sssd-2.9.1-4.el9_3> M Mv ĉJ4!!%joLne)Ip-Bm5 ']eK4Treleng@rockylinux.org p-Bm5 ']3U m9K.'>?hd`ddY^bYv`! }C2 2ă`.Pڎ@߉96C 7lmܵ^e R r6a/(qdsye\P=4?4d   5 0U\     * ,4>Hdl  I (89 : LG1H1I1X1Y1\1]1^1b2d3ze3f3l3t3u3v3333444"4d4hCsssd2.9.14.el9_3System Security Services DaemonProvides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. The sssd subpackage is a meta-package that contains the daemon as well as all the existing back ends.eK.pb-4b2a121b-b27f-4a22-8074-2b95b460ac3e-b-ppc64leKRocky Linux 9.3Rocky Enterprise Software FoundationGPLv3+Rocky Linux Build System (Peridot) Unspecifiedhttps://github.com/SSSD/sssd/linuxppc64leKA큤eK/Tdu8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903rootrootrootrootsssd-2.9.1-4.el9_3.src.rpmsssdsssd(ppc-64)    rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsZstd)sssd-adsssd-commonsssd-ipasssd-krb5sssd-ldapsssd-proxy3.0.4-14.6.0-14.0-15.4.18-12.9.1-4.el9_32.9.1-4.el9_32.9.1-4.el9_32.9.1-4.el9_32.9.1-4.el9_32.9.1-4.el9_34.16.1.3e@eRdd@ddu@doMdbc<@c]cdcc@bb'b&bI@b{@b_aZ@a@a@Eduardo Lima (Etrunko) - 2.9.1-4Eduardo Lima (Etrunko) - 2.9.1-3Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-5Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.1-2Alexey Tikhonov - 2.7.1-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.7.0-1Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-1- Related: rhbz#2236236 - dbus and crond getting terminated with SIGBUS in sss_client code Handle all invalidations consistently Supply a valid pointer to `sss_mmap_cache_validate_or_reinit()`, not a pointer to a local var- Resolves: rhbz#2236236 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237301 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2218858 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3 - Resolves: rhbz#2196816 - [RHEL9] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2162552 - sssd client caches old data after removing netgroup member on IDM - Resolves: rhbz#2189542 - [sssd] RHEL 9.3 Tier 0 Localization - Resolves: rhbz#2133854 - [RHEL9] In some cases when `sdap_add_incomplete_groups()` is called with `ignore_group_members = true`, groups should be treated as complete - Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys- Related: rhbz#2190415 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs.- Related: rhbz#2190415 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs.- Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3- Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3 - Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys - Resolves: rhbz#1913839 - filter_groups doesn't filter GID from 'id' output: AD + 'ldap_id_mapping = True' corner case - Resolves: rhbz#2100789 - [Improvement] sssctl config-check command does not show an error when we don't have id_provider in the domain section - Resolves: rhbz#2152177 - [RFE] Add support for ldapi:// URLs - Resolves: rhbz#2164852 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2166627 - Improvement: sss_client: add 'getsidbyusername()' and 'getsidbygroupname()' and corresponding python bindings - Resolves: rhbz#2166943 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2167728 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed)- Resolves: rhbz#2160001 - Reference to 'sssd-ldap-attributes' man page is missing in 'sssd-ldap', etc man pages - Resolves: rhbz#2143159 - automount killed by SIGSEGV- Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2 - Resolves: rhbz#1608496 - sssd failing to register dynamic DNS addresses against an AD server due to unnecessary DNS search - Resolves: rhbz#2110091 - SSSD doesn't handle changes in 'resolv.conf' properly (when started right before network service) - Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139684 - [sssd] RHEL 9.2 Tier 0 Localization - Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142794 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144893 - changing password with ldap_password_policy = shadow does not take effect immediately - Resolves: rhbz#2148737 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around- Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2 - Resolves: rhbz#1507035 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#1766490 - Use negative cache better and domain checks for lookup by SIDs - Resolves: rhbz#1964121 - RFE: Add an option to sssd config to convert home directories to lowercase (or add a new template for the 'override_homedir' option) - Resolves: rhbz#2074307 - reduce debug level in case well_known_sid_to_name() fails - Resolves: rhbz#2096031 - SSSD: sdap_handle_id_collision_for_incomplete_groups debug message missing a new line - Resolves: rhbz#2103325 - Supported AD group types should be explained in the docs - Resolves: rhbz#2111388 - authenticating against external IdP services okta (native app) with OAuth client secret failed - Resolves: rhbz#2115171 - SSSD: duplicate dns_resolver_* option in man sssd.conf - Resolves: rhbz#2127492 - sssd timezone issues sudonotafter - Resolves: rhbz#2128840 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2128883 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list- Related: rhbz#1978119 - [Improvement] avoid interlocking among threads that use `libsss_nss_idmap` API (or other sss_client libs)- Resolves: rhbz#2116389 - rpc.gssd crash when access a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-2.el9 - Resolves: rhbz#2119373 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120657 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2106660 - [regression] sssd goes offline with forced ldaps configuration - Resolves: rhbz#2109451 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2098654 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL - Resolves: rhbz#2106685 - [regression] sssctl analyze fails to parse PAM related sssd logs- Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1 - Resolves: rhbz#1936551 - [Improvement] Provide user feedback when login fails due to blocked PIN - Resolves: rhbz#1978119 - [Improvement] avoid interlocking among threads that use `libsss_nss_idmap` API (or other sss_client libs) - Resolves: rhbz#2062665 - [sssd] RHEL 9.1 Tier 0 Localization- Resolves: rhbz#2073095 - Harden kerberos ticket validation (additional patch) - Resolves: rhbz#2061795 - Unable to lookup AD user if the AD group contains '@' symbol (additional patch)- Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1 - Resolves: rhbz#1893192 