Publishing details

• Published on 2023-09-07

Changelog

sssd (2.2.3-3ubuntu0.13) focal; urgency=medium

  * debian/patches: Backport support for 'partial_chain' cert verification.
    Since the switch to libcrypto in SSSD 2.2.3-3ubuntu0.4 we require a
    smart card certificate to be fully trusted by providing the whole CA
    chain, while in previous versions a partial chain was enough.
    SSSD did not support this, so backport the patches that add the ability to
    enable the partial verification of the CA database.
    This can be configured now from sssd.conf (LP: #1919563)
  * debian/sssd-common.postinst: Use partial_chain in PAM authentications.
    If an user had previously configured the smartcard authentication, we
    need to enable the partial_chain verification mode for PAM, to be
    consistent to what SSSD did before the switch from NSS to OpenSSL.
    This broke some systems because they relied on the NSS default
    partial-chain verification, so set back this option in case anything
    related was configured before.
    So basically we set a [pam] pam_cert_verification = partial_chain
    option, concatenating it to the previous value if any. (LP: #1919563)
  * debian/patches: Backport patches atches to support properly GDM smartcard
    login (LP: #1865226)
  * debian/patches: Ensure all smart card modules and cards are checked
    (LP: #2003809)

 -- Marco Trevisan (Treviño) <email address hidden>  Wed, 23 Aug 2023 02:57:14 +0200

Builds

• amd64

Built packages

• libipa-hbac-dev FreeIPA HBAC Evaluator library -- development files

• libipa-hbac0 FreeIPA HBAC Evaluator library

• libnss-sss Nss library for the System Security Services Daemon

• libpam-sss Pam module for the System Security Services Daemon

• libsss-certmap-dev Certificate mapping library for SSSD -- development files

• libsss-certmap0 Certificate mapping library for SSSD

• libsss-idmap-dev ID mapping library for SSSD -- development files

• libsss-idmap0 ID mapping library for SSSD

• libsss-nss-idmap-dev SID based lookups library for SSSD -- development files

• libsss-nss-idmap0 SID based lookups library for SSSD

• libsss-simpleifp-dev SSSD D-Bus responder helper library -- development files

• libsss-simpleifp0 SSSD D-Bus responder helper library

• libsss-sudo Communicator library for sudo

• libwbclient-sssd SSSD libwbclient implementation

• libwbclient-sssd-dev SSSD libwbclient implementation -- development files

• python3-libipa-hbac Python3 bindings for the FreeIPA HBAC Evaluator library

• python3-libsss-nss-idmap Python3 bindings for the SID lookups library

• python3-sss Python3 module for the System Security Services Daemon

• sssd System Security Services Daemon -- metapackage

• sssd-ad System Security Services Daemon -- Active Directory back end

• sssd-ad-common System Security Services Daemon -- PAC responder

• sssd-common System Security Services Daemon -- common files

• sssd-dbus System Security Services Daemon -- D-Bus responder

• sssd-ipa System Security Services Daemon -- IPA back end

• sssd-kcm System Security Services Daemon -- Kerberos KCM server implementation

• sssd-krb5 System Security Services Daemon -- Kerberos back end

• sssd-krb5-common System Security Services Daemon -- Kerberos helpers

• sssd-ldap System Security Services Daemon -- LDAP back end

• sssd-proxy System Security Services Daemon -- proxy back end

• sssd-tools System Security Services Daemon -- tools

Package files

• libipa-hbac-dev_2.2.3-3ubuntu0.13_amd64.deb (22.1 KiB)
• libipa-hbac0_2.2.3-3ubuntu0.13_amd64.deb (24.5 KiB)
• libnss-sss_2.2.3-3ubuntu0.13_amd64.deb (33.5 KiB)
• libpam-sss_2.2.3-3ubuntu0.13_amd64.deb (43.1 KiB)
• libsss-certmap-dev_2.2.3-3ubuntu0.13_amd64.deb (21.1 KiB)
• libsss-certmap0_2.2.3-3ubuntu0.13_amd64.deb (45.5 KiB)
• libsss-idmap-dev_2.2.3-3ubuntu0.13_amd64.deb (23.7 KiB)
• libsss-idmap0_2.2.3-3ubuntu0.13_amd64.deb (28.7 KiB)
• libsss-nss-idmap-dev_2.2.3-3ubuntu0.13_amd64.deb (21.9 KiB)
• libsss-nss-idmap0_2.2.3-3ubuntu0.13_amd64.deb (33.9 KiB)
• libsss-simpleifp-dev_2.2.3-3ubuntu0.13_amd64.deb (22.8 KiB)
• libsss-simpleifp0_2.2.3-3ubuntu0.13_amd64.deb (28.9 KiB)
• libsss-sudo_2.2.3-3ubuntu0.13_amd64.deb (27.1 KiB)
• libwbclient-sssd-dev_2.2.3-3ubuntu0.13_amd64.deb (27.8 KiB)
• libwbclient-sssd_2.2.3-3ubuntu0.13_amd64.deb (30.0 KiB)
• python3-libipa-hbac_2.2.3-3ubuntu0.13_amd64.deb (30.2 KiB)
• python3-libsss-nss-idmap_2.2.3-3ubuntu0.13_amd64.deb (23.8 KiB)
• python3-sss_2.2.3-3ubuntu0.13_amd64.deb (59.2 KiB)
• sssd-ad-common_2.2.3-3ubuntu0.13_amd64.deb (81.5 KiB)
• sssd-ad_2.2.3-3ubuntu0.13_amd64.deb (134.2 KiB)
• sssd-common_2.2.3-3ubuntu0.13_amd64.deb (1.1 MiB)
• sssd-dbus_2.2.3-3ubuntu0.13_amd64.deb (106.9 KiB)
• sssd-ipa_2.2.3-3ubuntu0.13_amd64.deb (221.2 KiB)
• sssd-kcm_2.2.3-3ubuntu0.13_amd64.deb (122.8 KiB)
• sssd-krb5-common_2.2.3-3ubuntu0.13_amd64.deb (89.7 KiB)
• sssd-krb5_2.2.3-3ubuntu0.13_amd64.deb (28.8 KiB)
• sssd-ldap_2.2.3-3ubuntu0.13_amd64.deb (45.9 KiB)
• sssd-proxy_2.2.3-3ubuntu0.13_amd64.deb (49.3 KiB)
• sssd-tools_2.2.3-3ubuntu0.13_amd64.deb (108.2 KiB)
• sssd_2.2.3-3ubuntu0.13.diff.gz (188.1 KiB)
• sssd_2.2.3-3ubuntu0.13.dsc (4.8 KiB)
• sssd_2.2.3-3ubuntu0.13_amd64.deb (19.5 KiB)
• sssd_2.2.3.orig.tar.gz (6.6 MiB)