sssd-2.9.5-4.el9_5.1> M Mv ĉJ4!!%joLne)Ip-Bm5 ']g3f'releng@rockylinux.org p-Bm5 ']4}*_oZ0TBS|^nZ Y _!n gR~gW Icx|8i- 9Gؘbr&k*t' k}A}7X,uihy+y7y) '0r៤1I%SX;'lx`@qB̜R5&0B-r>qb.22$p>wm>ksQjm[K ]:n%03C&+npX!F bEQEwDF*mn;ng\]U"`g~MCd^"~W, v+/tA =ҷbӷzJlh@6N IYia>]% ҄ˢcHwV Z`ʠ]o1 ʡ'Z&m;hLTژ``ݫ+ըFUuMHЂmuY奢hr']6iQft~dSoA C9r024c376ce2670395991d61c630a70f0a6bb2080cdd783f16bdb49efdebbd53717edb630525f6cd7ccdb5bcd22ce098851fe8ff2b^4)Qo#f ɉc!>=,?,d   7 $4Y`     . 08BLlt  Q (89@: G)H)I)X)Y)\)])^)b*d+^e+cf+hl+kt+u+v+++++,, ,L,PCsssd2.9.54.el9_5.1System Security Services DaemonProvides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable back end system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. The sssd subpackage is a meta-package that contains the daemon as well as all the existing back ends.g3cUpb-dfe44e04-fcf5-407d-aaad-91b0d41820e1-b-aarch64KRocky Linux 9.5Rocky Enterprise Software FoundationGPLv3+Rocky Linux Build System (Peridot) Unspecifiedhttps://github.com/SSSD/sssd/linuxaarch64KA큤g3dfE8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903rootrootrootrootsssd-2.9.5-4.el9_5.1.src.rpmsssdsssd(aarch-64)    rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsZstd)sssd-adsssd-commonsssd-ipasssd-krb5sssd-ldapsssd-proxy3.0.4-14.6.0-14.0-15.4.18-12.9.5-4.el9_5.12.9.5-4.el9_5.12.9.5-4.el9_5.12.9.5-4.el9_5.12.9.5-4.el9_5.12.9.5-4.el9_5.14.16.1.3ffffy_fE@f/f! @fg@e!@e@e@e)eReRe@d dd@ddu@doMdbc<@c]cdAlexey Tikhonov - 2.9.5-4.1Alexey Tikhonov - 2.9.5-4Alexey Tikhonov - 2.9.5-3Alexey Tikhonov - 2.9.5-2Alexey Tikhonov - 2.9.5-1Alexey Tikhonov - 2.9.4-7Alexey Tikhonov - 2.9.4-6Alexey Tikhonov - 2.9.4-5Alexey Tikhonov - 2.9.4-4Alexey Tikhonov - 2.9.4-3Alexey Tikhonov - 2.9.4-2Alexey Tikhonov - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-2Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-5Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1- Resolves: RHEL-59876 - EL9/CentOS Stream 9 lost offline smart card authentication - Resolves: RHEL-50912 - possible regression of rhbz#2196521- Resolves: RHEL-49711 - SYSDB: remove index on dataExpireTimestamp - Resolves: RHEL-49811 - 2FA is being enforced after upgrading 2.9.1->2.9.4- Resolves: RHEL-40742 - passkey_child with wrong owner- Resolves: RHEL-40742 - passkey_child with wrong owner - Resolves: RHEL-41047 - sssd is skipping GPO evaluation with auto_private_groups - Resolves: RHEL-40570 - GPO access the wrong memory location- Resolves: RHEL-36586 - Rebase SSSD for RHEL 9.5 - Resolves: RHEL-27716 - SSSD fails to process AD groups with 'Global Scope' correctly causing incomplete group-membership on RHEL if cache is empty - Resolves: RHEL-17659 - [RfE] SSSD Failover Enhancements - Resolves: RHEL-35781 - Passkey errors when handling multiple altSecurityIdentities values - Resolves: RHEL-30142 - sssd_pac is crashing - Resolves: RHEL-22206 - Errors in krb5_child.log every time a user authenticates - Pre-authentication failed: No pkinit_anchors supplied - Resolves: RHEL-32595 - Excessive "Domain not found' messages logged to sssd_nss & sssd_be in multidomain AD forest - Resolves: RHEL-28666 - sssctl config-check is reporting false positive error msg - Resolves: RHEL-29454 - NULL dereference in inotify handling - Resolves: RHEL-1654 - Improve documentation for allowing e-mail address as username- Relates: RHEL-33645 - Rebase Samba to the latest 4.20.x release- Resolves: RHEL-27209 - Race condition during authorization leads to GPO policies functioning inconsistently [rhel-9.4.0]- Resolves: RHEL-28161 - Passkey cannot fall back to password- Resolves: RHEL-28161 - Passkey cannot fall back to password- Resolves: RHEL-22340 - socket leak - Resolves: RHEL-28161 - Passkey cannot fall back to password- Resolves: RHEL-12503 - AD users are unable to log in due to case sensitivity of user because the domain is found as an alias to the email address. - Resolves: RHEL-22288 - ssh pubkey stored in ldap/AD no longer works to authenticate via sssd - Resolves: RHEL-22194 - gdm smartcard login fails with sssd-2.9.3 in case of multiple identities- Resolves: RHEL-2632 - Rebase SSSD for RHEL 9.4 - Resolves: RHEL-18395 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users - Resolves: RHEL-17498 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') [rhel-9] - Resolves: RHEL-21079 - SSSD GPO lacks group resolution on hosts [rhel-9] - Resolves: RHEL-19211 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest [rhel-9]- Resolves: RHEL-2632 - Rebase SSSD for RHEL 9.4- Resolves: RHEL-2632 - Rebase SSSD for RHEL 9.4 - Resolves: RHEL-14427 - Expected cn in RDN, got uid - Resolves: RHEL-12229 - HANA validation on RHEL 9.2 issue possibly related to libc/nss_sss behaviour - Resolves: RHEL-3925 - SSSD goes offline when, while reading a single user, misses a required attribute (i.e. SID) - Resolves: RHEL-2319 - Passkey authentication for centrally managed users - Resolves: RHEL-4146 - Incorrect handling of reverse IPv6 update results in update failure - Resolves: RHEL-4971 - sssd-kcm does not appear to expire Kerberos tickets (RFE: sssd_kcm should have the option to automatically delete the expired tickets)- Resolves: RHEL-2319 - Passkey authentication for centrally managed users- Resolves: RHEL-2632 - Rebase SSSD for RHEL 9.4 - Resolves: RHEL-2319 - Passkey authentication for centrally managed users - Resolves: rhbz#2234829 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working) - Resolves: rhbz#2236119 - dbus and crond getting terminated with SIGBUS in sss_client code- Resolves: rhbz#2218858 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3 - Resolves: rhbz#2196816 - [RHEL9] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2162552 - sssd client caches old data after removing netgroup member on IDM - Resolves: rhbz#2189542 - [sssd] RHEL 9.3 Tier 0 Localization - Resolves: rhbz#2133854 - [RHEL9] In some cases when `sdap_add_incomplete_groups()` is called with `ignore_group_members = true`, groups should be treated as complete - Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys- Related: rhbz#2190415 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs.- Related: rhbz#2190415 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs.- Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3- Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3 - Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys - Resolves: rhbz#1913839 - filter_groups doesn't filter GID from 'id' output: AD + 'ldap_id_mapping = True' corner case - Resolves: rhbz#2100789 - [Improvement] sssctl config-check command does not show an error when we don't have id_provider in the domain section - Resolves: rhbz#2152177 - [RFE] Add support for ldapi:// URLs - Resolves: rhbz#2164852 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2166627 - Improvement: sss_client: add 'getsidbyusername()' and 'getsidbygroupname()' and corresponding python bindings - Resolves: rhbz#2166943 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2167728 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed)- Resolves: rhbz#2160001 - Reference to 'sssd-ldap-attributes' man page is missing in 'sssd-ldap', etc man pages - Resolves: rhbz#2143159 - automount killed by SIGSEGV- Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2 - Resolves: rhbz#1608496 - sssd failing to register dynamic DNS addresses against an AD server due to unnecessary DNS search - Resolves: rhbz#2110091 - SSSD doesn't handle changes in 'resolv.conf' properly (when started right before network service) - Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139684 - [sssd] RHEL 9.2 Tier 0 Localization - Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142794 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144893 - changing password with ldap_password_policy = shadow does not take effect immediately - Resolves: rhbz#2148737 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around- Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2 - Resolves: rhbz#1507035 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#1766490 - Use negative cache better and domain checks for lookup by SIDs - Resolves: rhbz#1964121 - RFE: Add an option to sssd config to convert home directories to lowercase (or add a new template for the 'override_homedir' option) - Resolves: rhbz#2074307 - reduce debug level in case well_known_sid_to_name() fails - Resolves: rhbz#2096031 - SSSD: sdap_handle_id_collision_for_incomplete_groups debug message missing a new line - Resolves: rhbz#2103325 - Supported AD group types should be explained in the docs - Resolves: rhbz#2111388 - authenticating against external IdP services okta (native app) with OAuth client secret failed - Resolves: rhbz#2115171 - SSSD: duplicate dns_resolver_* option in man sssd.conf - Resolves: rhbz#2127492 - sssd timezone issues sudonotafter - Resolves: rhbz#2128840 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2128883 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list2.9.5-4.el9_5.12.9.5-4.el9_5.1sssdCOPYING/usr/share/licenses//usr/share/licenses/sssd/-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpiozstd19aarch64-redhat-linux-gnudirectoryASCII textlogrotatepython3-sssdconfigsssd-dbus2.9.5-4.el9_5.12.9.5-4.el9_5.1utf-81e0fe7ed3b603332b89291be069060da7865261d1b477c94de77b6cff5f21187dbf9a9da9526610920201d6e08c43efbaf550830acbb45d5de07bb1e8e3d5f16?0(/hܼ:,h}L"Jvw.