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#1927553 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2089216 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2090776 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#1927195 - sssd runs out of proxy child slots and doesn't clear the counter for Active requests - Resolves: rhbz#2073095 - Harden kerberos ticket validation - Resolves: rhbz#2082455 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2087581 - Regression "Missing internal domain data." when setting ad_domain to incorrect- Resolves: rhbz#2065693 - [RHEL9] Ship new sub-package called sssd-idp into sssd- Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1 - Resolves: rhbz#2072640 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2070189 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2070138 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2065693 - [RHEL9] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2065098 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2062716 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2061795 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2056482 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#1937895 - SSSD update prompts for smartcard pin twice - After update to 7.9 - Resolves: rhbz#1925559 - [RFE] Implement time logging for the LDAP queries and warning of high queries time - Resolves: rhbz#1915564 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#1859751 - [RFE] Allow SSSD to use anonymous pkinit for FAST - Resolves: rhbz#1749279 - 2FA prompting setting ineffective - Resolves: rhbz#1661055 - sssd fails GPO-based access if AD have setup with Japanese language - Resolves: rhbz#1245367 - [RFE] Implement memory cache for SID requests to improve performance- Resolves: rhbz#2035244 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2041560 - sssd does not use kerberos port that is set.- Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA - Resolves: rhbz#2017390 - [sssd] RHEL 9.0 GA Tier 0 Localization - Resolves: rhbz#2013263 - [RHEL9] Add ability to parse child log files - Resolves: rhbz#2013262 - [RHEL9] Add tevent chain ID logic into responders - Resolves: rhbz#1992432 - Add client certificate validation D-Bus API - Resolves: rhbz#1940517 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs- Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA - Resolves: rhbz#1966201 - sssd: incorrect checks on length values during packet decoding in unpack_authtok() - Resolves: rhbz#977803 - incorrect checks of `strto*()` string to number convertion functions - Resolves: rhbz#1992432 - Add client certificate validation D-Bus API - Resolves: rhbz#1992973 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#1996151 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#1998459 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2000476 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2014249 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2029419 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected2.9.1-4.el9_32.9.1-4.el9_3sssdCOPYING/usr/share/licenses//usr/share/licenses/sssd/-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power9 -mtune=power9 -fasynchronous-unwind-tables -fstack-clash-protectioncpiozstd19ppc64le-redhat-linux-gnudirectoryASCII textlogrotatepython3-sssdconfigsssd-dbus2.9.1-4.el9_32.9.1-4.el9_3utf-8fd3c5916078fe6a7626225040b566b629e418e51df789d6c1c03394dd2b4fb80ec0352ac8428b5a5361b6c9a0106d9ade11783bae7f2c49d6f8de7046e320dc7?0(/h$ ,JHD6M13ٕli-ФSibz x3abc|xl߄dgV ɽM͋zLJ )GE1plc"\ L/#,/k7QT:ʾg}yr|\"nΎa3(6Q.gsF2eS¤{gvhZ͸QK$ [ع\ C2k=1bd-sm>Lh:xO忲N\/N!