[1.16.4-21] - Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly [1.16.4-20] - Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization [1.16.4-19] - Resolves: rhbz#1707959 - sssd does not properly check GSS-SPNEGO [1.16.4-18] - Resolves: rhbz#1710286 - The server error message is not returned if password change fails [1.16.4-17] - Resolves: rhbz#1711832 - The files provider does not handle resetOffline properly [1.16.4-16] - Resolves: rhbz#1707759 - Error accessing files on samba share randomly [1.16.4-15] - Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains /trusts [1.16.4-14] - Resolves: rhbz#1684979 - The HBAC code requires dereference to be enabled and fails otherwise [1.16.4-12] - Resolves: rhbz#1576524 - RHEL STIG pointing sssd Packaging issue - This was partially fixed by the rebase, but one spec file change was missing. [1.16.4-12] - Resolves: rhbz#1524566 - FIPS mode breaks using pysss.so [1.16.4-11] - Resolves: rhbz#1350012 - kinit / sssd kerberos fail over - Resolves: rhbz#720688 - [RFE] return multiple server addresses to the Kerberos locator plugin [1.16.4-10] - Resolves: rhbz#1402056 - [RFE] Make 2FA prompting configurable [1.16.4-9] - Resolves: rhbz#1666819 - SSSD can trigger a NSS lookup when parsing the filter_users/groups lists on startup, this can block the startup [1.16.4-8] - Resolves: rhbz#1645461 - Slow ldb search causes blocking during startup which might cause the registration to time out [1.16.4-7] - Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains / trusts [1.16.4-6] - Resolves: rhbz#1671138 - User is unable to perform sudo as a user on IPA Server, even though "sudo -l" shows permissions to do so [1.16.4-5] - Resolves: rhbz#1657806 - [RFE]: Optionally disable generating auto private groups for subdomains of an AD provider [1.16.4-4] - Resolves: rhbz#1641131 - [RFE] Need an option in SSSD so that it will skip GPOs that have groupPolicyContainers, unreadable by SSSD. - Resolves: rhbz#1660874 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions [rhel-7] [1.16.4-3] - Resolves: rhbz#1631656 - KCM: kinit: Matching credential not found while getting default ccache [1.16.4-2] - Resolves: rhbz#1406678 - sssd service is starting before network service - Resolves: rhbz#1616853 - SSSD always boots in Offline mode [1.16.4-1] - Resolves: rhbz#1658994 - Rebase SSSD to 1.16.x [1.16.2-17] - Resolves: rhbz#1603311 - Enable generating user private groups only for users with uid == gid where gid does not correspond to a real LDAP group [1.16.2-16] - Resolves: rhbz#1602172 - SSSDs LDAP authentication provider does not work if ID provider is authenticated with GSSAPI [1.16.2-15] - Resolves: rhbz#1622109 - SSSD not fetching all sudo rules from AD [1.16.2-14] - Resolves: rhbz#1619706 - sssd only sets the SELinux login context if it differs from the default