SUSE-RU-2026:0651-1: moderate: Recommended update for sssd
SLE-UPDATES
null at suse.de
Thu Feb 26 08:30:16 UTC 2026
# Recommended update for sssd
Announcement ID: SUSE-RU-2026:0651-1
Release Date: 2026-02-25T19:20:26Z
Rating: moderate
References:
* bsc#1212476
* bsc#1257509
* jsc#PED-12449
* jsc#PED-13811
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server 15 SP6 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that contains two features and has two fixes can now be installed.
## Description:
This update for sssd fixes the following issues:
* Use %pre scriptlet instead of %pretrans to migrate from sssd-common
(bsc#1257509).
* Update to release 2.10.2 (jsc#PED-12449):
* If the ssh responder is not running, sss_ssh_knownhosts will not fail
* SSSD is now capable of handling multiple services associated with the same port.
* sssd_pam, being a privileged binary, now clears the environment and does not allow configuration of the PR_SET_DUMPABLE flag as a precaution.
* Changes from sssd 2.10.1:
* SSSD does not create anymore missing path components of DIR:/FILE: ccache types while acquiring user's TGT. The parent directory of requested ccache directory must exist and the user trying to log in must have rwx access to this directory. This matches behavior of /usr/bin/kinit.
* The option default_domain_suffix is deprecated.
* Changes from sssd 2.10.0:
* The `sssctl cache-upgrade` command was removed. SSSD performs automatic upgrades at startup when needed.
* Support of `enumeration` feature for AD/IPA providers is deprecated and might be removed in further releases.
* The new tool `sss_ssh_knownhosts` can be used with ssh's `KnownHostsCommand` configuration option to retrieve the host's public keys from a remote server. It replaces ``sss_ssh_knownhostsproxy`.
* The default value for `ldap_id_use_start_tls` changed from false to true for improved security.
* Fix socket activation of responders
* Daemon runs now as unprivileged user 'sssd'
* Fix build parameter name omitted
* Update filelists involving memberof.so and idmap/sss.so to avoid gobbling up
one file into multiple sssd subpackages.
* Fix spec file for openSUSE ALP and SUSE SLFO, where the
python3_fix_shebang_path RPM macro is not available
* remove dependency on /usr/bin/python3 using %python3_fix_shebang_path macro
(bsc#1212476)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-651=1 openSUSE-SLE-15.6-2026-651=1
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-651=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-651=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* sssd-ad-debuginfo-2.10.2-150600.3.36.1
* sssd-proxy-2.10.2-150600.3.36.1
* libsss_certmap-devel-2.10.2-150600.3.36.1
* sssd-dbus-debuginfo-2.10.2-150600.3.36.1
* libsss_idmap0-2.10.2-150600.3.36.1
* libsss_nss_idmap-devel-2.10.2-150600.3.36.1
* libnfsidmap-sss-debuginfo-2.10.2-150600.3.36.1
* sssd-2.10.2-150600.3.36.1
* sssd-tools-2.10.2-150600.3.36.1