⋃i).YG%\6F~al `oaC6%ܲz&0*&NbB \&*& * 8 `BBhjAD>rwOLq %B $FZ'h7iW7:4'Fh4~瞭Tp,:.dG>YôRL /)c ƹܝbMr<RQvg\6Z΅g5Jf2 ʠes@0,Nw<rNGpqd ~:/G9J){o,G4yax!YE3h⩯Kedzo3 AB.@n{4;ZjM6*CɲIeZb0R^}![%r% QE*_mI?zd+f-#͌|*6|TL%*3VJpNJKCdB2,~G;;PR,Nv.]%GX`@%:t9,q 3U$7H[`*E`cՒcJ9èR9R8S6X4hGGy`0u.txUSÂA3N&n @!nxqpKdL} CvÇ6g Z7C{òk;^'qnjdW:QMf@Ԫ쭱}gq>QE9A(.]U1.'^3uP$;14fZƒ VKgPˇI!Y4:]TJ6Akv~NXK!q+nY-1>x/4LYIRw,ft459!0&IZ&c_ӸuBo@^S26y%z'Y靖 lJoe~wޡ!)a٣%n[S,jPT5}eqt]/P cS]sR#wWvk@/m\$wgP%]`3[6`鏃mtud6aq+qLCǴ-:EOI}[Og |VU nmto$bۺ.O n9Vq=J؄my&c1v0#2͠fSo5Qs _Ƙy.|E-稅#jF$N9' 圼™3ģ#(i8aBp-+Y m(:QMqc7)#B231"kNIZ2ʁFTSք/LB3x,/;v$0Iԓ.˦RZ&t$X[4d3hJݦ/c,+D2,[!m̹ƎVS(%?v} jz1LS8j!d`Z|6ʝ`1PʸHaFg@~\6PRM25XnK=~4dП.T!!59e`A5M̋79(ձ!ƺ2+P2R/UhU$ 4S'4<\z 4k_H: ́0WUY=u)A]y[)\!M%Dg, ID3d`Šw)d(^E "F*.npxTh!k'_bp1e &8/##_C(1͗\Jz$ g0ӶG\8̉֍y34" &i@m"Wj mZY~Ï,LyHzX,v!M>|ӲkjRE rf~,mђ\#YvzBG&kDBLH_c> mH0tJU~B^Q_JO6|/ l{M% m7ؼT }=7>Qf_Y}-6(|?D2.A[cm@ 97QwԔH vAӝ{2A5 (#?)Te V# (Z9&<#;5V[e># 53Gw'6_XRV3A@gWЬu79X䯦rP8-YrZJ}{nlu QciJlTC #VUl`hɧ^4W(Zw(7;qghK YNTZ8~"'@uC ߸wrIĸ1{ݴ0܇?' ;̠#x%gFH=5<%6Fً`Pj,=;O6.Ը20wp`2yCy+n9RUCGmgqc~5؃c@^v6c#2tb=ODZCdBYypY\ E*/Z{)NcY)l 0,aFBP^KvCA`Abx߃Px)c;wq ;sD(6hNKOTyjvTdA ;$?KI;dx=7zxxsU)rɎBb%E\; '=duNB3K$&*[V,ʹ\$2Q~#NTJL//$>@qd?TTQ99/Vb!K)rf&-=b$sHC59Ҝ9G"2pe@03dT}V˭~/x hմ0%_S( R | kIJnZ-i~N6,Yp]D&.JG7~X1Bſ`x",b&Z2I12z9 =:Up*n2BBD}<\?jSZ1Fz5S vek^93^ 9-˘]E7ߊqNIVhQhFaW kdl]{}ȭPM@&)ciҸhwF/p?ilH3>OTrs^n/Zgh{ѪҬr*ֹUΌL~dE}^43ֳ92rZJܔ73kROyӺqp2:Q2l1Mc*07|Ҳ>OSWVIR*'vV`v鷉X+\s6szӪ}kKR v EJZ^(5Bz3n)uZf/+JJxN+i}ŬS-|dd~讔3;peũO%G²|i>A_|Q{ud,Z>f)O(q2y.Pn \Yg-e +ugQ;N{ q 5CH"siHq; y8q"Z=8A'155 t1in\Ea؜9Z"==:3Hz=` yQ`f=hbiғhE/"rO-k8Ѓă҃&E'-Es9HcC7$=t'Ep # !GKA$z:z{H @4ս4cS%3` \Q^kEEzwKLM}Rq\az1Ɂf1C+Rd2uK`;&V\։]pP*P}[1+/2k=WKlG"Uk IkͷJbf󌔟sfhQ{<@pr^spM`&G &ĨSKS##I*c  FsplRDF$a Vm^.uQwcOhJsdFM&gudcsL!@N$c< { `vsk]Rf3BkuFeYo%M=JSѰavL6C-d%ûy~V\--U)?ѝZsb~|xUL=i7m'6vc5RuKst̪.% P?Z<'"{[{BmRul' ᐮ3y+JV %ϗ2 aRq/B3&iШ$96ܤj7i!ń2,1`ta2`G[ږ!;^ `Q*UdKu!EX^r*F Pg͸܃hV,mF];m)=F.߳˯xdG MjX~ydЉQpNPh 7ncLzd h]d.S|#FGzӈ.(Уo`̔>aԤ\ 31",óץ&2EߑC LD䒅4")RJ$H1f86WJq<!>#Aa,x ߴqbYҋLUiHDBtks9A\J'y8xHRLܨ uI?+"\.LĊEzB׀gf5])E2#J~e_SHm9=8C!"JDl?#25WW[~]fcpYXC͔1(v$Ux2-)GҪY8Y,;L4P6S TOwٝΣMP ΛO!׮e>^VWaĴ`N.wQQp:@'MM;HhBpFU\F(1nj"^luBb|1` SoBE} DMR2n"9.̓l@cH*q0]^V5b66^HIҐ(h 0UJgu=iZe lG{F!]L3y[H`L?}/PO$:1Xj`1Eg L"[w y%="{.jNT[=֙8a3U`*b8+AҬ^6A0`p4V@gį p8i01>⦊-b7,}UMi v^}db4 d0Vyz$qu%5B) P(c k;$چ BRXi@:={ ߮mXRōΐҵxN)(BbL6'7WcM3ISXEPbXB:}nT4#pi즅ҭ'@ Wp8zp&xtQ"uP lcAF,Y 's9, Жb#0@<\Z4V1S3*66X}Lk39?axC,5,??7jXξ5d>73ή>YsbF _ de[7_}h 8[u":WFM>V ǥa$̘FZ߁C뵅?t@xB{tq׎YU{]SdseVk0~ӵt=\@ѳ'ˉU4 "x ڽ3Wl"6b;ɟcW,]Mr,foCR$BA&ޫM eic—V>j_hU^$M[G_Yy%:\sWD82Q!,BhA+L2ڃ g)8<`M#/O>?ٖKnTVFɋQ .Km ͘gk\=҇k07LY1`ix`jiǰ{XQe*~ 1 a13HΪKraD0^͆57,LFp`z<gea uK24в\V]3eyFCHU >9R7NMV-!("GFϩ!=p4t",@l3Kw*] ^@ݯJ6 e!yDRQ7iLUq[bqL檆LMd_zY@y_xmG}/q:!471γ".BrTgy`}ɀd6ִ& I$L=Cd XVQ[g"߄.EЙE[3"9R%d\߾S6;?HI~TMה$OkkQKu"