[Freeipa-devel] [SSSD] Announcing SSSD 1.9.0 beta 2

Stephen Gallagher sgallagh at redhat.com
Mon Jun 18 14:12:59 UTC 2012 

Ok, I have a bit of egg on my face here. I accidentally pushed a patch
related to the Kerberos DIR cache support that had a debugging "#if 0"
left in it. Because of this, DIR cache support is actually
non-functional in 1.9.0 beta 2. I'm attaching a patch to fix this to
this email (already pushed upstream) so anyone who wants to build beta 2
to try out the DIR cache support must apply this patch for it to work.

We decided not to reroll the beta for this one patch, since beta 3 is
being released on Friday anyway.

On Fri, 2012-06-15 at 15:22 -0400, Stephen Gallagher wrote:
> The SSSD team is proud to announce the second beta of our upcoming 1.9.0
> release. We have revised our beta plan and will be having five betas
> instead of three as originally communicated. Originally, the plan was to
> have our next beta be the final one, at the end of July. We now have the
> following schedule:
> 
> Beta 3 will be released next Friday (Jun 22nd) or the following Monday
> and contain enhancements necessary to support Kerberos cross-realm
> trusts with FreeIPA, a server-side piece of which will be released a few
> days after.
> 
> Beta 4 will be released on July 10th and include a new AD provider
> (wrapping the intricacies of setting up AD, configuring LDAP attributes
> and Kerberos realm into a simpler set of configuration options)
> 
> Beta 5 will be released on July 31st and will contain a new tool for
> "seeding" accounts with a temporary password for sending machines to
> remotees as well as introducing a concept of primary vs. secondary
> servers.
> 
> After Beta 5, no new features will be added to SSSD 1.9.0 and we will
> focus on stability and our backlog of bugfixes until the final release
> around September 1st. We will most likely issue a series of release
> candidate builds prior to that, but these have not yet been scheduled.
> 
> As always, you can download the latest sources at
> https://fedorahosted.org/sssd/
> 
> 
> == Highlights ==
>  * Add support for the Kerberos DIR cache for storing multiple TGTs
> automatically
>  * Major performance enhancement when storing large groups in the cache
>  * Major performance enhancement when performing initgroups() against
> Active Directory
>  * SSSDConfig data file default locations can now be set during
> configure for easier packaging
> 
> == Tickets Fixed ==
> https://fedorahosted.org/sssd/ticket/974
>     [RFE] Support DIR: credential caches for multiple TGT support
>     
> https://fedorahosted.org/sssd/ticket/984
>     RFE: sssd should support Netscape LDAP password expiration controls
>     
> https://fedorahosted.org/sssd/ticket/1213
>     Warn to syslog when dereference requests fail
>     
> https://fedorahosted.org/sssd/ticket/1240
>     sudo: contact data provider only once
>     
> https://fedorahosted.org/sssd/ticket/1255
>     RFE: change the way we deal with fake users
>     
> https://fedorahosted.org/sssd/ticket/1256
>     Document the expectations about ghost users showing in the lookups
>     
> https://fedorahosted.org/sssd/ticket/1330
>     Potential NULL dereference in sss_krb5_read_etypes_for_keytab
>     
> https://fedorahosted.org/sssd/ticket/1336
>     Please only use named parameters in translatable strings
>     
> https://fedorahosted.org/sssd/ticket/1337
>     Minor typos in SSSD messages and man pages
>     
> https://fedorahosted.org/sssd/ticket/1346
>     in-memory cache causes nss to segfault if it cannot be initialized
> properly
>     
> https://fedorahosted.org/sssd/ticket/1367
>     Optimize AD memberOf lookups with LDAP_MATCHING_RULE_IN_CHAIN
> 
> == Detailed Changelog ==
> Ariel Barria (3):
>  * Potential NULL dereference in proxy provider
>  * Warn to syslog when dereference requests fail
>  * Clarify how comments work in sssd.conf
> 
> Jakub Hrozek (20):
>  * NSS: keep a pointer to body after body is reallocated
>  * Use sized_string correctly in FQDN domains
>  * Use the sysdb attribute name, not LDAP attribute name
>  * LDAP nested groups: Do not process callback with _post deep in the
> nested structure
>  * Send 16bit protocol numbers from the sss_client
>  * Revert the client packet length, too, after reverting the packet
> protocol
