sssd 2.2.3-3ubuntu0.4 source package in Ubuntu
Changelog
sssd (2.2.3-3ubuntu0.4) focal; urgency=medium
[ Marco Trevisan ]
* debian/control:
- Add missing (test) dependencies as per libcrypto usage (LP: #1905790)
- Update Maintainer to Ubuntu devs
* debian/rules: Compile using libcrypto as crypto backend (LP: #1905790)
* debian/nss-database-pem-exporter: Add to sssd-common and run on postinst.
When upgrading from previous versions (that were compiled using the NSS
crypto backend) we need to migrate the trusted CA certificates that the
user may have added to the SSSD's NSS system database (that defaults to
/etc/pki/nssdb).
To do this, and not to introduce a new dependency on libnss3-tools
(which is not shipped by default, other than making the parsing not
working in some scenarios) I've added a small C tool that we compile and
install as part of the sssd-common package which is able to get all the
trusted CA certificates for a NSS database and export them in PEM
format.
The nss-database-pem-exporter is then used in the postinst script where
we now:
1. Read the SSSD settings
2. Convert all the certificates in the configured NSS databases
3. Store them all, appending them to the (new) default location
(/etc/sssd/pki/sssd_auth_ca_db.pem)
4. Disables the configured locations if pointing to NSS dbs (needed or
we'll leave the configuration with broken values).
At this point nss-database-pem-exporter is then the only binary in the
package that still depends on NSS libraries. (LP: #1905790)
* debian/patches:
- Get libsofthsm2 from right path for each architecture, this is now used
for real (wasn't before) to test p11k components with libcrypto and
p11-kit, also avoids a test build failure on armhf (LP: #1905790)
[ Valters Jansons ]
* Avoid sending malformed SYSLOG_IDENTIFIER to journald (LP: #1908065):
- d/rules: Set --with-syslog=journald in override_dh_auto_configure.
- d/p/lp-1908065-01-debug_prg_name-format.patch:
Upstream patch to clean up program names.
- d/p/lp-1908065-02-syslog_identifier-format.patch:
Upstream patch to include "sssd[]" identifier in program names.
- d/p/lp-1908065-03-remove-syslog_identifier.patch:
Upstream patch to remove custom SYSLOG_IDENTIFIER from Journald.
-- Marco Trevisan (Treviño) <email address hidden> Thu, 11 Feb 2021 15:31:14 -0500
Upload details
- Uploaded by:
- Marco Trevisan (Treviño)
- Sponsored by:
- Sergio Durigan Junior
- Uploaded to:
- Focal
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- utils
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| sssd_2.2.3.orig.tar.gz | 6.6 MiB | 11565446290e7432dbd208c4db02fcb42ab17e853d8ba4f994af9a9c57bbbb11 |
| sssd_2.2.3-3ubuntu0.4.diff.gz | 130.8 KiB | 32e4fa2b01213e6a6539048e53a0878a6bbf948966da61edebfea493a13efc63 |
| sssd_2.2.3-3ubuntu0.4.dsc | 4.8 KiB | 6dabf5a46759c273c79e5525a01d436b2d8981e98cdac3c8328ee62cfa260f74 |
Available diffs
Binary packages built by this source
- libipa-hbac-dev: FreeIPA HBAC Evaluator library -- development files
Utility library to validate FreeIPA HBAC rules for authorization requests.
.
This package contains header files and symlinks to develop programs which will
use the libipa-hbac library.
- libipa-hbac0: FreeIPA HBAC Evaluator library
Utility library to validate FreeIPA HBAC rules for authorization requests.
- libipa-hbac0-dbgsym: debug symbols for libipa-hbac0
- libnss-sss: Nss library for the System Security Services Daemon
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
.
This package provide the nss library to connect to the sssd daemon.
- libnss-sss-dbgsym: debug symbols for libnss-sss
- libpam-sss: Pam module for the System Security Services Daemon
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
.
This package provide the pam module to connect to the sssd daemon.
- libpam-sss-dbgsym: debug symbols for libpam-sss
- libsss-certmap-dev: Certificate mapping library for SSSD -- development files
Utility library to map certificates to users based on rules.
.
This package contains header files and symlinks to develop programs which will
use the libsss-certmap library.
- libsss-certmap0: Certificate mapping library for SSSD
Library to map certificates to users based on rules.
- libsss-certmap0-dbgsym: debug symbols for libsss-certmap0
- libsss-idmap-dev: ID mapping library for SSSD -- development files
Utility library to convert SIDs to Unix uids and gids.
.
This package contains header files and symlinks to develop programs which will
use the libsss-idmap library.
- libsss-idmap0: ID mapping library for SSSD
Utility library to convert SIDs to Unix uids and gids.
- libsss-idmap0-dbgsym: debug symbols for libsss-idmap0
- libsss-nss-idmap-dev: SID based lookups library for SSSD -- development files
Utility library for SID based lookups.
