sssd security, bug fix, and enhancement update

[1.5.1-37]

• Reverts: rhbz#680443 - Dynamic DNS update fails if multiple servers are

•                     given in ipa_server config option
  

[1.5.1-36]

• Resolves: rhbz#709333 - sssd. should require sssd-client.
  [1.5.1-35]
• Resolves: rhbz#707340 - latest sssd fails if ldap_default_authtok_type is

•                     not mentioned
  

• Resolves: rhbz#707574 - SSSD’s async resolver only tries the first

•                     nameserver in /etc/resolv.conf
  

[1.5.1-34]

• Resolves: rhbz#701702 - sssd client libraries use select() but should use

•                     poll() instead
  

[1.5.1-33]

• Related: rhbz#700858 - Automatic TGT renewal overwrites cached password
• Fix segfault in TGT renewal
  [1.5.1-32]
• Resolves: rhbz#700858 - Automatic TGT renewal overwrites cached password
  [1.5.1-30]
• Resolves: rhbz#696979 - Filters not honoured against fully-qualified users
  [1.5.1-29]
• Resolves: rhbz#694149 - SSSD consumes GBs of RAM, possible memory leak
  [1.5.1-28]
• Related: rhbz#691900 - SSSD needs to fall back to ‘cn’ for GECOS

•                     information
  

[1.5.1-27]

• Related: rhbz#694853 - SSSD crashes during getent when anonymous bind is

•                     disabled
  

[1.5.1-26]

• Resolves: rhbz#695476 - Unable to resolve SRV record when called with
  [in ldap_uri]
• Related: rhbz#694853 - SSSD crashes during getent when anonymous bind is

•                     disabled
  

[1.5.1-25]

• Resolves: rhbz#694853 - SSSD crashes during getent when anonymous bind is

•                     disabled
  

[1.5.1-24]

• Resolves: rhbz#692960 - Process /usr/libexec/sssd/sssd_be was killed by

•                     signal 11 (SIGSEGV)
  

•                     Fix is to not attempt to resolve nameless servers
  

[1.5.1-23]

• Resolves: rhbz#691900 - SSSD needs to fall back to ‘cn’ for GECOS

•                     information
  

[1.5.1-21]

• Resolves: rhbz#690867 - Groups with a zero-length memberuid attribute can

•                     cause SSSD to stop caching and responding to
  

•                     requests
  

[1.5.1-20]

• Resolves: rhbz#690287 - Traceback messages seen while interrupting

•                     sss_obfuscate using ctrl+d
  

• Resolves: rhbz#690814 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process

•                     /usr/libexec/sssd/sssd_be was killed by signal 11
  

•                     (SIGSEGV)
  

[1.5.1-19]

• Related: rhbz#690096 - SSSD should skip over groups with multiple names
  [1.5.1-18]
• Resolves: rhbz#690093 - SSSD breaks on RDNs with a comma in them
• Resolves: rhbz#690096 - SSSD should skip over groups with multiple names
• Resolves: rhbz#689887 - group memberships are not populated correctly during

•                     IPA provider initgroups
  

• Resolves: rhbz#688697 - Skip users and groups that have incomplete contents
• Resolves: rhbz#688694 - authconfig fails when access_provider is set as krb5

•                     in sssd.conf
  

[1.5.1-17]

• Resolves: rhbz#688677 - Build SSSD in RHEL 5.7 against openldap24-libs
• Adds support for following LDAP referrals and using Mozilla NSS for crypto
• support
  [1.5.1-16]
• Resolves: rhbz#683260 - sudo/ldap lookup via sssd gets stuck for 5min

•                     waiting on netgroup
  

• Resolves: rhbz#683585 - sssd consumes 100% CPU
• Related: rhbz#680441 - sssd does not handle kerberos server IP change
  [1.5.1-15]
• Related: rhbz#680441 - sssd does not handle kerberos server IP change
• SSSD was staying with the old server if it was still online
  [1.5.1-14]
• Resolves: rhbz#682853 - IPA provider should use realm instead of ipa_domain

•                     for base DN
  

[1.5.1-13]

• Resolves: rhbz#682803 - sssd-be segmentation fault - ipa-client on

•                     ipa-server
  

• Resolves: rhbz#680441 - sssd does not handle kerberos server IP change
• Resolves: rhbz#680443 - Dynamic DNS update fails if multiple servers are

•                     given in ipa_server config option
  

• Resolves: rhbz#680933 - Do not delete sysdb memberOf if there is no memberOf

•                     attribute on the server
  

• Resolves: rhbz#682808 - sssd_nss core dumps with certain lookups
  [1.5.1-12]
• Related: rhbz#679087 - SSSD IPA provider should honor the krb5_realm option
• Related: rhbz#678615 - SSSD needs to look at IPA’s compat tree for netgroups
  [1.5.1-11]
• Resolves: rhbz#679087 - SSSD IPA provider should honor the krb5_realm option
• Resolves: rhbz#679097 - Does not read renewable ccache at startup
  [1.5.1-10]
• Resolves: rhbz#678606 - User information not updated on login for secondary

•                     domains
  

• Resolves: rhbz#678778 - IPA provider does not update removed group

•                     memberships on initgroups
  

[1.5.1-9]

• Resolves: rhbz#678780 - sssd crashes at the next tgt renewals it tries
• Resolves: rhbz#678412 - name service caches names, so id command shows

•                     recently deleted users
  

• Resolves: rhbz#678615 - SSSD needs to look at IPA’s compat tree for

•                     netgroups
  

[1.5.1-8]

• Related: rhbz#665314 - Rebase SSSD to 1.5 in RHEL 5.7
• Fix generation of translated manpages
  [1.5.1-7]
• Resolves: rhbz#665314 - Rebase SSSD to 1.5 in RHEL 5.7
• Resolves: rhbz#676027 - sssd segfault when first entry of ldap_uri is

•                     unreachable
  

• Resolves: rhbz#678032 - Remove HBAC time rules from SSSD
• Resolves: rhbz#675007 - sssd corrupts group cache
• Resolves: rhbz#608864 - [RFE] Support obfuscated passwords in the SSSD

•                     configuration