
		ecf709	`* Wed Oct 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-4`
		ecf709	`- Fix regressions caused by views patches when SSSD is connected to a`
		ecf709	`pre-4.0 IPA server`
		ecf709	`- Related: rhbz#1109756 - Rebase SSSD to 1.12`
		ecf709
		ecf709	`* Wed Oct 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-3`
		ecf709	`- Add the low-level server changes for running as unprivileged user`
		ecf709	`- Package the libsss_semange library needed for SELinux label changes`
		ecf709	`- Related: rhbz#1113783 - sssd should run under unprivileged user`
		ecf709	`- Resolves: rhbz#1113784 - sssd should audit selinux user map changes`
		ecf709
		ecf709	`* Wed Oct 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-2`
		ecf709	`- Use libsemanage for SELinux label changes`
		ecf709	`- Resolves: rhbz#1113784 - sssd should audit selinux user map changes`
		ecf709
		ecf709	`* Mon Oct 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.2-1`
		ecf709	`- Rebase SSSD to 1.12.2`
		ecf709	`- Related: rhbz#1109756 - Rebase SSSD to 1.12`
		ecf709
		ecf709	`* Thu Oct 09 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-2`
		ecf709	`- Sync with upstream`
		ecf709	`- Related: rhbz#1109756 - Rebase SSSD to 1.12`
		ecf709
		ecf709	`* Thu Sep 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-1`
		ecf709	`- Rebuild against ding-libs with fixed SONAME`
		ecf709	`- Related: rhbz#1109756 - Rebase SSSD to 1.12`
		ecf709
		ecf709	`* Tue Sep 9 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.1-1`
		ecf709	`- Rebase SSSD to 1.12.1`
		ecf709	`- Related: rhbz#1109756 - Rebase SSSD to 1.12`
		ecf709
		ecf709	`* Fri Sep 05 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-3`
		ecf709	`- Require ldb 2.1.17`
		ecf709	`- Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer`
		ecf709
		ecf709	`* Fri Aug 08 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-2`
		ecf709	`- Fix fully qualified IFP lookups`
		ecf709	`- Related: rhbz#1109756 - Rebase SSSD to 1.12`
		ecf709
		ecf709	`* Thu Jul 24 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.12.0-1`
		ecf709	`- Rebase SSSD to 1.12.0`
		ecf709	`- Related: rhbz#1109756 - Rebase SSSD to 1.12`
		ecf709
		ecf709	`* Wed May 21 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-70`
		ecf709	`- Squash in upstream review comments about the PAC patch`
		ecf709	`- Related: rhbz#1097286 - Expanding home directory fails when the request`
		ecf709	`comes from the PAC responder`
		ecf709
		ecf709	`* Tue May 13 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-69`
		ecf709	`- Backport a patch to allow krb5-utils-test to run as root`
		ecf709	`- Related: rhbz#1097286 - Expanding home directory fails when the request`
		ecf709	`comes from the PAC responder`
		ecf709
		ecf709	`* Tue May 13 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-68`
		ecf709	`- Resolves: rhbz#1097286 - Expanding home directory fails when the request`
		ecf709	`comes from the PAC responder`
		ecf709
		ecf709	`* Tue May 13 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-67`
		ecf709	`- Fix a DEBUG message, backport two related fixes`
		ecf709	`- Related: rhbz#1090653 - segfault in sssd_be when second domain tree`
		ecf709	`users are queried while joined to child domain`
		ecf709
		ecf709	`* Tue May 13 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-66`
		ecf709	`- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree`
		ecf709	`users are queried while joined to child domain`
		ecf709
		ecf709	`* Wed Apr 02 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-65`
		ecf709	`- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always`
		ecf709	`matching`
		ecf709
		ecf709	`* Wed Apr 02 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-64`
		ecf709	`- Resolves: rhbz#1077328 - other subdomains are unavailable when joined`
		ecf709	`to a subdomain in the ad forest`
		ecf709
		ecf709	`* Wed Mar 26 2014 Sumit Bose <sbose@redhat.com> - 1.11.2-63`
		ecf709	`- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing`
		ecf709	`netgroup`
		ecf709
		ecf709	`* Wed Mar 26 2014 Sumit Bose <sbose@redhat.com> - 1.11.2-62`
		ecf709	`- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success`
		ecf709
		ecf709	`* Fri Mar 21 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-61`
		ecf709	`- Resolves: rhbz#1078840 - Error during password change`
		ecf709
		ecf709	`* Thu Mar 13 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-60`
		ecf709	`- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file`
		ecf709	`with format expected by pam_selinux`
		ecf709
		ecf709	`* Wed Mar 12 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-59`
		ecf709	`- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA`
		ecf709	`password migration`
		ecf709
		ecf709	`* Tue Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-58`
		ecf709	`- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong`
		ecf709	`sysdb subdir when a trusted user logs in`
		ecf709
		ecf709	`* Tue Mar 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-57`
		ecf709	`- Related: rhbz#1066096 - not retrieving homedirs of AD users with`
		ecf709	`posix attributes`
		ecf709
		ecf709	`* Mon Mar 10 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-56`
		ecf709	`- Related: rhbz#1072995 - AD group inconsistency when using AD provider`
		ecf709	`in sssd-1.11-40`
		ecf709
		ecf709	`* Mon Mar 10 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-55`
		ecf709	`- Resolves: rhbz#1073631 - sssd fails to handle expired passwords`
		ecf709	`when OTP is used`
		ecf709
		ecf709	`* Tue Mar 04 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-54`
		ecf709	`- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA`
		ecf709	`correctly`
		ecf709
		ecf709	`* Tue Mar 04 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-53`
		ecf709	`- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name`
		ecf709	`component in home dir path`
		ecf709
		ecf709	`* Tue Mar 04 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-52`
		ecf709	`- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together`
		ecf709	`with the AD provider`
		ecf709
		ecf709	`* Wed Feb 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-51`
		ecf709	`- Fix idmap documentation`
		ecf709	`- Bump idmap version info`
		ecf709	`- Related: rhbz#1067361 - Check IPA idranges before saving them to the cache`
		ecf709
		ecf709	`* Wed Feb 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-50`
		ecf709	`- Pull some follow up man page fixes from upstream`
		ecf709	- Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared
		ecf709	`manually, if ID mapping configuration changes`
		ecf709	`- Related: rhbz#1064908 - MAN: Remove misleading memberof example from`
		ecf709	`ldap_access_filter example`
		ecf709
		ecf709	`* Wed Feb 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-49`
		ecf709	- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared
		ecf709	`manually, if ID mapping configuration changes`
		ecf709
		ecf709	`* Wed Feb 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-48`
		ecf709	`- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from`
		ecf709	`ldap_access_filter example`
		ecf709
		ecf709	`* Wed Feb 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-47`
		ecf709	`- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value`
		ecf709
		ecf709	`* Wed Feb 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-46`
		ecf709	`- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache`
		ecf709
		ecf709	`* Wed Feb 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-45`
		ecf709	`- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading`
		ecf709	`spaces`
		ecf709
		ecf709	`* Wed Feb 26 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-44`
		ecf709	`- Resolves: rhbz#1033069 - Configuring two different provider types might`
		ecf709	`start two parallel enumeration tasks`
		ecf709
		ecf709	`* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-43`
		ecf709	`- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send'`
		ecf709	`should be added to RHEL7`
		ecf709
		ecf709	`* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-42`
		ecf709	`- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default`
		ecf709