* python3-sssd-config-debuginfo-2.10.2-150600.3.36.1
* sssd-krb5-common-2.10.2-150600.3.36.1
* sssd-dbus-2.10.2-150600.3.36.1
* python3-ipa_hbac-2.10.2-150600.3.36.1
* sssd-krb5-2.10.2-150600.3.36.1
* libsss_idmap0-debuginfo-2.10.2-150600.3.36.1
* libsss_certmap0-debuginfo-2.10.2-150600.3.36.1
* sssd-proxy-debuginfo-2.10.2-150600.3.36.1
* libnfsidmap-sss-2.10.2-150600.3.36.1
* python3-sss-murmur-2.10.2-150600.3.36.1
* python3-sss_nss_idmap-2.10.2-150600.3.36.1
* sssd-winbind-idmap-debuginfo-2.10.2-150600.3.36.1
* libsss_simpleifp-devel-2.10.2-150600.3.36.1
* python3-sssd-config-2.10.2-150600.3.36.1
* sssd-debugsource-2.10.2-150600.3.36.1
* sssd-ldap-debuginfo-2.10.2-150600.3.36.1
* libsss_simpleifp0-2.10.2-150600.3.36.1
* sssd-ad-2.10.2-150600.3.36.1
* sssd-tools-debuginfo-2.10.2-150600.3.36.1
* libsss_simpleifp0-debuginfo-2.10.2-150600.3.36.1
* libsss_nss_idmap0-2.10.2-150600.3.36.1
* sssd-ipa-debuginfo-2.10.2-150600.3.36.1
* sssd-ldap-2.10.2-150600.3.36.1
* sssd-ipa-2.10.2-150600.3.36.1
* sssd-kcm-2.10.2-150600.3.36.1
* libsss_certmap0-2.10.2-150600.3.36.1
* sssd-winbind-idmap-2.10.2-150600.3.36.1
* libipa_hbac0-debuginfo-2.10.2-150600.3.36.1
* libipa_hbac-devel-2.10.2-150600.3.36.1
* sssd-kcm-debuginfo-2.10.2-150600.3.36.1
* sssd-krb5-common-debuginfo-2.10.2-150600.3.36.1
* libipa_hbac0-2.10.2-150600.3.36.1
* python3-sss_nss_idmap-debuginfo-2.10.2-150600.3.36.1
* sssd-krb5-debuginfo-2.10.2-150600.3.36.1
* sssd-debuginfo-2.10.2-150600.3.36.1
* libsss_nss_idmap0-debuginfo-2.10.2-150600.3.36.1
* libsss_idmap-devel-2.10.2-150600.3.36.1
* python3-ipa_hbac-debuginfo-2.10.2-150600.3.36.1
* python3-sss-murmur-debuginfo-2.10.2-150600.3.36.1
* openSUSE Leap 15.6 (x86_64)
* sssd-32bit-2.10.2-150600.3.36.1
* sssd-32bit-debuginfo-2.10.2-150600.3.36.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* sssd-64bit-2.10.2-150600.3.36.1
* sssd-64bit-debuginfo-2.10.2-150600.3.36.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* sssd-ad-debuginfo-2.10.2-150600.3.36.1
* sssd-proxy-2.10.2-150600.3.36.1
* libsss_certmap-devel-2.10.2-150600.3.36.1
* sssd-dbus-debuginfo-2.10.2-150600.3.36.1
* libsss_idmap0-2.10.2-150600.3.36.1
* libsss_nss_idmap-devel-2.10.2-150600.3.36.1
* sssd-2.10.2-150600.3.36.1
* sssd-tools-2.10.2-150600.3.36.1
* python3-sssd-config-debuginfo-2.10.2-150600.3.36.1
* sssd-krb5-common-2.10.2-150600.3.36.1
* sssd-dbus-2.10.2-150600.3.36.1
* sssd-krb5-2.10.2-150600.3.36.1
* libsss_idmap0-debuginfo-2.10.2-150600.3.36.1
* libsss_certmap0-debuginfo-2.10.2-150600.3.36.1
* sssd-proxy-debuginfo-2.10.2-150600.3.36.1
* sssd-winbind-idmap-debuginfo-2.10.2-150600.3.36.1
* libsss_simpleifp-devel-2.10.2-150600.3.36.1
* sssd-debugsource-2.10.2-150600.3.36.1
* sssd-ldap-debuginfo-2.10.2-150600.3.36.1
* libsss_simpleifp0-2.10.2-150600.3.36.1
* sssd-ad-2.10.2-150600.3.36.1
* sssd-tools-debuginfo-2.10.2-150600.3.36.1
* libsss_simpleifp0-debuginfo-2.10.2-150600.3.36.1
* libsss_nss_idmap0-2.10.2-150600.3.36.1
