| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
| Name: python3-sssd-config | Distribution: openSUSE Tumbleweed |
| Version: 2.12.0 | Vendor: openSUSE |
| Release: 1.2 | Build date: Thu Jan 15 17:47:44 2026 |
| Group: Development/Libraries/Python | Build host: reproducible |
| Size: 292885 | Source RPM: sssd-2.12.0-1.2.src.rpm |
| Packager: https://bugs.opensuse.org | |
| Url: https://github.com/SSSD/sssd | |
| Summary: Python API for configuring sssd | |
Provide python module to access and manage configuration of the System Security Services Daemon (sssd).
GPL-3.0-or-later AND LGPL-3.0-or-later
* Thu Jan 15 2026 Jan Engelhardt <jengelh@inai.de>
- Update to release 2.12.0
* Fixed CVE-2025-11561 by disabling an2ln in the default
implicitly created Kerberos configuration snippet, typically in
/var/lib/sss/pubconf/krb5.include.d/localauth_plugin.
* SSSD now allows using machine credentials from a trusted AD
domain or Kerberos realm if no suitable domain-local
credentials are available.
* SSSD now supports authentication mechanism selection through
PAM using a JSON-based protocol. This feature enables
passwordless authentication mechanisms in GUI login
environments that support the protocol (e.g. GNOME 50).
* The generic SSSD LDAP provider (id_provider = ldap) now
supports fetching subid ranges, a feature previously supported
only by the IPA provider.
* The default value of the `session_provider` option was changed
to `none` (i.e. disabled) no matter what id_provider is used.
- Delete 0002-krb5-disable-Kerberos-localauth-an2ln-plugin-for-AD-.patch
(merged)
* Tue Nov 18 2025 Samuel Cabrero <scabrero@suse.de>
- Disable Kerberos localauth an2ln plugin for AD; (CVE-2025-11561);
(bsc#1251827);
add 0002-krb5-disable-Kerberos-localauth-an2ln-plugin-for-AD-.patch
* Thu Jul 31 2025 Jan Engelhardt <jengelh@inai.de>
- Update to release 2.11.1
* Fixed AD users in external groups not being cleared once the
cache expires.
* Fixed `cache_credentials=true` not having any effect.
* Fixed socket activation not having an effect for sssd_pam.
* Fri Jul 18 2025 Jan Engelhardt <jengelh@inai.de>
- Add logrotate.patch [boo#1246537]
* Wed Jun 11 2025 Samuel Cabrero <scabrero@suse.de>
- Install file in krb5.conf.d to include sssd krb5 config snippets;
(bsc#1244325);
* Thu Jun 05 2025 Jan Engelhardt <jengelh@inai.de>
- Update to release 2.11
* The deprecated tool `sss_ssh_knownhostsproxy` was finally
removed.
* Support for `id_provider = files` was removed.
* SSSD doesn't create any more missing path components of
DIR:/FILE: ccache types while acquiring user's TGT.
* New generic id and auth provider for Identity Providers (IdPs)
for Keycloak/EntraID. [Not enabled in openSUSE for now.]
* Tue Mar 11 2025 Jan Engelhardt <jengelh@inai.de>
- Run mkdir/rm with verbose mode for the build log
* Thu Jan 30 2025 Jan Engelhardt <jengelh@inai.de>
- Update to release 2.10.2
* If the ssh responder is not running, sss_ssh_knownhosts will
not fail (but it will not return the keys).
* SSSD is now capable of handling multiple services associated
with the same port.
* sssd_pam, being a privileged binary, now clears the
environment and does not allow configuration of the
PR_SET_DUMPABLE flag as a precaution.
* Wed Jan 22 2025 Dominique Leuenberger <dimstar@opensuse.org>
- Drop build dependency on ncsd, which has been deprecated
(boo#1239262).
* Tue Jan 21 2025 Samuel Cabrero <scabrero@suse.de>
- Migrate away from update-alternatives, replaced by package
conflicts; (bsc#1235789); (bsc#1216739);
* Tue Dec 10 2024 Jan Engelhardt <jengelh@inai.de>
- Update to release 2.10.1
* SSSD does not create anymore missing path components of
DIR:/FILE: ccache types while acquiring user's TGT. The
parent directory of requested ccache directory must exist and
the user trying to log in must have rwx access to this
directory. This matches behavior of /usr/bin/kinit.