.
This package contains header files and symlinks to develop programs which will
use the libsss-nss-idmap library.
- libsss-nss-idmap0: SID based lookups library for SSSD
Utility library for SID based lookups.
- libsss-nss-idmap0-dbgsym: debug symbols for libsss-nss-idmap0
- libsss-simpleifp-dev: SSSD D-Bus responder helper library -- development files
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
.
This package contains header files and symlinks to develop programs which will
use the libsss-simpleifp0 library.
- libsss-simpleifp0: SSSD D-Bus responder helper library
Provides library that simplifies D-Bus API for the SSSD InfoPipe responder.
- libsss-simpleifp0-dbgsym: debug symbols for libsss-simpleifp0
- libsss-sudo: Communicator library for sudo
Utility library to allow communication between sudo and SSSD for caching
sudo rules by SSSD.
- libsss-sudo-dbgsym: debug symbols for libsss-sudo
- libwbclient-sssd: SSSD libwbclient implementation
The SSSD libwbclient implementation.
- libwbclient-sssd-dbgsym: debug symbols for libwbclient-sssd
- libwbclient-sssd-dev: SSSD libwbclient implementation -- development files
The SSSD libwbclient implementation.
.
This package contains header files and symlinks to develop programs which will
use the libwbclient-sssd library.
- python3-libipa-hbac: Python3 bindings for the FreeIPA HBAC Evaluator library
The libipa_hbac-python contains the bindings so that libipa_hbac can be
used by Python applications.
.
This package installs the library for Python 3.
- python3-libipa-hbac-dbgsym: debug symbols for python3-libipa-hbac
- python3-libsss-nss-idmap: Python3 bindings for the SID lookups library
This package contains the bindings for libnss_sss_idmap to be used by
Python applications.
.
This package installs the library for Python 3.
- python3-libsss-nss-idmap-dbgsym: debug symbols for python3-libsss-nss-idmap
- python3-sss: Python3 module for the System Security Services Daemon
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
.
This package provide a module to access the configuration of the sssd daemon.
.
This package installs the library for Python 3.
- python3-sss-dbgsym: debug symbols for python3-sss
- sssd: System Security Services Daemon -- metapackage
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
.
This package is a metapackage which installs the daemon and existing
authentication back ends.
- sssd-ad: System Security Services Daemon -- Active Directory back end
Provides the Active Directory back end that the SSSD can utilize to fetch
identity data from and authenticate against an Active Directory server.
- sssd-ad-common: System Security Services Daemon -- PAC responder
Provides the PAC responder that the AD and IPA backends can use for
fetching additional attributes from the kerberos ticket.
- sssd-ad-common-dbgsym: debug symbols for sssd-ad-common
- sssd-ad-dbgsym: debug symbols for sssd-ad
- sssd-common: System Security Services Daemon -- common files
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
.
This package provides the daemon and other common files needed by the
authentication back ends.
- sssd-common-dbgsym: debug symbols for sssd-common
- sssd-dbus: System Security Services Daemon -- D-Bus responder
Provides the D-Bus responder called InfoPipe, that allows the information
from the SSSD to be transmitted over the system bus.
- sssd-dbus-dbgsym: debug symbols for sssd-dbus
- sssd-ipa: System Security Services Daemon -- IPA back end
Provides the IPA back end that the SSSD can utilize to fetch identity data
from and authenticate against an IPA server.
- sssd-ipa-dbgsym: debug symbols for sssd-ipa
- sssd-kcm: System Security Services Daemon -- Kerberos KCM server implementation
Provides an implementation of a Kerberos KCM server. Use this package if
you want to use the KCM: Kerberos credentials cache.
- sssd-kcm-dbgsym: debug symbols for sssd-kcm
- sssd-krb5: System Security Services Daemon -- Kerberos back end
Provides the Kerberos back end that the SSSD can utilize authenticate
against a Kerberos server.
- sssd-krb5-common: System Security Services Daemon -- Kerberos helpers
Provides helper processes that the LDAP and Kerberos back ends can use for
Kerberos user or host authentication.
- sssd-krb5-common-dbgsym: debug symbols for sssd-krb5-common
- sssd-krb5-dbgsym: debug symbols for sssd-krb5
- sssd-ldap: System Security Services Daemon -- LDAP back end
Provides the LDAP back end that the SSSD can utilize to fetch identity data
from and authenticate against an LDAP server.
- sssd-ldap-dbgsym: debug symbols for sssd-ldap
- sssd-proxy: System Security Services Daemon -- proxy back end
Provides the proxy back end which can be used to wrap an existing NSS and/or
PAM modules to leverage SSSD caching.
- sssd-proxy-dbgsym: debug symbols for sssd-proxy
- sssd-tools: System Security Services Daemon -- tools
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
.
This package provides tools to manage users, groups and nested groups when
using the local id provider.
- sssd-tools-dbgsym: debug symbols for sssd-tools