		ecf709	`* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-41`
		ecf709	`- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE`
		ecf709	`attribute when expiring users`
		ecf709
		ecf709	`* Wed Feb 12 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-40`
		ecf709	`- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes`
		ecf709	`have been replicated to the Global Catalog or not`
		ecf709
		ecf709	`* Wed Feb 12 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-39`
		ecf709	`- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be`
		ecf709	`configurable/use flatname by default`
		ecf709
		ecf709	`* Wed Feb 12 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-38`
		ecf709	`- Resolves: rhbz#1059753 - Warn with a user-friendly error message when`
		ecf709	`permissions on sssd.conf are incorrect`
		ecf709
		ecf709	`* Wed Jan 29 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-37`
		ecf709	`- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude`
		ecf709	`uidNumber in filter`
		ecf709
		ecf709	`* Wed Jan 29 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-36`
		ecf709	`- Resolves: rhbz#1059253 - Man page states default_shell option supersedes`
		ecf709	`other shell options but in fact override_shell does.`
		ecf709	`- Use the right domain for AD site resolution`
		ecf709	`- Related: rhbz#743503 - [RFE] sssd should support DNS sites`
		ecf709
		ecf709	`* Wed Jan 29 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-35`
		ecf709	`- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while`
		ecf709	`regular lookups connect to GC`
		ecf709
		ecf709	`* Wed Jan 29 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-34`
		ecf709	`- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd`
		ecf709	`sudoers plugin`
		ecf709
		ecf709	`* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 1.11.2-33`
		ecf709	`- Mass rebuild 2014-01-24`
		ecf709
		ecf709	`* Fri Jan 24 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-32`
		ecf709	`- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match`
		ecf709	`any configured idmap domain`
		ecf709
		ecf709	`* Fri Jan 24 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-31`
		ecf709	`- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud`
		ecf709	`DEBUG message in case Kerberos authentication`
		ecf709	`times out`
		ecf709
		ecf709	`* Wed Jan 22 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-30`
		ecf709	`- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude`
		ecf709	`uidNumber in filter`
		ecf709
		ecf709	`* Mon Jan 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-29`
		ecf709	`- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when`
		ecf709	`ldap_search_base cannot be parsed.`
		ecf709	`- Fix a typo in the man page`
		ecf709	`- Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir`
		ecf709
		ecf709	`* Mon Jan 20 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-28`
		ecf709	`- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match`
		ecf709	`any configured idmap domain`
		ecf709	`- Fix return value when searching for AD domain flat names`
		ecf709	`- Resolves: rhbz#1048102 - Access denied for users from gc domain when`
		ecf709	`using format DOMAIN\user`
		ecf709
		ecf709	`* Wed Jan 15 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-27`
		ecf709	`- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir`
		ecf709
		ecf709	`* Wed Jan 15 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-26`
		ecf709	`- Resolves: rhbz#1048102 - Access denied for users from gc domain when`
		ecf709	`using format DOMAIN\user`
		ecf709
		ecf709	`* Wed Jan 15 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-25`
		ecf709	`- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit`
		ecf709	`fallbacks and overrides settings`
		ecf709
		ecf709	`* Thu Jan 09 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-24`
		ecf709	`- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20`
		ecf709
		ecf709	`* Thu Jan 09 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-23`
		ecf709	`- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter`
		ecf709	`is used`
		ecf709
		ecf709	`* Thu Jan 09 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-22`
		ecf709	`- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses`
		ecf709	`FOREST keyword.`
		ecf709	`- Fix two memory leaks in the PAC responder (Related: rhbz#991065)`
		ecf709
		ecf709	`* Wed Jan 08 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-21`
		ecf709	`- Resolves: rhbz#1048184 - Group lookup does not return member with multiple`
		ecf709	`names after user lookup`
		ecf709
		ecf709	`* Wed Jan 08 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-20`
		ecf709	`- Resolves: rhbz#1049533 - Group membership lookup issue`
		ecf709
		ecf709	`* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 1.11.2-19`
		ecf709	`- Mass rebuild 2013-12-27`
		ecf709
		ecf709	`* Thu Dec 19 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-18`
		ecf709	`- Resolves: rhbz#894068 - sss_cache doesn't support subdomains`
		ecf709
		ecf709	`* Thu Dec 19 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-17`
		ecf709	`- Re-initialize subdomains after provider startup`
		ecf709	`- Related: rhbz#1038637 - If SSSD starts offline, subdomains list is`
		ecf709	`never read`
		ecf709
		ecf709	`* Thu Dec 19 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-16`
		ecf709	`- The AD provider is able to resolve group memberships for groups with`
		ecf709	`Global and Universal scope`
		ecf709	`- Related: rhbz#1033096 - tokenGroups do not work reliable with Global`
		ecf709	`Catalog`
		ecf709
		ecf709	`* Wed Dec 18 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-15`
		ecf709	`- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global`
		ecf709	`Catalog`
		ecf709	`- Resolves: rhbz#1030483 - Individual group search returned multiple`
		ecf709	`results in GC lookups`
		ecf709
		ecf709	`* Wed Dec 18 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-14`
		ecf709	`- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups`
		ecf709	`are requested`
		ecf709
		ecf709	`* Thu Dec 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-13`
		ecf709	`- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param`
		ecf709	`socketcall.sendto(msg) points to uninitialised`
		ecf709	`byte(s)"`
		ecf709
		ecf709	`* Thu Dec 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-12`
		ecf709	`- Resolves: rhbz#1037936 - sssd_be crashes occasionally`
		ecf709
		ecf709	`* Thu Dec 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-11`
		ecf709	`- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is`
		ecf709	`never read`
		ecf709
		ecf709	`* Mon Dec 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-10`
		ecf709	`- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext`
		ecf709	`password to ldap_default_authtok`
		ecf709
		ecf709	`* Mon Dec 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-9`
		ecf709	`- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when`
		ecf709	`using id_provider = proxy`
		ecf709
		ecf709	`* Mon Dec 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-8`
		ecf709	`- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb`
		ecf709
		ecf709	`* Mon Dec 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-7`
		ecf709	`- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the`
		ecf709	`"default_domain_suffix" option in`
		ecf709
		ecf709	`* Mon Dec 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-6`
		ecf709	`- Resolves: rhbz#1028057 - Improve detection of the right domain when`
		ecf709	`processing group with members from several domains`
		ecf709
		ecf709	`* Mon Dec 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-5`
		ecf709	`- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved`
		ecf709	`using ad_matching_rule`
		ecf709
		ecf709	`* Mon Dec 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-4`
		ecf709	`- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad`
		ecf709	`manpage`
		ecf709
		ecf709	`* Mon Dec 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-3`
		ecf709	`- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple`
		ecf709	`CN attributes`
		ecf709
