[Freeipa-devel] [SSSD] Announcing SSSD 1.9.0 beta 2
Stephen Gallagher
sgallagh at redhat.com
Mon Jun 18 14:12:59 UTC 2012
Ok, I have a bit of egg on my face here. I accidentally pushed a patch
related to the Kerberos DIR cache support that had a debugging "#if 0"
left in it. Because of this, DIR cache support is actually
non-functional in 1.9.0 beta 2. I'm attaching a patch to fix this to
this email (already pushed upstream) so anyone who wants to build beta 2
to try out the DIR cache support must apply this patch for it to work.
We decided not to reroll the beta for this one patch, since beta 3 is
being released on Friday anyway.
On Fri, 2012-06-15 at 15:22 -0400, Stephen Gallagher wrote:
> The SSSD team is proud to announce the second beta of our upcoming 1.9.0
> release. We have revised our beta plan and will be having five betas
> instead of three as originally communicated. Originally, the plan was to
> have our next beta be the final one, at the end of July. We now have the
> following schedule:
>
> Beta 3 will be released next Friday (Jun 22nd) or the following Monday
> and contain enhancements necessary to support Kerberos cross-realm
> trusts with FreeIPA, a server-side piece of which will be released a few
> days after.
>
> Beta 4 will be released on July 10th and include a new AD provider
> (wrapping the intricacies of setting up AD, configuring LDAP attributes
> and Kerberos realm into a simpler set of configuration options)
>
> Beta 5 will be released on July 31st and will contain a new tool for
> "seeding" accounts with a temporary password for sending machines to
> remotees as well as introducing a concept of primary vs. secondary
> servers.
>
> After Beta 5, no new features will be added to SSSD 1.9.0 and we will
> focus on stability and our backlog of bugfixes until the final release
> around September 1st. We will most likely issue a series of release
> candidate builds prior to that, but these have not yet been scheduled.
>
> As always, you can download the latest sources at
> https://fedorahosted.org/sssd/
>
>
> == Highlights ==
> * Add support for the Kerberos DIR cache for storing multiple TGTs
> automatically
> * Major performance enhancement when storing large groups in the cache
> * Major performance enhancement when performing initgroups() against
> Active Directory
> * SSSDConfig data file default locations can now be set during
> configure for easier packaging
>
> == Tickets Fixed ==
> https://fedorahosted.org/sssd/ticket/974
> [RFE] Support DIR: credential caches for multiple TGT support
>
> https://fedorahosted.org/sssd/ticket/984
> RFE: sssd should support Netscape LDAP password expiration controls
>
> https://fedorahosted.org/sssd/ticket/1213
> Warn to syslog when dereference requests fail
>
> https://fedorahosted.org/sssd/ticket/1240
> sudo: contact data provider only once
>
> https://fedorahosted.org/sssd/ticket/1255
> RFE: change the way we deal with fake users
>
> https://fedorahosted.org/sssd/ticket/1256
> Document the expectations about ghost users showing in the lookups
>
> https://fedorahosted.org/sssd/ticket/1330
> Potential NULL dereference in sss_krb5_read_etypes_for_keytab
>
> https://fedorahosted.org/sssd/ticket/1336
> Please only use named parameters in translatable strings
>
> https://fedorahosted.org/sssd/ticket/1337
> Minor typos in SSSD messages and man pages
>
> https://fedorahosted.org/sssd/ticket/1346
> in-memory cache causes nss to segfault if it cannot be initialized
> properly
>
> https://fedorahosted.org/sssd/ticket/1367
> Optimize AD memberOf lookups with LDAP_MATCHING_RULE_IN_CHAIN
>
> == Detailed Changelog ==
> Ariel Barria (3):
> * Potential NULL dereference in proxy provider
> * Warn to syslog when dereference requests fail
> * Clarify how comments work in sssd.conf
>
> Jakub Hrozek (20):
> * NSS: keep a pointer to body after body is reallocated
> * Use sized_string correctly in FQDN domains
> * Use the sysdb attribute name, not LDAP attribute name
> * LDAP nested groups: Do not process callback with _post deep in the
> nested structure
> * Send 16bit protocol numbers from the sss_client
> * Revert the client packet length, too, after reverting the packet
> protocol
> * Fix the default sssd.conf path