>  * Fix the default sssd.conf path
>  * Fix the 0.11 sysdb upgrade
>  * sss_names_init: Report correct error code if allocation failed
>  * Two small krb5_child fixes
>  * Provide more debugging in krb5_child and ldap_child
>  * Allow redefining the KRB5_CHILD path
>  * Split parse_krb5_child_response so it can be reused
>  * Add a krb5_child test tool
>  * Residual util functions
>  * Handle trailing slash in the ccname template
>  * Add a credential cache back end structure
>  * Add support for storing credential caches in the DIR: back end
>  * Use Kerberos context in KRB5_DEBUG
>  * Make krb5_ccname_template and krb5_ccachedir configurable
> 
> Jan Cholasta (3):
>  * SSH: Update sss_ssh_knownhostsproxy manual page
>  * SSH: Supress error message output in sss_ssh_knownhostsproxy
>  * SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS
> records are missing
> 
> Jan Zeleny (20):
>  * Fixed two minor memory leaks
>  * Fixed issue in SELinux user maps
>  * Ghost members - add the ghost attribute to sysdb
>  * Ghost members - support in LDAP provider
>  * Ghost members - support in proxy provider
>  * Ghost members - modifications in sysdb
>  * Ghost members - modifications in memberof plugin
>  * Ghost members - sysdb upgrade routine
>  * Ghost members - NSS responder changes
>  * Ghost members - removed sdap_check_aliases()
>  * Ghost members - modified sss_groupshow
>  * Ghost members - various small changes
>  * Add support for filtering atributes
>  * Utilize attribute exclusion in LDAP initgroups
>  * Fixed setting of debug level in test suite
>  * IPA subdomains - ask for information about master domain
>  * Allow fast memcache timeout to be configurable
>  * Fix an issue in ghost users
>  * Provide "service filter" for SELinux context
>  * Fixed debug message in sdap_save_group()
> 
> Joshua Roys (1):
>  * Simple implementation of Netscape password warning expiration control
> 
> Nick Guay (1):
>  * added DEBUG messages to krb5_child and ldap_child
> 
> Stef Walter (1):
>  * Make re_expression and full_name_format per domain options
> 
> Stephen Gallagher (27):
>  * Bumping version ton 1.8.92 for beta 2 development
>  * RPM: Allow running 'make rpms' on RHEL 5 machines
>  * NSS: Expire in-memory netgroup cache before the nowait timeout
>  * Always use positional arguments in translatable strings
>  * KRB5: Avoid NULL-dereference with empty keytab
>  * Update translation sources
>  * NSS: Fix segfault when mmap cache cannot be initialized
>  * NSS: Restore original protocol for getservbyport
>  * SSSDConfig: Make SSSDConfig a package
>  * SSSDConfig: Make default config and schema file locations
> configurable
>  * PAM: Better pam_reply message
>  * SYSDB: Reduce noise level of debug messages in lookups
>  * LDAP: Remove redundant check
>  * LDAP: Fix incorrect switch statement in sdap_get_initgr_done()
>  * LDAP: Add helper function to get list of a user's groups from sysdb
>  * LDAP: Make sdap_initgr_common_store() non-static
>  * LDAP: Add ldap_*_use_matching_rule_in_chain options
>  * LDAP: Add support for AD chain matching extension in group lookups
>  * LDAP: Add support for AD chain matching extension in initgroups
>  * LDAP: Auto-detect support for the ldap match rule
>  * LDAP: Fix missing variable in debug message
>  * SSS_CLIENT: Fix uninitialized value error
>  * Fix compilation on older little-endian systems
>  * KRB5: Update DEBUG macros for create_ccache_dir and
> find_ccdir_parent_data
>  * KRB5: Auto-detect DIR cache support in configure
>  * KRB5: Avoid shadowing dirname
>  * Updating translations for 1.9.0 beta 2 release
> 
> Sumit Bose (4):
>  * Rename struct dom_sid to struct sss_dom_sid
>  * Fix libsss_hbac library version
>  * sss_idmap: add support for samba struct dom_sid
>  * sss_idmap: fix typo which prevents sub auth larger then 2^31
> 
> Yuri Chornoivan (1):
>  * Fix typos in message and man pages.
> 
> _______________________________________________
> sssd-devel mailing list
> sssd-devel at lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Fix-typo-breaking-DIR-cache-detection.patch
Type: text/x-patch
Size: 940 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120618/a91080a9/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120618/a91080a9/attachment.sig>

More information about the Freeipa-devel mailing list