* The option default_domain_suffix is deprecated.
- Delete 0001-Configuration-make-sure-etc-sssd-and-everything.patch,
0001-INI-relax-config-files-checks.patch,
0001-INI-stop-using-libini_config-for-access-check.patch,
0001-sssd-always-print-path-when-config-object-is-rejecte.patch
(merged)
- Add 0001-TOOL-Fix-build-parameter-name-omitted.patch
* Tue Oct 15 2024 Jan Engelhardt <jengelh@inai.de>
- Update to release 2.10.0
* The ``sssctl cache-upgrade`` command was removed. SSSD
performs automatic upgrades at startup when needed.
* Support of ``enumeration`` feature (i.e. ability to list all
users/groups using ``getent passwd/group`` without argument)
for AD/IPA providers is deprecated and might be removed in
further releases.
* The new tool ``sss_ssh_knownhosts`` can be used with ssh's
``KnownHostsCommand`` configuration option to retrieve the
host's public keys from a remote server (FreeIPA, LDAP,
etc.). It replaces ```sss_ssh_knownhostsproxy``.
* The default value for ``ldap_id_use_start_tls`` changed from
false to true for improved security.
* https://github.com/SSSD/sssd/releases/tag/2.10.0
- Add 0001-sssd-always-print-path-when-config-object-is-rejecte.patch,
0001-INI-stop-using-libini_config-for-access-check.patch,
0001-INI-relax-config-files-checks.patch,
0001-Configuration-make-sure-etc-sssd-and-everything.patch
- Fix socket activation of responders
- Daemon runs now as unprivileged user 'sssd'
* Tue Oct 01 2024 Jan Engelhardt <jengelh@inai.de>
- Update filelists involving memberof.so and idmap/sss.so to
avoid gobbling up one file into multiple sssd subpackages.
(Between samba-4.20 and 4.21, %ldbdir changes from
/usr/lib64/ldb2/modules/ldb to /usr/lib64/samba/ldb, so now
`%_libdir/samba` is a bit too broad.)
* Wed Jul 17 2024 Samuel Cabrero <scabrero@suse.de>
- Fix spec file for openSUSE ALP and SUSE SLFO, where the
python3_fix_shebang_path RPM macro is not available
* Thu Jul 11 2024 Samuel Cabrero <scabrero@suse.de>
- Revert the change dropping the default configuration file. If
/usr/etc exists will be installed there, otherwise in /etc.
(bsc#1226157);
* Thu May 16 2024 Jan Engelhardt <jengelh@inai.de>
- Update to release 2.9.5
* Added failover_primary_timout configuration option. This can
be used to configure how often SSSD tries to reconnect to a
primary server after a successful connection to a backup
server. This was previously hardcoded to 31 seconds which is
kept as the default value.
* Fri Mar 08 2024 pgajdos@suse.com
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang_path macro, [bsc#1212476]
* Fri Jan 12 2024 Jan Engelhardt <jengelh@inai.de>
- Update to release 2.9.4
* Fixes a crash when PAM passkey processing incorrectly handles
non-passkey data.
* Fixed group membership handling when members are coming from
different forest domains and using ldap token groups is
prohibited.
* Files provider was erroneously taking into consideration
``local_auth_policy`` config option, thus breaking smartcard
authentication of local user in setups that did not explicitly
specify this option. This is now fixed.
* Tue Nov 21 2023 Samuel Cabrero <scabrero@suse.de>
- Adapt spec file for SLE 15 SP6/Leap 15.6; (jsc#PED-6714);
* Remove package sssd-common, merged into sssd
* Continue building deprecated files provider and infopipe
responder
* Disable selinux and semanage
* Provide rcsssd shortcut
* Fri Nov 17 2023 Samuel Cabrero <scabrero@suse.de>
- Fix spec file for Leap
* Fri Nov 17 2023 Samuel Cabrero <scabrero@suse.de>
- /usr/etc migration, restore /etc/sssd/sssd.conf.rpmsave after
update (bsc#1216865)
- Do not install the KRB5 IDP plugin, it is useless without the
OIDC child
- Drop no longer valid --without-secrets configure switch
* Mon Nov 13 2023 Jan Engelhardt <jengelh@inai.de>
- Update to release 2.9.3
* The proxy provider is now able to handle certificate mapping
and matching rules and users handled by the proxy provider can
be configured for local Smartcard authentication. Besides the
mapping rule local Smartcard authentication should be enabled
with the `local_auth_policy` option in the backend and with
`pam_cert_auth` in the PAM responder.