		ecf709	`* Mon Dec 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-2`
		ecf709	`- Skip netgroups that don't provide well-formed triplets`
		ecf709	`- Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple`
		ecf709	`CN attributes`
		ecf709
		ecf709	`* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-1`
		ecf709	`- New upstream release 1.11.2`
		ecf709	`- Remove upstreamed patches`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2`
		ecf709	`- Resolves: rhbz#991065`
		ecf709
		ecf709	`* Fri Sep 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-2`
		ecf709	`- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with`
		ecf709	`sssd_be crash`
		ecf709	`- Resolves: rhbz#1002597 - ad: unable to resolve membership when user is`
		ecf709	`from different domain than group`
		ecf709
		ecf709	`* Fri Sep 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-1`
		ecf709	`- New upstream release 1.11.1`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1`
		ecf709	`- Resolves: rhbz#991065 - Rebase SSSD to 1.11.0`
		ecf709
		ecf709	`* Thu Aug 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-1`
		ecf709	`- New upstream release 1.11.0`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0`
		ecf709	`- Resolves: rhbz#991065`
		ecf709
		ecf709	`* Fri Aug 02 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0.1beta2`
		ecf709	`- New upstream release 1.11 beta 2`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2`
		ecf709	`- Related: rhbz#991065`
		ecf709
		ecf709	`* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-5`
		ecf709	`- Resolves: #906427 - Do not use %%{_lib} in specfile for the nss and`
		ecf709	`pam libraries`
		ecf709
		ecf709	`* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-4`
		ecf709	`- Resolves: #983587 - sss_debuglevel did not increase verbosity in`
		ecf709	`sssd_pac.log`
		ecf709
		ecf709	`* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-3`
		ecf709	`- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names'`
		ecf709	`setting`
		ecf709
		ecf709	`* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-2`
		ecf709	`- Apply several important fixes from upstream 1.10 branch`
		ecf709	`- Related: #966757 - SSSD failover doesn't work if the first DNS server`
		ecf709	`in resolv.conf is unavailable`
		ecf709
		ecf709	`* Thu Jul 18 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-1`
		ecf709	`- New upstream release 1.10.1`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1`
		ecf709
		ecf709	`* Wed Jul 10 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-18`
		ecf709	`- Remove libcmocka dependency`
		ecf709
		ecf709	`* Mon Jul 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-17`
		ecf709	`- sssd-tools should require sssd-common, not sssd`
		ecf709
		ecf709	`* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-16`
		ecf709	`- Move sssd_pac to the sssd-ipa and sssd-ad subpackages`
		ecf709	`- Trim out RHEL5-specific macros since we don't build on RHEL 5`
		ecf709	`- Trim out macros for Fedora older than F18`
		ecf709	`- Update libldb requirement to 1.1.16`
		ecf709	`- Trim RPM changelog down to the last year`
		ecf709
		ecf709	`* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-15`
		ecf709	`- Move sssd_pac to the sssd-krb5 subpackage`
		ecf709
		ecf709	`* Mon Jul 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-14`
		ecf709	`- Fix Obsoletes: to account for dist tag`
		ecf709	`- Convert post and pre scripts to run on the sssd-common subpackage`
		ecf709	`- Remove old conversion from SYSV`
		ecf709
		ecf709	`* Thu Jun 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-13`
		ecf709	`- New upstream release 1.10`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0`
		ecf709
		ecf709	`* Mon Jun 17 2013 Dan Horák <dan[at]danny.cz> - 1.10.0-12.beta2`
		ecf709	`- the cmocka toolkit exists only on selected arches`
		ecf709
		ecf709	`* Sun Jun 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-11.beta2`
		ecf709	`- Apply a number of patches from upstream to fix issues found post-beta,`
		ecf709	`in particular:`
		ecf709	`-- segfault with a high DEBUG level`
		ecf709	`-- Fix IPA password migration (upstream #1873)`
		ecf709	`-- Fix fail over when retrying SRV resolution (upstream #1886)`
		ecf709
		ecf709	`* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-10.beta2`
		ecf709	`- Only BuildRequire libcmocka on Fedora`
		ecf709
		ecf709	`* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-9.beta2`
		ecf709	`- Fix typo in Requires that prevented an upgrade (#973916)`
		ecf709	`- Use a hardcoded version in Conflicts, not less-than-current`
		ecf709
		ecf709	`* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta2`
		ecf709	`- New upstream release 1.10 beta2`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2`
		ecf709	`- BuildRequire libcmocka-devel in order to run all upstream tests during build`
		ecf709	`- BuildRequire libnl3 instead of libnl1`
		ecf709	`- No longer BuildRequire initscripts, we no longer use /sbin/service`
		ecf709	`- Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any`
		ecf709	`older krb5-libs version`
		ecf709
		ecf709	`* Thu Jun 06 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-7.beta1`
		ecf709	`- Enable hardened build for RHEL7`
		ecf709
		ecf709	`* Fri May 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-6.beta1`
		ecf709	`- Apply a couple of patches from upstream git that resolve crashes when`
		ecf709	`ID mapping object was not initialized properly but needed later`
		ecf709
		ecf709	`* Tue May 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-5.beta1`
		ecf709	`- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during`
		ecf709	`realm join`
		ecf709	`- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by`
		ecf709	`default for AD Provider`
		ecf709	`- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file`
		ecf709	`parent directory when logging in`
		ecf709
		ecf709	`* Tue May 7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-4.beta1`
		ecf709	`- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug`
		ecf709	`in ding-libs`
		ecf709	`- Fix SSH integration with fully-qualified domains`
		ecf709	`- Add the ability to dynamically discover the NetBIOS name`
		ecf709
		ecf709	`* Fri May 3 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-3.beta1`
		ecf709	`- New upstream release 1.10 beta1`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1`
		ecf709
		ecf709	`* Wed Apr 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-2.alpha1`
		ecf709	`- Add a patch to fix krb5 ccache creation issue with krb5 1.11`
		ecf709
		ecf709	`* Tue Apr 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-1.alpha1`
		ecf709	`- New upstream release 1.10 alpha1`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1`
		ecf709
		ecf709	`* Fri Mar 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.9.4-9`
		ecf709	`- Split internal helper libraries into a shared object`
		ecf709	`- Significantly reduce disk-space usage`
		ecf709
		ecf709	`* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-8`
		ecf709	`- Fix the Kerberos password expiration warning (#912223)`
		ecf709
		ecf709	`* Thu Feb 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-7`
		ecf709	`- Do not write out dots in the domain-realm mapping file (#905650)`
		ecf709
		ecf709	`* Mon Feb 11 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-6`
		ecf709	`- Include upstream patch to build with krb5-1.11`
		ecf709
		ecf709	`* Thu Feb 07 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-5`
		ecf709	`- Rebuild against new libldb`
		ecf709
		ecf709	`* Mon Feb 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-4`
		ecf709	`- Fix build with new automake versions`
		ecf709
		ecf709	`* Wed Jan 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-3`
		ecf709	`- Recreate Kerberos ccache directory if it's missing`
		ecf709	`- Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache`
		ecf709	`directory /run/user/UID/ccdir does not exist`
		ecf709
		ecf709	`* Tue Jan 29 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-2`
		ecf709	`- Fix changelog dates to make F19 rpmbuild happy`
		ecf709
		ecf709	`* Mon Jan 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.9.4-1`
		ecf709	`- New upstream release 1.9.4`
