SSSD 2.9.3 Release Notes
Highlights
General information
- The proxy provider is now able to handle certificate mapping and matching rules and users handled by the proxy provider can be configured for local Smartcard authentication. Besides the mapping rule local Smartcard authentication should be enabled with the 'local_auth_policy' option in the backend and with 'pam_cert_auth' in the PAM responder.
Important fixes
Passkey doesn't fail when using FreeIPA server-side authentication and require-user-verification=false.
New features
- When adding a new credential to KCM and the user has already reached their limit, the oldest expired credential will be removed to free some space. If no expired credential is found to be removed, the operation will fail as it happened in the previous versions.