[Freeipa-interest] Announcing SSSD 2.4.0
Pavel Březina
pbrezina at redhat.com
Mon Oct 12 10:46:22 UTC 2020
# SSSD 2.4.0
The SSSD team is proud to announce the release of version 2.4.0 of the
System Security Services Daemon. The tarball can be downloaded from:
https://github.com/SSSD/sssd/releases/tag/sssd-2_4_0
See the full release notes at:
https://sssd.io/docs/users/relnotes/notes_2_4_0
RPM packages will be made available for Fedora shortly.
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel
or sssd-users mailing lists:
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
https://lists.fedorahosted.org/mailman/listinfo/sssd-users
## Highlights
- `libnss` support was dropped, SSSD now supports only `openssl`
cryptography
### New features
- Session recording can now exclude specific users or groups when
`scope` is set to `all` (see `exclude_users` and `exclude_groups` options)
- Active Directory provider now sends CLDAP pings over UDP protocol to
Domain Controllers in parallel to determine site and forest to speed up
server discovery
### Packaging changes
- python2 bindings are disable by default, use `--with-python2-bindings`
to build it
### Documentation Changes
- Default value of `client_idle_timeout` changed from 60 to 300 seconds
for KCM, this allows more time for user interaction (e.g. during `kinit`)
- Added `exclude_users` and `exclude_groups` option to
`session_recording` section, this allows to exclude user or groups from
session recording when `scope` is set to `all`
- Added `ldap_library_debug_level` option to enable debug messages from
`libldap`
- Added `dyndns_auth_ptr` to set authentication mechanism for PTR DNS
records update
- Added `ad_allow_remote_domain_local_groups` to be compatible with
other solutions
More information about the Freeipa-interest
mailing list