		ecf709
		ecf709	`* Thu Dec 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.3-1`
		ecf709	`- New upstream release 1.9.3`
		ecf709
		ecf709	`* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-5`
		ecf709	`- Resolve groups from AD correctly`
		ecf709
		ecf709	`* Tue Oct 30 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-4`
		ecf709	`- Check the validity of naming context`
		ecf709
		ecf709	`* Thu Oct 18 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-3`
		ecf709	`- Move the sss_cache tool to the main package`
		ecf709
		ecf709	`* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-2`
		ecf709	`- Include the 1.9.2 tarball`
		ecf709
		ecf709	`* Sun Oct 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.2-1`
		ecf709	`- New upstream release 1.9.2`
		ecf709
		ecf709	`* Sun Oct 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.1-1`
		ecf709	`- New upstream release 1.9.1`
		ecf709
		ecf709	`* Wed Oct 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24`
		ecf709	`- require the latest libldb`
		ecf709
		ecf709	`* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-24`
		ecf709	`- Use mcpath insted of mcachepath macro to be consistent with`
		ecf709	`upsteam spec file`
		ecf709
		ecf709	`* Tue Sep 25 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-23`
		ecf709	`- New upstream release 1.9.0`
		ecf709
		ecf709	`* Fri Sep 14 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-22.rc1`
		ecf709	`- New upstream release 1.9.0 rc1`
		ecf709
		ecf709	`* Thu Sep 06 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-21.beta7`
		ecf709	`- New upstream release 1.9.0 beta7`
		ecf709	`- obsoletes patches #1-#3`
		ecf709
		ecf709	`* Mon Sep 03 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-20.beta6`
		ecf709	`- Rebuild against libldb 1.12`
		ecf709
		ecf709	`* Tue Aug 28 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-19.beta6`
		ecf709	`- Rebuild against libldb 1.11`
		ecf709
		ecf709	`* Fri Aug 24 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-18.beta6`
		ecf709	`- Change the default ccache location to DIR:/run/user/${UID}/krb5cc`
		ecf709	`and patch man page accordingly`
		ecf709	`- Resolves: rhbz#851304`
		ecf709
		ecf709	`* Mon Aug 20 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-17.beta6`
		ecf709	`- Rebuild against libldb 1.10`
		ecf709
		ecf709	`* Fri Aug 17 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-16.beta6`
		ecf709	`- Only create the SELinux login file if there are SELinux mappings on`
		ecf709	`the IPA server`
		ecf709
		ecf709	`* Fri Aug 10 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-14.beta6`
		ecf709	`- Don't discard HBAC rule processing result if SELinux is on`
		ecf709	`Resolves: rhbz#846792 (CVE-2012-3462)`
		ecf709
		ecf709	`* Thu Aug 02 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-13.beta6`
		ecf709	`- New upstream release 1.9.0 beta 6`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6`
		ecf709	`- A new option, override_shell was added. If this option is set, all users`
		ecf709	`managed by SSSD will have their shell set to its value.`
		ecf709	`- Fixes for the support for setting default SELinux user context from FreeIPA.`
		ecf709	`- Fixed a regression introduced in beta 5 that broke LDAP SASL binds`
		ecf709	`- The SSSD supports the concept of a Primary Server and a Back Up Server in`
		ecf709	`failover`
		ecf709	`- A new command-line tool sss_seed is available to help prime the cache with`
		ecf709	`a user record when deploying a new machine`
		ecf709	`- SSSD is now able to discover and save the domain-realm mappings`
		ecf709	`between an IPA server and a trusted Active Directory server.`
		ecf709	`- Packaging changes to fix ldconfig usage in subpackages (#843995)`
		ecf709	`- Rebuild against libldb 1.1.9`
		ecf709
		ecf709	`* Fri Jul 27 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.0-13.beta5`
		ecf709	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild`
		ecf709
		ecf709	`* Thu Jul 19 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-12.beta5`
		ecf709	`- New upstream release 1.9.0 beta 5`
		ecf709	`- Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5`
		ecf709	`- Many fixes for the support for setting default SELinux user context from`
		ecf709	`FreeIPA, most notably fixed the specificity evaluation`
		ecf709	`- Fixed an incorrect default in the krb5_canonicalize option of the AD`
		ecf709	`provider which was preventing password change operation`
		ecf709	`- The shadowLastChange attribute value is now correctly updated with the`
		ecf709	`number of days since the Epoch, not seconds`
		ecf709
		ecf709	`* Mon Jul 16 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-11.beta4`
		ecf709	`- Fix broken ARM build`
		ecf709	`- Add missing DP_OPTION_TERMINATOR in AD provider options`
		ecf709
		ecf709	`* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-10.beta4`
		ecf709	`- Own several directories create during make install (#839782)`
		ecf709
		ecf709	`* Wed Jul 11 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.9.0-9.beta4`
		ecf709	`- New upstream release 1.9.0 beta 4`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4`
		ecf709	`- Add a new AD provider to improve integration with Active Directory 2008 R2`
		ecf709	`or later servers`
		ecf709	`- SUDO integration was completely rewritten. The new implementation works`
		ecf709	`with multiple domains and uses an improved refresh mechanism to download`
		ecf709	`only the necessary rules`
		ecf709	`- The IPA authentication provider now supports subdomains`
		ecf709	`- Fixed regression for setups that were setting default_tkt_enctypes`
		ecf709	`manually by reverting a previous workaround.`
		ecf709
		ecf709	`* Mon Jun 25 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-8.beta3`
		ecf709	`- New upstream release 1.9.0 beta 3`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3`
		ecf709	`- Add a new PAC responder for dealing with cross-realm Kerberos trusts`
		ecf709	`- Terminate idle connections to the NSS and PAM responders`
		ecf709
		ecf709	`* Wed Jun 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-7.beta2`
		ecf709	`- Switch unicode library from libunistring to Glib`
		ecf709	`- Drop unnecessary explicit Requires on keyutils`
		ecf709	`- Guarantee that versioned Requires include the correct architecture`
		ecf709
		ecf709	`* Mon Jun 18 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-6.beta2`
		ecf709	`- Fix accidental disabling of the DIR cache support`
		ecf709
		ecf709	`* Fri Jun 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-5.beta2`
		ecf709	`- New upstream release 1.9.0 beta 2`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2`
		ecf709	`- Add support for the Kerberos DIR cache for storing multiple TGTs`
		ecf709	`automatically`
		ecf709	`- Major performance enhancement when storing large groups in the cache`
		ecf709	`- Major performance enhancement when performing initgroups() against Active`
		ecf709	`Directory`
		ecf709	`- SSSDConfig data file default locations can now be set during configure for`
		ecf709	`easier packaging`
		ecf709
		ecf709	`* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-4.beta1`
		ecf709	`- Fix regression in endianness patch`
		ecf709
		ecf709	`* Tue May 29 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-3.beta1`
		ecf709	`- Rebuild SSSD against ding-libs 0.3.0beta1`
		ecf709	`- Fix endianness bug in service map protocol`
		ecf709
		ecf709	`* Thu May 24 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-2.beta1`
		ecf709	`- Fix several regressions since 1.5.x`
		ecf709	`- Ensure that the RPM creates the /var/lib/sss/mc directory`
		ecf709	`- Add support for Netscape password warning expiration control`
		ecf709	`- Rebuild against libldb 1.1.6`
		ecf709
		ecf709	`* Fri May 11 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.9.0-1.beta1`
		ecf709	`- New upstream release 1.9.0 beta 1`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1`
		ecf709	`- Add native support for autofs to the IPA provider`
		ecf709	`- Support for ID-mapping when connecting to Active Directory`
		ecf709	`- Support for handling very large (> 1500 users) groups in Active Directory`
