Publishing details
Changelog
sssd (2.2.3-3ubuntu0.13) focal; urgency=medium
* debian/patches: Backport support for 'partial_chain' cert verification.
Since the switch to libcrypto in SSSD 2.2.3-3ubuntu0.4 we require a
smart card certificate to be fully trusted by providing the whole CA
chain, while in previous versions a partial chain was enough.
SSSD did not support this, so backport the patches that add the ability to
enable the partial verification of the CA database.
This can be configured now from sssd.conf (LP: #1919563)
* debian/sssd-common.postinst: Use partial_chain in PAM authentications.
If an user had previously configured the smartcard authentication, we
need to enable the partial_chain verification mode for PAM, to be
consistent to what SSSD did before the switch from NSS to OpenSSL.
This broke some systems because they relied on the NSS default
partial-chain verification, so set back this option in case anything
related was configured before.
So basically we set a [pam] pam_cert_verification = partial_chain
option, concatenating it to the previous value if any. (LP: #1919563)
* debian/patches: Backport patches atches to support properly GDM smartcard
login (LP: #1865226)
* debian/patches: Ensure all smart card modules and cards are checked
(LP: #2003809)
-- Marco Trevisan (TreviƱo) <email address hidden> Wed, 23 Aug 2023 02:57:14 +0200
Builds
Built packages
-
libipa-hbac-dev
FreeIPA HBAC Evaluator library -- development files
-
libipa-hbac0
FreeIPA HBAC Evaluator library
-
libnss-sss
Nss library for the System Security Services Daemon
-
libpam-sss
Pam module for the System Security Services Daemon
-
libsss-certmap-dev
Certificate mapping library for SSSD -- development files
-
libsss-certmap0
Certificate mapping library for SSSD
-
libsss-idmap-dev
ID mapping library for SSSD -- development files
-
libsss-idmap0
ID mapping library for SSSD
-
libsss-nss-idmap-dev
SID based lookups library for SSSD -- development files
-
libsss-nss-idmap0
SID based lookups library for SSSD
-
libsss-simpleifp-dev
SSSD D-Bus responder helper library -- development files
-
libsss-simpleifp0
SSSD D-Bus responder helper library
-
libsss-sudo
Communicator library for sudo
-
libwbclient-sssd
SSSD libwbclient implementation
-
libwbclient-sssd-dev
SSSD libwbclient implementation -- development files
-
python3-libipa-hbac
Python3 bindings for the FreeIPA HBAC Evaluator library
-
python3-libsss-nss-idmap
Python3 bindings for the SID lookups library
-
python3-sss
Python3 module for the System Security Services Daemon
-
sssd
System Security Services Daemon -- metapackage
-
sssd-ad
System Security Services Daemon -- Active Directory back end
-
sssd-ad-common
System Security Services Daemon -- PAC responder
-
sssd-common
System Security Services Daemon -- common files
-
sssd-dbus
System Security Services Daemon -- D-Bus responder
-
sssd-ipa
System Security Services Daemon -- IPA back end
-
sssd-kcm
System Security Services Daemon -- Kerberos KCM server implementation
-
sssd-krb5
System Security Services Daemon -- Kerberos back end
-
sssd-krb5-common
System Security Services Daemon -- Kerberos helpers
-
sssd-ldap
System Security Services Daemon -- LDAP back end
-
sssd-proxy
System Security Services Daemon -- proxy back end
-
sssd-tools
System Security Services Daemon -- tools
Package files