* Thu Nov 02 2023 Jan Engelhardt <jengelh@inai.de>
- Offer the sssd.conf template as %doc (for examples, do actually
see the "Examples" section of the sssd.conf(5) manpage)
* Tue Oct 31 2023 Samuel Cabrero <scabrero@suse.de>
- Update dependencies to require the same subpackages version and
release
- Fix /usr/etc migration fragment in wrong "%pre kcm" instead of
"%pre"
- Move sss_analyze to sssd-tools package
* Tue Oct 31 2023 Jan Engelhardt <jengelh@inai.de>
- Default config is unworkable, just stop installing it altogether
[boo#1216739]
* Thu Sep 07 2023 Jan Engelhardt <jengelh@inai.de>
- Update to release 2.9.2
* sssctl cert-show and cert-show cert-eval-rule can now be run as
non-root user.
* New option local_auth_policy is added to control which offline
authentication methods will be enabled by SSSD.
* Fix sssd entering failed state under heavy load by adding
watchdog to monitor sbus_call_DBus_Hello_send(); (bsc#1213283);
Drop SLE patch 0001-sssd-watchdog.patch
* Fri Jun 23 2023 Jan Engelhardt <jengelh@inai.de>
- Update to relese 2.9.1
* A regression was fixed that prevented autofs lookups to
function correctly when cache_first is set to True.
* A regression where SSSD failed to properly watch for changes
in ``/etc/resolv.conf`` when it was a symbolic link or was a
relative path, was fixed.
* ldap password policy: return failure if there are no grace logins
left; (bsc#1214434); Drop SLE patch
0006-ldap-return-failure-if-there-are-no-grace-logins-lef.patch
* Fri May 05 2023 Jan Engelhardt <jengelh@inai.de>
- Update to release 2.9
* The sss_simpleifp library is deprecated (and for openSUSE,
already removed)
* The "Files provider" (i.e. id_provider = files) is deprecated
(and for openSUSE, already removed)
* SSSD will no longer warn about changed defaults when using
ldap_schema = rfc2307 and default autofs mapping.
* New passkey functionality, which will allow the use of FIDO2
compliant devices to authenticate a centrally managed user
locally.
* Add support for ldapi:// URLs to allow connections to local
LDAP servers.
* NSS IDMAP has two new methods: getsidbyusername and
getsidbygroupname.
* Thu Jan 26 2023 Callum Farmer <gmbr3@opensuse.org>
- Move dbus-1 system.d file to /usr (bsc#1207586)
* Tue Jan 03 2023 Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d.
/usr/lib/python3.13/site-packages/SSSDConfig /usr/lib/python3.13/site-packages/SSSDConfig-2.12.0-py3.13.egg-info /usr/lib/python3.13/site-packages/SSSDConfig-2.12.0-py3.13.egg-info/PKG-INFO /usr/lib/python3.13/site-packages/SSSDConfig-2.12.0-py3.13.egg-info/SOURCES.txt /usr/lib/python3.13/site-packages/SSSDConfig-2.12.0-py3.13.egg-info/dependency_links.txt /usr/lib/python3.13/site-packages/SSSDConfig-2.12.0-py3.13.egg-info/top_level.txt /usr/lib/python3.13/site-packages/SSSDConfig/__init__.py /usr/lib/python3.13/site-packages/SSSDConfig/__pycache__ /usr/lib/python3.13/site-packages/SSSDConfig/__pycache__/__init__.cpython-313.pyc /usr/lib/python3.13/site-packages/SSSDConfig/__pycache__/ipachangeconf.cpython-313.pyc /usr/lib/python3.13/site-packages/SSSDConfig/__pycache__/sssdoptions.cpython-313.pyc /usr/lib/python3.13/site-packages/SSSDConfig/ipachangeconf.py /usr/lib/python3.13/site-packages/SSSDConfig/sssdoptions.py /usr/lib64/python3.13/site-packages/pysss.so
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Mar 5 22:58:08 2026