		ecf709	`- Support for sub-domains (will be used for dealing with trust relationships)`
		ecf709	`- Add a new fast in-memory cache to speed up lookups of cached data on`
		ecf709	`repeated requests`
		ecf709
		ecf709	`* Thu May 03 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.3-11`
		ecf709	`- New upstream release 1.8.3`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3`
		ecf709	`- Numerous manpage and translation updates`
		ecf709	`- LDAP: Handle situations where the RootDSE isn't available anonymously`
		ecf709	`- LDAP: Fix regression for users using non-standard LDAP attributes for user`
		ecf709	`information`
		ecf709
		ecf709	`* Mon Apr 09 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.2-10`
		ecf709	`- New upstream release 1.8.2`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2`
		ecf709	`- Several fixes to case-insensitive domain functions`
		ecf709	`- Fix for GSSAPI binds when the keytab contains unrelated principals`
		ecf709	`- Fixed several segfaults`
		ecf709	`- Workarounds added for LDAP servers with unreadable RootDSE`
		ecf709	`- SSH knownhostproxy will no longer enter an infinite loop preventing login`
		ecf709	`- The provided SYSV init script now starts SSSD earlier at startup and stops`
		ecf709	`it later during shutdown`
		ecf709	`- Assorted minor fixes for issues discovered by static analysis tools`
		ecf709
		ecf709	`* Mon Mar 26 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-9`
		ecf709	`- Don't duplicate libsss_autofs.so in two packages`
		ecf709	`- Set explicit package contents instead of globbing`
		ecf709
		ecf709	`* Wed Mar 21 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-8`
		ecf709	`- Fix uninitialized value bug causing crashes throughout the code`
		ecf709	`- Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup`
		ecf709
		ecf709	`* Mon Mar 12 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.1-7`
		ecf709	`- New upstream release 1.8.1`
		ecf709	`- Resolve issue where we could enter an infinite loop trying to connect to an`
		ecf709	`auth server`
		ecf709	`- Fix serious issue with complex (3+ levels) nested groups`
		ecf709	`- Fix netgroup support for case-insensitivity and aliases`
		ecf709	`- Fix serious issue with lookup bundling resulting in requests never`
		ecf709	`completing`
		ecf709	`- IPA provider will now check the value of nsAccountLock during pam_acct_mgmt`
		ecf709	`in addition to pam_authenticate`
		ecf709	`- Fix several regressions in the proxy provider`
		ecf709	`- Resolves: rhbz#743133 - Performance regression with Kerberos authentication`
		ecf709	`against AD`
		ecf709	`- Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work`
		ecf709
		ecf709	`* Tue Feb 28 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-6`
		ecf709	`- New upstream release 1.8.0`
		ecf709	`- Support for the service map in NSS`
		ecf709	`- Support for setting default SELinux user context from FreeIPA`
		ecf709	`- Support for retrieving SSH user and host keys from LDAP (Experimental)`
		ecf709	`- Support for caching autofs LDAP requests (Experimental)`
		ecf709	`- Support for caching SUDO rules (Experimental)`
		ecf709	`- Include the IPA AutoFS provider`
		ecf709	`- Fixed several memory-corruption bugs`
		ecf709	`- Fixed a regression in group enumeration since 1.7.0`
		ecf709	`- Fixed a regression in the proxy provider`
		ecf709	`- Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD`
		ecf709	`- Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is`
		ecf709	`logged at each login`
		ecf709	`- Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process`
		ecf709	`/usr/sbin/sssd was killed by signal 11 (SIGSEGV)`
		ecf709	`- Resolves: rhbz#743133 - Performance regression with Kerberos authentication`
		ecf709	`against AD`
		ecf709	`- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for`
		ecf709	`new LDAP features`
		ecf709	`- Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc`
		ecf709
		ecf709	`* Wed Feb 22 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-5.beta3`
		ecf709	`- Change default kerberos credential cache location to /run/user/<username>`
		ecf709
		ecf709	`* Wed Feb 15 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-4.beta3`
		ecf709	`- New upstream release 1.8.0 beta 3`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3`
		ecf709	`- Fixed a regression in group enumeration since 1.7.0`
		ecf709	`- Fixed several memory-corruption bugs`
		ecf709	`- Finalized the ABI for the autofs support`
		ecf709	`- Fixed a regression in the proxy provider`
		ecf709
		ecf709	`* Fri Feb 10 2012 Petr Pisar <ppisar@redhat.com> - 1.8.0-3.beta2`
		ecf709	`- Rebuild against PCRE 8.30`
		ecf709
		ecf709	`* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta2`
		ecf709	`- New upstream release`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2`
		ecf709	`- Fix two minor manpage bugs`
		ecf709	`- Include the IPA AutoFS provider`
		ecf709
		ecf709	`* Mon Feb 06 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.0-1.beta1`
		ecf709	`- New upstream release`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1`
		ecf709	`- Support for the service map in NSS`
		ecf709	`- Support for setting default SELinux user context from FreeIPA`
		ecf709	`- Support for retrieving SSH user and host keys from LDAP (Experimental)`
		ecf709	`- Support for caching autofs LDAP requests (Experimental)`
		ecf709	`- Support for caching SUDO rules (Experimental)`
		ecf709
		ecf709	`* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-5`
		ecf709	`- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for`
		ecf709	`new LDAP features - fix netgroups and sudo as well`
		ecf709
		ecf709	`* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-4`
		ecf709	`- Fixes a serious memory hierarchy bug causing unpredictable behavior in the`
		ecf709	`LDAP provider.`
		ecf709
		ecf709	`* Wed Feb 01 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-3`
		ecf709	`- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for`
		ecf709	`new LDAP features`
		ecf709
		ecf709	`* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.7.0-2`
		ecf709	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild`
		ecf709
		ecf709	`* Thu Dec 22 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.7.0-1`
		ecf709	`- New upstream release 1.7.0`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0`
		ecf709	`- Support for case-insensitive domains`
		ecf709	`- Support for multiple search bases in the LDAP provider`
		ecf709	`- Support for the native FreeIPA netgroup implementation`
		ecf709	`- Reliability improvements to the process monitor`
		ecf709	`- New DEBUG facility with more consistent log levels`
		ecf709	`- New tool to change debug log levels without restarting SSSD`
		ecf709	`- SSSD will now disconnect from LDAP server when idle`
		ecf709	`- FreeIPA HBAC rules can choose to ignore srchost options for significant`
		ecf709	`performance gains`
		ecf709	`- Assorted performance improvements in the LDAP provider`
		ecf709
		ecf709	`* Mon Dec 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.4-1`
		ecf709	`- New upstream release 1.6.4`
		ecf709	`- Rolls up previous patches applied to the 1.6.3 tarball`
		ecf709	`- Fixes a rare issue causing crashes in the failover logic`
		ecf709	`- Fixes an issue where SSSD would return the wrong PAM error code for users`
		ecf709	`that it does not recognize.`
		ecf709
		ecf709	`* Wed Dec 07 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-5`
		ecf709	`- Rebuild against libldb 1.1.4`
		ecf709
		ecf709	`* Tue Nov 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-4`
		ecf709	`- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the`
		ecf709	`username in getpwnam()`
		ecf709	`- Resolves: rhbz#758425 - LDAP failover not working if server refuses`
		ecf709	`connections`
		ecf709
		ecf709	`* Thu Nov 24 2011 Jakub Hrozek <jhrozek@redhat.com> - 1.6.3-3`
		ecf709	`- Rebuild for libldb 1.1.3`
		ecf709
		ecf709	`* Thu Nov 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-2`
		ecf709	`- Resolves: rhbz#752495 - Crash when apply settings`
		ecf709
		ecf709	`* Fri Nov 04 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.3-1`
		ecf709	`- New upstream release 1.6.3`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3`
