SYSLOG_IDENTIFIER
was renamed to SSSD_PRG_NAME
in journald output, to avoid issues with PID parsing in rsyslog (BSD-style forwarder) output. pam_sss_gss
for authentication using GSSAPI case_sensitive=Preserving
can now be set for trusted domains with AD provider case_sensitive=Preserving
can now be set for trusted domains with IPA provider. However, the option needs to be set to Preserving
on both client and the server for it to take effect. case_sensitive
option can be now inherited by subdomains case_sensitive
can be now set separately for each subdomain in [domain/parent/subdomain]
section krb5_use_subdomain_realm=True
can now be used when sub-domain user principal names have upnSuffixes which are not known in the parent domain. SSSD will try to send the Kerberos request directly to a KDC of the sub-domain.pam_sss_gss.so
PAM module and pam_sss_gss.8
manual page debug_level
is 0x0070 pam_gssapi_check_upn
to enforce authentication only with principal that can be associated with target user. pam_gssapi_services
to list PAM services that can authenticate using GSSAPIsudo dnf upgrade --refresh --advisory=FEDORA-2021-b4adb66f7d
Please login to add feedback.
This update has been submitted for testing by pbrezina.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
no regressions noted
This update can be pushed to stable now if the maintainer wishes
Works
This update has been submitted for stable by bodhi.
This update has been pushed to stable.