> * Fix the 0.11 sysdb upgrade
> * sss_names_init: Report correct error code if allocation failed
> * Two small krb5_child fixes
> * Provide more debugging in krb5_child and ldap_child
> * Allow redefining the KRB5_CHILD path
> * Split parse_krb5_child_response so it can be reused
> * Add a krb5_child test tool
> * Residual util functions
> * Handle trailing slash in the ccname template
> * Add a credential cache back end structure
> * Add support for storing credential caches in the DIR: back end
> * Use Kerberos context in KRB5_DEBUG
> * Make krb5_ccname_template and krb5_ccachedir configurable
>
> Jan Cholasta (3):
> * SSH: Update sss_ssh_knownhostsproxy manual page
> * SSH: Supress error message output in sss_ssh_knownhostsproxy
> * SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS
> records are missing
>
> Jan Zeleny (20):
> * Fixed two minor memory leaks
> * Fixed issue in SELinux user maps
> * Ghost members - add the ghost attribute to sysdb
> * Ghost members - support in LDAP provider
> * Ghost members - support in proxy provider
> * Ghost members - modifications in sysdb
> * Ghost members - modifications in memberof plugin
> * Ghost members - sysdb upgrade routine
> * Ghost members - NSS responder changes
> * Ghost members - removed sdap_check_aliases()
> * Ghost members - modified sss_groupshow
> * Ghost members - various small changes
> * Add support for filtering atributes
> * Utilize attribute exclusion in LDAP initgroups
> * Fixed setting of debug level in test suite
> * IPA subdomains - ask for information about master domain
> * Allow fast memcache timeout to be configurable
> * Fix an issue in ghost users
> * Provide "service filter" for SELinux context
> * Fixed debug message in sdap_save_group()
>
> Joshua Roys (1):
> * Simple implementation of Netscape password warning expiration control
>
> Nick Guay (1):
> * added DEBUG messages to krb5_child and ldap_child
>
> Stef Walter (1):
> * Make re_expression and full_name_format per domain options
>
> Stephen Gallagher (27):
> * Bumping version ton 1.8.92 for beta 2 development
> * RPM: Allow running 'make rpms' on RHEL 5 machines
> * NSS: Expire in-memory netgroup cache before the nowait timeout
> * Always use positional arguments in translatable strings
> * KRB5: Avoid NULL-dereference with empty keytab
> * Update translation sources
> * NSS: Fix segfault when mmap cache cannot be initialized
> * NSS: Restore original protocol for getservbyport
> * SSSDConfig: Make SSSDConfig a package
> * SSSDConfig: Make default config and schema file locations
> configurable
> * PAM: Better pam_reply message
> * SYSDB: Reduce noise level of debug messages in lookups
> * LDAP: Remove redundant check
> * LDAP: Fix incorrect switch statement in sdap_get_initgr_done()
> * LDAP: Add helper function to get list of a user's groups from sysdb
> * LDAP: Make sdap_initgr_common_store() non-static
> * LDAP: Add ldap_*_use_matching_rule_in_chain options
> * LDAP: Add support for AD chain matching extension in group lookups
> * LDAP: Add support for AD chain matching extension in initgroups
> * LDAP: Auto-detect support for the ldap match rule
> * LDAP: Fix missing variable in debug message
> * SSS_CLIENT: Fix uninitialized value error
> * Fix compilation on older little-endian systems
> * KRB5: Update DEBUG macros for create_ccache_dir and
> find_ccdir_parent_data
> * KRB5: Auto-detect DIR cache support in configure
> * KRB5: Avoid shadowing dirname
> * Updating translations for 1.9.0 beta 2 release
>
> Sumit Bose (4):
> * Rename struct dom_sid to struct sss_dom_sid
> * Fix libsss_hbac library version
> * sss_idmap: add support for samba struct dom_sid
> * sss_idmap: fix typo which prevents sub auth larger then 2^31
>
> Yuri Chornoivan (1):
> * Fix typos in message and man pages.
>
> _______________________________________________
> sssd-devel mailing list
> sssd-devel at lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-typo-breaking-DIR-cache-detection.patch
Type: text/x-patch
Size: 940 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120618/a91080a9/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120618/a91080a9/attachment.sig>
More information about the Freeipa-devel
mailing list