* sssd-ipa-debuginfo-2.10.2-150600.3.36.1
* sssd-ldap-2.10.2-150600.3.36.1
* sssd-ipa-2.10.2-150600.3.36.1
* libsss_idmap-devel-2.10.2-150600.3.36.1
* sssd-kcm-2.10.2-150600.3.36.1
* libsss_certmap0-2.10.2-150600.3.36.1
* sssd-winbind-idmap-2.10.2-150600.3.36.1
* libipa_hbac0-debuginfo-2.10.2-150600.3.36.1
* libipa_hbac-devel-2.10.2-150600.3.36.1
* sssd-kcm-debuginfo-2.10.2-150600.3.36.1
* sssd-krb5-common-debuginfo-2.10.2-150600.3.36.1
* sssd-krb5-debuginfo-2.10.2-150600.3.36.1
* sssd-debuginfo-2.10.2-150600.3.36.1
* libsss_nss_idmap0-debuginfo-2.10.2-150600.3.36.1
* python3-sssd-config-2.10.2-150600.3.36.1
* libipa_hbac0-2.10.2-150600.3.36.1
* SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
* sssd-32bit-2.10.2-150600.3.36.1
* sssd-32bit-debuginfo-2.10.2-150600.3.36.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
* sssd-ad-debuginfo-2.10.2-150600.3.36.1
* sssd-proxy-2.10.2-150600.3.36.1
* libsss_certmap-devel-2.10.2-150600.3.36.1
* sssd-dbus-debuginfo-2.10.2-150600.3.36.1
* libsss_idmap0-2.10.2-150600.3.36.1
* libsss_nss_idmap-devel-2.10.2-150600.3.36.1
* sssd-2.10.2-150600.3.36.1
* sssd-tools-2.10.2-150600.3.36.1
* python3-sssd-config-debuginfo-2.10.2-150600.3.36.1
* sssd-krb5-common-2.10.2-150600.3.36.1
* sssd-dbus-2.10.2-150600.3.36.1
* sssd-krb5-2.10.2-150600.3.36.1
* libsss_idmap0-debuginfo-2.10.2-150600.3.36.1
* libsss_certmap0-debuginfo-2.10.2-150600.3.36.1
* sssd-proxy-debuginfo-2.10.2-150600.3.36.1
* sssd-winbind-idmap-debuginfo-2.10.2-150600.3.36.1
* libsss_simpleifp-devel-2.10.2-150600.3.36.1
* sssd-debugsource-2.10.2-150600.3.36.1
* sssd-ldap-debuginfo-2.10.2-150600.3.36.1
* libsss_simpleifp0-2.10.2-150600.3.36.1
* sssd-ad-2.10.2-150600.3.36.1
* sssd-tools-debuginfo-2.10.2-150600.3.36.1
* libsss_simpleifp0-debuginfo-2.10.2-150600.3.36.1
* libsss_nss_idmap0-2.10.2-150600.3.36.1
* sssd-ipa-debuginfo-2.10.2-150600.3.36.1
* sssd-ldap-2.10.2-150600.3.36.1
* sssd-ipa-2.10.2-150600.3.36.1
* libsss_idmap-devel-2.10.2-150600.3.36.1
* sssd-kcm-2.10.2-150600.3.36.1
* libsss_certmap0-2.10.2-150600.3.36.1
* sssd-winbind-idmap-2.10.2-150600.3.36.1
* libipa_hbac0-debuginfo-2.10.2-150600.3.36.1
* libipa_hbac-devel-2.10.2-150600.3.36.1
* sssd-kcm-debuginfo-2.10.2-150600.3.36.1
* sssd-krb5-common-debuginfo-2.10.2-150600.3.36.1
* sssd-krb5-debuginfo-2.10.2-150600.3.36.1
* sssd-debuginfo-2.10.2-150600.3.36.1
* libsss_nss_idmap0-debuginfo-2.10.2-150600.3.36.1
* python3-sssd-config-2.10.2-150600.3.36.1
* libipa_hbac0-2.10.2-150600.3.36.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
* sssd-32bit-2.10.2-150600.3.36.1
* sssd-32bit-debuginfo-2.10.2-150600.3.36.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1212476
* https://bugzilla.suse.com/show_bug.cgi?id=1257509
* https://jira.suse.com/browse/PED-12449
* https://jira.suse.com/browse/PED-13811
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260226/cb067d58/attachment.htm>
More information about the sle-updates
mailing list