Ӷ@,H]aF)~y;=MO*@ԼA4_ /i4[ =^7 w璝<0f'1|GQ+EqJrNo篾,;9;~0_llG;/{ l=#˨I?a;hZ}\gy%W!S-C.a!PUfIwoXݹ6 T\~SUZt_YsO'dLc p,.#ekH47!r@% nYSC'AA,B \TP0`aAA%`"D PIC66@ 4`""D Aa4+b} vq}sb읏Xs)%yԹYT\:\@ ꍧA<60Pq;!/>k17I@fixBtUPAPB' 4 eM_#PdSJ5+CJxR8pq ˔VobYKՖdۤE,/iT2E2$IS 0\lF=pS{d:y0bDFDDF JRR0?v̞CRș#j(" 0(@cACx~wnM :~ʱ:,&tbs2t |_F /yD+zLmX)a;ʑdiRSn1̘VSh?H/?9h E}Gcϼ 6z(GJP?3o6K8*.RM) HxKyALMqE-C2^T)W`ܚ49yLB3CJ$;B> ?FKuj>4Vk ,'nxS93+l g(AIQNDB+j {Co@CŞ J"]F8]] H~ۦr).x=moȼaj?X &_$d[B9e-⋸9\6]<[z*u ; E >Ҵ.G&*q| 5>m)fI@; " 7|ډNqx)㱣{NE~Q|Ty /xH +}'V'pު?6thb9P?GG.mRE,B=;9<<Ԯ62ugm`):Ɂ L#*F3Ψ YukEeҴ6ĒY:ͤp J̅3Cvx:@w\}dJt"."7lKr-r|G6AJT1SH\ʕ)eJnxӼ|I_4jg$^}XRV֙@tJd?n#[Ib˒@PgNeNfC`,Fii6ՙpX,==}Js$"meaVK4/ yX2eA`hf`hՖdQh(`(b5¹3_QDTPDGzT<2ݶ1z Xh[AP"Ɣkfq|,-̱8h2 OjCiAi{a! Jϵn V`7M@sI%P߰y^sbPj:-|7LA֖:&FHhl 8mPYj ۹NLnŰ*SA0Zy@cA1i[jwy/%3ʢ! o&f[O+fJ4 :,ayw4,e3O=Y)`N8 IFDzpJC,%N}NOCWO$*eU@+C2{ (}_>OCɖ~{Rgb:*Ƅ@&|-Y>u_x@esVePq)xғ6 %ɾܜpb-Ym/Ҥ{+*A˘N /o3؀S2 n&=S|E].bCi*qِǂ‹cy /t,q 'ȷ aqz F #< XN/ p?)~ץq X -ZC>iO}~2Ro_r0"g"R-%!.Rwt^}jl!زY;nh QtLc-j"g-BkՁ%j\8 6ݣRT j`Hp NBi*"rM(M'L5q2UD:ׄiy ,~p!5%3Å T231Řz*P 2 ցU9 \7JО\<,rS0e|gmqGXy2N/SCҗy#_b}ۯ)PTSF`5&MJ"X:M:c;s>7r:7[&LC`$0=[4UjCׅ ^-Fky8k' }`HʇeZ{]I!X@&ޯVY͒K:Ȳ#4TZ wZτD?5f绑"L ]nAk'oXI)zƮ[lc v(w0#8A j×g(Y! ]ZR]s9@9O)uQFZnf4Dϲ{`Y%η#ćrJ%O"I#͟nHօ"O."ԃ/@.GRB ^--G͑yHʃsFPy9 #W{/$)ewP+J4aZhWd| l&➻;9BD5ĆTh n2%JR2OkYuWMwlҝ1`ˋEXN4NL/SQ<#+eU*nL ^)jHjnV5M]<8;`L08MՂmZ[Nz"ȉlVz-|Hvy /]݊(kWf5z^^[ -̏Ġ6-:wc:*`>HY,*TLOZ˄]q[zA+rvʸ!]NBx5]#I M1IJB#WLnJ|@v̆O]iSgq;AD9[#f"[(r}50DasM'].`iʮ6ӿzf-b;ga{Tg.*Xi,.괖ע dD{7+E*]AxÞ=2J;4_t6~6Nj[)@bMPXMmC *5 HWׁ?CCWའQ^?FSvvhrߢQsOMr<޻ _nSR=O伂"PއRT:o Ô>U+~t}(F$t טUpuEhlp1lhMq+f4U{BNE:fmX*>ntZ<1h||$fLÌ2Ą&~Dvgc2(Y8 !ӳJNnw~'EjRFrt1P 5lTJp%]EMXа ]0lTŔ1U\Mv_! Q Dr)h\'M3bH ^\̂[m'm0@6A͵\+8e $[g2=”ANMy!W̛U!mǸجc4LorW~(- s G:>^Cv~p߀UUKOcvFE'"en&JіҤRe@]T[Mq،s7-߹9N M6 u.ёzMYʾ;L엂zDrO-ttvGmJfShL@6VL= ,Sg:ݺ[1^SO  lh{ór`lyCM}9vt-&FxXS 6&VySCr]s.(0'5dr~G5?2 J]GVs|ur뤌ּk5?m5 )E0BƋJ՞$C _c;"c] xѳf\'̠ORȖ_Y:&j|% yu}|hY@I\_sW?;1RE8x'2Egx-dSQҜ".K]\4`H'J6^ع@6c/Q0/ " xu5yбHNt{{1TjodMgv@6)ňïKC'0~M<>6`5#[.䬏>hxBۈ!OMΈu*Ut*= 1LH7 )'?Ul9+yU OHqf f^n`fӔΈxx #rUԜ"F푍 NP߱US;3SB \cr(wMbO J"f J ֞8hk@v%%n8 K FZ?tp"(*"kqP7ꂥH( sKBˆO]G#i߁O¶b 9]\@df>LQ" } HvY\t8F2!s lDp imkkYUa,Ctpl4 G/(j诖_Rϵ1`C%nWY~?sjXϾ=Ĩ>tsg3jW}8FI.cYFVbu(rY6Ng9F]9AT1JʈfroN3mEJmj763Z[%rjao;A>sj~NMT;_]zEO>llKñΖ{B݃轨n"Zڑ$xfoYK!$J̳j璈0wCTDp9NNeL 7 (xX0Ί" ߟ!e>5CU4p`ph9/u'"3瑮a#]*l<< H M(!FpCcT18MJ~2uwd@F]\vISQ5hTͪCAYWe[£*sXX: Ă[cK Qhj!6чt?hqdSp!eHXxVEh_$? ,%AX 0 4+u=r_C궈ko ̦8ֺ7WKII]dPUy d_-/꠺xXQ݇8qlӱB`x @tFεq0u\p EG9:S&+@h['fF eRNVR튘( @YMԝm -Ko^%lR=O hd%X oĿ e1x.#&xn5tClmokDu8p=9N=ݗT07/ԇUt {F?vٻf#qQf`]d닠bF5R 9ӈ@51OhܲY/4+e]$ @5,||Lp (Vu!Œ$1Q?RCdw4=:ʑ%xȧ;SEFlbFB,C ", MB)`)-J++-IuRJ*~#.į T=13ˡn*Lߢ[F$lTzB[k}}#'YZQxT (NӨ i$a%risSz3aưwD!vd\ȢnBq:71 + F`tY},E2(h#/7='h 0#Mȉ߫V7ǀVVQAS$[^dt"}K0)y"ej %].] m7Uz(_-U4D:]