UbuntuUpdates.org

Package "sssd"

Name: sssd

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • Communicator library for sudo
  • Python3 bindings for the FreeIPA HBAC Evaluator library
  • Python3 bindings for the SID lookups library
  • System Security Services Daemon -- Kerberos KCM server implementation
Latest version: 2.6.3-1ubuntu3.6
Release: jammy (22.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "sssd" in Jammy

Repository Area Version
base main 2.6.3-1ubuntu3
base universe 2.6.3-1ubuntu3
security main 2.6.3-1ubuntu3.3
security universe 2.6.3-1ubuntu3.3
updates main 2.6.3-1ubuntu3.6
proposed main 2.6.3-1ubuntu3.6
proposed universe 2.6.3-1ubuntu3.6

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.6.3-1ubuntu3.6 2025-08-29 05:07:05 UTC

  sssd (2.6.3-1ubuntu3.6) jammy; urgency=medium

  * Updating apparmor profile for smartcard authentication.
    Allow access to sssd configuration directory, pcscd socket and libraries
    required for PKCS#11 module initialization. (LP: #2109673)
    - d/apparmor-profile

 -- Seyeong Kim <email address hidden> Tue, 12 Aug 2025 04:30:46 +0000
Source diff to previous version
2109673 Authentication with smartcard is not working with apparmor DENIED

Version: 2.6.3-1ubuntu3.5 2025-04-23 15:07:24 UTC

  sssd (2.6.3-1ubuntu3.5) jammy; urgency=medium

  * Fix a regression in pam_sss_gss where if KRB5CCNAME was
    not set, authentication would fail. (LP: #2103623)
    - d/p/lp2103623-pam_sss_gss-KRB5CCNAME-may-be-NULL.patch

 -- Matthew Ruffell <email address hidden> Fri, 21 Mar 2025 10:11:12 +1300
Source diff to previous version
2103623 pam_sss_gss fails to work when KRB5CCNAME is not set

Version: 2.6.3-1ubuntu3.4 2024-11-05 14:07:24 UTC

  sssd (2.6.3-1ubuntu3.4) jammy; urgency=medium

  * Improve PAM smartcard support for everyday scenarios such as
    removing the smartcard mid auth, by actually respecting
    require_cert_auth and improving the messaging to the user.
    (LP: #2081129)
    - d/p/lp2081129-1-pam-add-more-checks-for-require_cert_auth.patch
    - d/p/lp2081129-2-pam-better-SC-fallback-message.patch

 -- Matthew Ruffell <email address hidden> Mon, 16 Sep 2024 15:22:16 +1200
Source diff to previous version
2081129 libpam-sss: require_cert_auth is not absolute, will fall back to password auth on smartcard removal

Version: 2.6.3-1ubuntu3.3 2024-06-17 16:07:31 UTC

  sssd (2.6.3-1ubuntu3.3) jammy-security; urgency=medium

  * SECURITY UPDATE: race when GPO policy is being applied
    - debian/patches/CVE-2023-3758.patch: use hash to store intermediate
      results in src/providers/ad/ad_gpo.c.
    - CVE-2023-3758

 -- Marc Deslauriers <email address hidden> Fri, 07 Jun 2024 10:54:47 -0400
Source diff to previous version
CVE-2023-3758 A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authoriza

Version: 2.6.3-1ubuntu3.2 2022-10-25 10:07:21 UTC

  sssd (2.6.3-1ubuntu3.2) jammy; urgency=medium

  * d/p/initialize-uid-gid-main-functions.patch: Initialize UID/GID
    variables in "main" functions, preventing inadvertent changes in
    p11_child.log file permissions. (LP: #1989356)

 -- Sergio Durigan Junior <email address hidden> Tue, 04 Oct 2022 19:04:33 -0400
1989356 pam_sss messes up existing /var/log/sssd/p11_child.log permissions


About   -   Send Feedback to @ubuntu_updates