		ecf709	`- Fixes a major cache performance issue introduced in 1.6.2`
		ecf709	`- Fixes a potential infinite-loop with certain LDAP layouts`
		ecf709
		ecf709	`* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.6.2-5`
		ecf709	`- Rebuilt for glibc bug#747377`
		ecf709
		ecf709	`* Sun Oct 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-4`
		ecf709	`- Change selinux policy requirement to Conflicts: with the old version,`
		ecf709	`rather than Requires: the supported version.`
		ecf709
		ecf709	`* Fri Oct 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-3`
		ecf709	`- Add explicit requirement on selinux-policy version to address new SBUS`
		ecf709	`symlinks.`
		ecf709
		ecf709	`* Wed Oct 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-2`
		ecf709	`- Remove %%files reference to sss_debuglevel copied from wrong upstreeam`
		ecf709	`spec file.`
		ecf709
		ecf709	`* Tue Oct 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.2-1`
		ecf709	`- Improved handling of users and groups with multi-valued name attributes`
		ecf709	`(aliases)`
		ecf709	`- Performance enhancements`
		ecf709	`Initgroups on RFC2307bis/FreeIPA`
		ecf709	`HBAC rule processing`
		ecf709	`- Improved process-hang detection and restarting`
		ecf709	`- Enabled the midpoint cache refresh by default (fewer cache misses on`
		ecf709	`commonly-used entries)`
		ecf709	`- Cleaned up the example configuration`
		ecf709	`- New tool to change debug level on the fly`
		ecf709
		ecf709	`* Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.1-1`
		ecf709	`- New upstream release 1.6.1`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1`
		ecf709	`- Fixes a serious issue with LDAP connections when the communication is`
		ecf709	`dropped (e.g. VPN disconnection, waking from sleep)`
		ecf709	`- SSSD is now less strict when dealing with users/groups with multiple names`
		ecf709	`when a definitive primary name cannot be determined`
		ecf709	`- The LDAP provider will no longer attempt to canonicalize by default when`
		ecf709	`using SASL. An option to re-enable this has been provided.`
		ecf709	`- Fixes for non-standard LDAP attribute names (e.g. those used by Active`
		ecf709	`Directory)`
		ecf709	`- Three HBAC regressions have been fixed.`
		ecf709	`- Fix for an infinite loop in the deref code`
		ecf709
		ecf709	`* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-2`
		ecf709	`- Build with _hardened_build macro`
		ecf709
		ecf709	`* Wed Aug 03 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.6.0-1`
		ecf709	`- New upstream release 1.6.0`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0`
		ecf709	`- Add host access control support for LDAP (similar to pam_host_attr)`
		ecf709	`- Finer-grained control on principals used with Kerberos (such as for FAST or`
		ecf709	`- validation)`
		ecf709	`- Added a new tool sss_cache to allow selective expiring of cached entries`
		ecf709	`- Added support for LDAP DEREF and ASQ controls`
		ecf709	`- Added access control features for Novell Directory Server`
		ecf709	`- FreeIPA dynamic DNS update now checks first to see if an update is needed`
		ecf709	`- Complete rewrite of the HBAC library`
		ecf709	`- New libraries: libipa_hbac and libipa_hbac-python`
		ecf709
		ecf709	`* Tue Jul 05 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.11-2`
		ecf709	`- New upstream release 1.5.11`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11`
		ecf709	`- Fix a serious regression that prevented SSSD from working with ldaps:// URIs`
		ecf709	`- IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6`
		ecf709	`- address being saved to the AAAA record`
		ecf709
		ecf709	`* Fri Jul 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.10-1`
		ecf709	`- New upstream release 1.5.10`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10`
		ecf709	`- Fixed a regression introduced in 1.5.9 that could result in blocking calls`
		ecf709	`- to LDAP`
		ecf709
		ecf709	`* Thu Jun 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.9-1`
		ecf709	`- New upstream release 1.5.9`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9`
		ecf709	`- Support for overriding home directory, shell and primary GID locally`
		ecf709	`- Properly honor TTL values from SRV record lookups`
		ecf709	`- Support non-POSIX groups in nested group chains (for RFC2307bis LDAP`
		ecf709	`- servers)`
		ecf709	`- Properly escape IPv6 addresses in the failover code`
		ecf709	`- Do not crash if inotify fails (e.g. resource exhaustion)`
		ecf709	`- Don't add multiple TGT renewal callbacks (too many log messages)`
		ecf709
		ecf709	`* Fri May 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.8-1`
		ecf709	`- New upstream release 1.5.8`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8`
		ecf709	`- Support for the LDAP paging control`
		ecf709	`- Support for multiple DNS servers for name resolution`
		ecf709	`- Fixes for several group membership bugs`
		ecf709	`- Fixes for rare crash bugs`
		ecf709
		ecf709	`* Mon May 23 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-3`
		ecf709	`- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d`
		ecf709	`- Make sure to properly convert to systemd if upgrading from newer`
		ecf709	`- updates for Fedora 14`
		ecf709
		ecf709	`* Mon May 02 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-2`
		ecf709	`- Fix segfault in TGT renewal`
		ecf709
		ecf709	`* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1`
		ecf709	`- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites`
		ecf709	`- cached password with predicatable filename`
		ecf709
		ecf709	`* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6.1-1`
		ecf709	`- Re-add manpage translations`
		ecf709
		ecf709	`* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6-1`
		ecf709	`- New upstream release 1.5.6`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6`
		ecf709	`- Fixed a serious memory leak in the memberOf plugin`
		ecf709	`- Fixed a regression with the negative cache that caused it to be essentially`
		ecf709	`- nonfunctional`
		ecf709	`- Fixed an issue where the user's full name would sometimes be removed from`
		ecf709	`- the cache`
		ecf709	`- Fixed an issue with password changes in the kerberos provider not working`
		ecf709	`- with kpasswd`
		ecf709
		ecf709	`* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-5`
		ecf709	`- Resolves: rhbz#697057 - kpasswd fails when using sssd and`
		ecf709	`- kadmin server != kdc server`
		ecf709	`- Upgrades from SysV should now maintain enabled/disabled status`
		ecf709
		ecf709	`* Mon Apr 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-4`
		ecf709	`- Fix %%postun`
		ecf709
		ecf709	`* Thu Apr 14 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-3`
		ecf709	`- Fix systemd conversion. Upgrades from SysV to systemd weren't properly`
		ecf709	`- enabling the systemd service.`
		ecf709	`- Fix a serious memory leak in the memberOf plugin`
		ecf709	`- Fix an issue where the user's full name would sometimes be removed`
		ecf709	`- from the cache`
		ecf709
		ecf709	`* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-2`
		ecf709	`- Install systemd unit file instead of sysv init script`
		ecf709
		ecf709	`* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-1`
		ecf709	`- New upstream release 1.5.5`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5`
		ecf709	`- Fixes for several crash bugs`
		ecf709	`- LDAP group lookups will no longer abort if there is a zero-length member`
		ecf709	`- attribute`
		ecf709	`- Add automatic fallback to 'cn' if the 'gecos' attribute does not exist`
		ecf709
		ecf709	`* Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.4-1`
		ecf709	`- New upstream release 1.5.4`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4`
		ecf709	`- Fixes for Active Directory when not all users and groups have POSIX attributes`
		ecf709	`- Fixes for handling users and groups that have name aliases (aliases are ignored)`
		ecf709	`- Fix group memberships after initgroups in the IPA provider`
		ecf709
		ecf709	`* Thu Mar 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-2`
		ecf709	`- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication`
		ecf709
