SYSLOG_IDENTIFIER was renamed to SSSD_PRG_NAME in journald output, to avoid issues with PID parsing in rsyslog (BSD-style forwarder) output. pam_sss_gss for authentication using GSSAPI case_sensitive=Preserving can now be set for trusted domains with AD provider case_sensitive=Preserving can now be set for trusted domains with IPA provider. However, the option needs to be set to Preserving on both client and the server for it to take effect. case_sensitive option can be now inherited by subdomains case_sensitive can be now set separately for each subdomain in [domain/parent/subdomain] section krb5_use_subdomain_realm=True can now be used when sub-domain user principal names have upnSuffixes which are not known in the parent domain. SSSD will try to send the Kerberos request directly to a KDC of the sub-domain.pam_sss_gss.so PAM module and pam_sss_gss.8 manual page debug_level is 0x0070 pam_gssapi_check_upn to enforce authentication only with principal that can be associated with target user. pam_gssapi_services to list PAM services that can authenticate using GSSAPIsudo dnf upgrade --refresh --advisory=FEDORA-2021-b4adb66f7dPlease login to add feedback.
This update has been submitted for testing by pbrezina.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
no regressions noted
This update can be pushed to stable now if the maintainer wishes
Works
This update has been submitted for stable by bodhi.
This update has been pushed to stable.