- Issued:
- 2013-03-25
- Updated:
- 2013-03-25
RHBA-2013:0677 - sssd bug fix update
Synopsis
sssd bug fix update
Type/Severity
Bug Fix Advisory
Topic
Updated sssd packages that fix three bugs are now available for Red Hat Enterprise Linux 6.
Description
SSSD (System Security Services Daemon) provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides NSS (Name Service Switch) and PAM (Pluggable Authentication Modules) interfaces toward the system and a pluggable back end system to connect to multiple different account sources.
This update fixes the following bugs:
-
When the ldap_chpass_update_last_change option was enabled, the shadowLastChange attribute contained number of seconds instead of days. Consequently, when shadowLastChange was in use and the user was prompted to update their expiring password, shadowLastChange was not updated. The user then continued to get the error until they were locked out of the system. With this update, number of days is stored in shadowLastChange attribute and users are able to change their expiring passwords as expected. (BZ#847969)
-
Kerberos options were loaded separately in the krb5 utility and the IPA provider with different codepaths. The code was fixed in krb5 but not in the IPA provider. Consequently, a Kerberos ticket was not renewed in time when IPA was used as an authentication provider. With this update, Kerberos options are loaded using a common API and Kerberos tickets are renewed as expected in the described scenario. (BZ#867012)
-
When SSSD was built without sudo support, the ldap_sudo_search_base value was not set and the namingContexts LDAP attribute contained a zero-length string. Consequently, SSSD tried to set ldap_sudo_search_base with this string and failed. Therefore, SSSD was unable to establish connection with LDAP server and switched to offline mode. With this update, SSSD considers the zero-length namingContexts value the same way as if no value was available, thus preventing this bug. (BZ#881460)
All users of sssd are advised to upgrade to these updated packages, which fix these bugs.
Solution
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 6.3 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 6.3 | i386 |
| Red Hat Enterprise Linux for Power, big endian - Extended Update Support | 6.3 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 6.3 | s390x |
| Red Hat Enterprise Linux Server - Extended Update Support from RHUI | 6.3 | x86_64 |
| Red Hat Enterprise Linux Server - Extended Update Support from RHUI | 6.3 | i386 |
Updated Packages
- libipa_hbac-1.8.0-32.4.el6_3.ppc64.rpm
- sssd-client-1.8.0-32.4.el6_3.x86_64.rpm
- libipa_hbac-devel-1.8.0-32.4.el6_3.i686.rpm
- libipa_hbac-1.8.0-32.4.el6_3.s390.rpm
- libipa_hbac-1.8.0-32.4.el6_3.s390x.rpm
- sssd-debuginfo-1.8.0-32.4.el6_3.x86_64.rpm
- libipa_hbac-python-1.8.0-32.4.el6_3.ppc64.rpm
- sssd-1.8.0-32.4.el6_3.x86_64.rpm
- sssd-client-1.8.0-32.4.el6_3.s390x.rpm
- libipa_hbac-python-1.8.0-32.4.el6_3.i686.rpm
- sssd-1.8.0-32.4.el6_3.i686.rpm
- sssd-1.8.0-32.4.el6_3.ppc64.rpm
- sssd-1.8.0-32.4.el6_3.s390x.rpm
- libipa_hbac-1.8.0-32.4.el6_3.x86_64.rpm
- sssd-client-1.8.0-32.4.el6_3.i686.rpm
- libipa_hbac-python-1.8.0-32.4.el6_3.x86_64.rpm
- sssd-debuginfo-1.8.0-32.4.el6_3.s390x.rpm
- sssd-tools-1.8.0-32.4.el6_3.x86_64.rpm
- libipa_hbac-devel-1.8.0-32.4.el6_3.x86_64.rpm
- libipa_hbac-devel-1.8.0-32.4.el6_3.ppc64.rpm
- libsss_autofs-1.8.0-32.4.el6_3.s390x.rpm
- sssd-debuginfo-1.8.0-32.4.el6_3.i686.rpm
- libsss_autofs-1.8.0-32.4.el6_3.i686.rpm
- libipa_hbac-devel-1.8.0-32.4.el6_3.s390.rpm
- sssd-client-1.8.0-32.4.el6_3.ppc64.rpm
- libipa_hbac-devel-1.8.0-32.4.el6_3.s390x.rpm
- sssd-debuginfo-1.8.0-32.4.el6_3.ppc64.rpm
- libsss_autofs-1.8.0-32.4.el6_3.ppc64.rpm
- sssd-debuginfo-1.8.0-32.4.el6_3.s390.rpm
- libipa_hbac-1.8.0-32.4.el6_3.i686.rpm
- sssd-tools-1.8.0-32.4.el6_3.s390x.rpm
- libsss_autofs-1.8.0-32.4.el6_3.x86_64.rpm
- sssd-tools-1.8.0-32.4.el6_3.ppc64.rpm
- libipa_hbac-devel-1.8.0-32.4.el6_3.ppc.rpm
- sssd-1.8.0-32.4.el6_3.src.rpm
- libipa_hbac-python-1.8.0-32.4.el6_3.s390x.rpm
- sssd-client-1.8.0-32.4.el6_3.s390.rpm
- sssd-tools-1.8.0-32.4.el6_3.i686.rpm
- sssd-client-1.8.0-32.4.el6_3.ppc.rpm
- sssd-debuginfo-1.8.0-32.4.el6_3.ppc.rpm
- libipa_hbac-1.8.0-32.4.el6_3.ppc.rpm
Fixes
(none)
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.