		ecf709	`* Fri Mar 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-1`
		ecf709	`- New upstream release 1.5.3`
		ecf709	`- Support for libldb >= 1.0.0`
		ecf709
		ecf709	`* Thu Mar 10 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.2-1`
		ecf709	`- New upstream release 1.5.2`
		ecf709	`- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2`
		ecf709	`- Fixes for support of FreeIPA v2`
		ecf709	`- Fixes for failover if DNS entries change`
		ecf709	`- Improved sss_obfuscate tool with better interactive mode`
		ecf709	`- Fix several crash bugs`
		ecf709	`- Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this`
		ecf709	`- Delete users from the local cache if initgroups calls return 'no such user'`
		ecf709	`- (previously only worked for getpwnam/getpwuid)`
		ecf709	`- Use new Transifex.net translations`
		ecf709	`- Better support for automatic TGT renewal (now survives restart)`
		ecf709	`- Netgroup fixes`
		ecf709
		ecf709	`* Sun Feb 27 2011 Simo Sorce <ssorce@redhat.com> - 1.5.1-9`
		ecf709	`- Rebuild sssd against libldb 1.0.2 so the memberof module loads again.`
		ecf709	`- Related: rhbz#677425`
		ecf709
		ecf709	`* Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8`
		ecf709	`- Resolves: rhbz#677768 - name service caches names, so id command shows`
		ecf709	`- recently deleted users`
		ecf709
		ecf709	`* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-7`
		ecf709	`- Ensure that SSSD builds against libldb-1.0.0 on F15 and later`
		ecf709	`- Remove .la for memberOf`
		ecf709
		ecf709	`* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-6`
		ecf709	`- Fix memberOf install path`
		ecf709
		ecf709	`* Fri Feb 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-5`
		ecf709	`- Add support for libldb 1.0.0`
		ecf709
		ecf709	`* Wed Feb 09 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.1-4`
		ecf709	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild`
		ecf709
		ecf709	`* Tue Feb 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-3`
		ecf709	`- Fix nested group member filter sanitization for RFC2307bis`
		ecf709	`- Put translated tool manpages into the sssd-tools subpackage`
		ecf709
		ecf709	`* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2`
		ecf709	`- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during`
		ecf709	`- rpmbuild`
		ecf709
		ecf709	`* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-1`
		ecf709	`- New upstream release 1.5.1`
		ecf709	`- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins`
		ecf709	`- Vast performance improvements when enumerate = true`
		ecf709	`- All PAM actions will now perform a forced initgroups lookup instead of just`
		ecf709	`- a user information lookup`
		ecf709	`- This guarantees that all group information is available to other`
		ecf709	`- providers, such as the simple provider.`
		ecf709	`- For backwards-compatibility, DNS lookups will also fall back to trying the`
		ecf709	`- SSSD domain name as a DNS discovery domain.`
		ecf709	`- Support for more password expiration policies in LDAP`
		ecf709	`- 389 Directory Server`
		ecf709	`- FreeIPA`
		ecf709	`- ActiveDirectory`
		ecf709	`- Support for ldap_tls_{cert,key,cipher_suite} config options`
		ecf709	`-Assorted bugfixes`
		ecf709
		ecf709	`* Tue Jan 11 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-2`
		ecf709	`- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins`
		ecf709
		ecf709	`* Wed Dec 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.5.0-1`
		ecf709	`- New upstream release 1.5.0`
		ecf709	`- Fixed issues with LDAP search filters that needed to be escaped`
		ecf709	`- Add Kerberos FAST support on platforms that support it`
		ecf709	`- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials`
		ecf709	`- Added a Kerberos access provider to honor .k5login`
		ecf709	`- Addressed several thread-safety issues in the sss_client code`
		ecf709	`- Improved support for delayed online Kerberos auth`
		ecf709	`- Significantly reduced time between connecting to the network/VPN and`
		ecf709	`- acquiring a TGT`
		ecf709	`- Added feature for automatic Kerberos ticket renewal`
		ecf709	`- Provides the kerberos ticket for long-lived processes or cron jobs`
		ecf709	`- even when the user logs out`
		ecf709	`- Added several new features to the LDAP access provider`
		ecf709	`- Support for 'shadow' access control`
		ecf709	`- Support for authorizedService access control`
		ecf709	`- Ability to mix-and-match LDAP access control features`
		ecf709	`- Added an option for a separate password-change LDAP server for those`
		ecf709	`- platforms where LDAP referrals are not supported`
		ecf709	`- Added support for manpage translations`
		ecf709
		ecf709
		ecf709	`* Thu Nov 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-3`
		ecf709	`- Solve a shutdown race-condition that sometimes left processes running`
		ecf709	`- Resolves: rhbz#606887 - SSSD stops on upgrade`
		ecf709
		ecf709	`* Tue Nov 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-2`
		ecf709	`- Log startup errors to the syslog`
		ecf709	`- Allow cache cleanup to be disabled in sssd.conf`
		ecf709
		ecf709	`* Mon Nov 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-1`
		ecf709	`- New upstream release 1.4.1`
		ecf709	`- Add support for netgroups to the proxy provider`
		ecf709	`- Fixes a minor bug with UIDs/GIDs >= 2^31`
		ecf709	`- Fixes a segfault in the kerberos provider`
		ecf709	`- Fixes a segfault in the NSS responder if a data provider crashes`
		ecf709	`- Correctly use sdap_netgroup_search_base`
		ecf709
		ecf709	`* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-2`
		ecf709	`- Fix incorrect tarball URL`
		ecf709
		ecf709	`* Mon Oct 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.0-1`
		ecf709	`- New upstream release 1.4.0`
		ecf709	`- Added support for netgroups to the LDAP provider`
		ecf709	`- Performance improvements made to group processing of RFC2307 LDAP servers`
		ecf709	`- Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin`
		ecf709	`- Build-system improvements to support Gentoo`
		ecf709	`- Split out several libraries into the ding-libs tarball`
		ecf709	`- Manpage reviewed and updated`
		ecf709
		ecf709	`* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-35`
		ecf709	`- Fix pre and post script requirements`
		ecf709
		ecf709	`* Mon Oct 04 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-34`
		ecf709	`- Resolves: rhbz#606887 - sssd stops on upgrade`
		ecf709
		ecf709	`* Fri Oct 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-33`
		ecf709	`- Resolves: rhbz#626205 - Unable to unlock screen`
		ecf709
		ecf709	`* Tue Sep 28 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-32`
		ecf709	`- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but`
		ecf709	`- doesn't require it`
		ecf709
		ecf709	`* Thu Sep 16 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-31`
		ecf709	`- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib`
		ecf709
		ecf709	`* Tue Aug 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.3.0-30`
		ecf709	`- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate`
		ecf709	`- against LDAP`
		ecf709
		ecf709	`* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 1.2.91-21`
		ecf709	`- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild`
		ecf709
		ecf709	`* Fri Jul 09 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.91-20`
		ecf709	`- New upstream version 1.2.91 (1.3.0rc1)`
		ecf709	`- Improved LDAP failover`
		ecf709	`- Synchronous sysdb API (provides performance enhancements)`
		ecf709	`- Better online reconnection detection`
		ecf709
		ecf709	`* Mon Jun 21 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.1-15`
		ecf709	`- New stable upstream version 1.2.1`
		ecf709	`- Resolves: rhbz#595529 - spec file should eschew %%define in favor of`
		ecf709	`- %%global`
		ecf709	`- Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service`
		ecf709	`- to fail while restart.`
		ecf709	`- Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel`
		ecf709	`- keyring`
		ecf709	`- Resolves: rhbz#599724 - sssd is broken on Rawhide`
		ecf709
		ecf709	`* Mon May 24 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.2.0-12`
		ecf709	`- New stable upstream version 1.2.0`
		ecf709	`- Support ServiceGroups for FreeIPA v2 HBAC rules`
		ecf709	`- Fix long-standing issue with auth_provider = proxy`
		ecf709	`- Better logging for TLS issues in LDAP`
		ecf709
		ecf709	`* Tue May 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.92-11`
		ecf709	`- New LDAP access provider allows for filtering user access by LDAP attribute`
		ecf709	`- Reduced default timeout for detecting offline status with LDAP`
		ecf709	`- GSSAPI ticket lifetime made configurable`
		ecf709	`- Better offline->online transition support in Kerberos`
		ecf709
		ecf709	`* Fri May 07 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.91-10`
		ecf709	`- Release new upstream version 1.1.91`
		ecf709	`- Enhancements when using SSSD with FreeIPA v2`
		ecf709	`- Support for deferred kinit`
		ecf709	`- Support for DNS SRV records for failover`
		ecf709
		ecf709	`* Fri Apr 02 2010 Simo Sorce <ssorce@redhat.com> - 1.1.1-3`
		ecf709	`- Bump up release number to avoid library sub-packages version issues with`
		ecf709	`previous releases.`
		ecf709
		ecf709	`* Thu Apr 01 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.1-1`
		ecf709	`- New upstream release 1.1.1`
		ecf709	`- Fixed the IPA provider (which was segfaulting at start)`
		ecf709	`- Fixed a bug in the SSSDConfig API causing some options to revert to`
		ecf709	`- their defaults`
		ecf709	`- This impacted the Authconfig UI`
		ecf709	`- Ensure that SASL binds to LDAP auto-retry when interrupted by a signal`
		ecf709
		ecf709	`* Tue Mar 23 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-2`
		ecf709	`- Release SSSD 1.1.0 final`
		ecf709	`- Fix two potential segfaults`
		ecf709	`- Fix memory leak in monitor`
		ecf709	`- Better error message for unusable confdb`
		ecf709
		ecf709	`* Wed Mar 17 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.1.0-1.pre20100317git0ea7f19`
		ecf709	`- Release candidate for SSSD 1.1`
		ecf709	`- Add simple access provider`
		ecf709	`- Create subpackages for libcollection, libini_config, libdhash and librefarray`
		ecf709	`- Support IPv6`
		ecf709	`- Support LDAP referrals`
		ecf709	`- Fix cache issues`
		ecf709	`- Better feedback from PAM when offline`
		ecf709
		ecf709	`* Wed Feb 24 2010 Stephen Gallagehr <sgallagh@redhat.com> - 1.0.5-2`
		ecf709	`- Rebuild against new libtevent`
		ecf709
		ecf709	`* Fri Feb 19 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.5-1`
		ecf709	`- Fix licenses in sources and on RPMs`
		ecf709
		ecf709	`* Mon Jan 25 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.4-1`
		ecf709	`- Fix regression on 64-bit platforms`
		ecf709
		ecf709	`* Fri Jan 22 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.3-1`
		ecf709	`- Fixes link error on platforms that do not do implicit linking`
		ecf709	`- Fixes double-free segfault in PAM`
		ecf709	`- Fixes double-free error in async resolver`
		ecf709	`- Fixes support for TCP-based DNS lookups in async resolver`
		ecf709	`- Fixes memory alignment issues on ARM processors`
		ecf709	`- Manpage fixes`
		ecf709
		ecf709	`* Thu Jan 14 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.2-1`
		ecf709	`- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online`
		ecf709	`- Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests`
		ecf709	`- Several segfault bugfixes`
		ecf709
		ecf709	`* Mon Jan 11 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.0.1-1`
		ecf709	`- Fix CVE-2010-0014`
		ecf709
		ecf709	`* Mon Dec 21 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-2`
		ecf709	`- Patch SSSDConfig API to address`
		ecf709	`- https://bugzilla.redhat.com/show_bug.cgi?id=549482`
		ecf709
		ecf709	`* Fri Dec 18 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1`
		ecf709	`- New upstream stable release 1.0.0`
		ecf709
		ecf709	`* Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1`
		ecf709	`- New upstream bugfix release 0.99.1`
		ecf709
		ecf709	`* Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1`
		ecf709	`- New upstream release 0.99.0`
		ecf709
		ecf709	`* Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1`
		ecf709	`- Fix segfault in sssd_pam when cache_credentials was enabled`
		ecf709	`- Update the sample configuration`
		ecf709	`- Fix upgrade issues caused by data provider service removal`
		ecf709
		ecf709	`* Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2`
		ecf709	`- Fix upgrade issues from old (pre-0.5.0) releases of SSSD`
		ecf709
		ecf709	`* Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1`
		ecf709	`- New upstream release 0.7.0`
		ecf709
		ecf709	`* Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2`
		ecf709	`- Fix missing file permissions for sssd-clients`
		ecf709
		ecf709	`* Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1`
		ecf709	`- Add SSSDConfig API`
		ecf709	`- Update polish translation for 0.6.0`
		ecf709	`- Fix long timeout on ldap operation`
		ecf709	`- Make dp requests more robust`
		ecf709
		ecf709	`* Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1`
		ecf709	`- Ensure that the configuration upgrade script always writes the config`
		ecf709	`file with 0600 permissions`
		ecf709	`- Eliminate an infinite loop in group enumerations`
		ecf709
		ecf709	`* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0`
		ecf709	`- New upstream release 0.6.0`
		ecf709
		ecf709	`* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0`
		ecf709	`- New upstream release 0.5.0`
		ecf709
		ecf709	`* Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4`
		ecf709	`- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in`
		ecf709	`without a password. (Patch by Stephen Gallagher)`
		ecf709
		ecf709	`* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3`
		ecf709	`- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild`
		ecf709
		ecf709	`* Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2`
		ecf709	`- Fix a couple of segfaults that may happen on reload`
		ecf709
		ecf709	`* Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1`
		ecf709	`- add missing configure check that broke stopping the daemon`
		ecf709	`- also fix default config to add a missing required option`
		ecf709
		ecf709	`* Mon Jun 8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0`
		ecf709	`- latest upstream release.`
		ecf709	`- also add a patch that fixes debugging output (potential segfault)`
		ecf709
		ecf709	`* Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2`
		ecf709	`- release out of the official 0.3.2 tarball`
		ecf709
		ecf709	`* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1`
		ecf709	`- bugfix release 0.3.2`
		ecf709	`- includes previous release patches`
		ecf709	`- change permissions of the /etc/sssd/sssd.conf to 0600`
		ecf709
		ecf709	`* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2`
		ecf709	`- Add last minute bug fixes, found in testing the package`
		ecf709
		ecf709	`* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1`
		ecf709	`- Version 0.3.1`
		ecf709	`- includes previous release patches`
		ecf709
		ecf709	`* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2`
		ecf709	`- Try to fix build adding automake as an explicit BuildRequire`
		ecf709	`- Add also a couple of last minute patches from upstream`
		ecf709
		ecf709	`* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1`
		ecf709	`- Version 0.3.0`
		ecf709	`- Provides file based configuration and lots of improvements`
		ecf709
		ecf709	`* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1`
		ecf709	`- Version 0.2.1`
		ecf709
		ecf709	`* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1`
		ecf709	`- Version 0.2.0`
		ecf709
		ecf709	`* Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3`
		ecf709	`- package git snapshot`
		ecf709
		ecf709	`* Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4`
		ecf709	`- fixed items found during review`
		ecf709	`- added initscript`
		ecf709
		ecf709	`* Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3`
		ecf709	`- added sss_client`
		ecf709
		ecf709	`* Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2`
		ecf709	`- Small cleanup and fixes in the spec file`
		ecf709
		ecf709	`* Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1`
		ecf709	`- Initial release (based on version 0.1.0 upstream code)`

rpms / sssd

Source Code

Blame SPECS/sssd.spec