SUSE-RU-2026:21604-1: important: Recommended update for sssd
SLE-UPDATES
null at suse.de
Fri May 15 08:31:37 UTC 2026
# Recommended update for sssd
Announcement ID: SUSE-RU-2026:21604-1
Release Date: 2026-05-11T12:03:57Z
Rating: important
References:
* bsc#1230348
* bsc#1257509
* bsc#1257643
* bsc#1259253
* bsc#1259436
* bsc#1259475
* jsc#PED-12449
Affected Products:
* SUSE Linux Enterprise Server 16.0
* SUSE Linux Enterprise Server for SAP applications 16.0
An update that contains one feature and has six fixes can now be installed.
## Description:
This update for sssd fixes the following issues:
* With the 2.10 update sssd runs under unprivileged user which is not possible
in certain scenarios. This update reverts to run as root with minimum
privileges (bsc#1259436);
* Let krb5 child tolerate missing capabilities;
* Add support for UsrEtc; (bsc#1257643);
* The default configuration file is installed now in /usr/etc/sssd/sssd.conf.
It can be completely overridden by manually creating the system specific
config file /etc/sssd/sssd.conf, or partially overridden by creating config
snippets in /etc/sssd/conf.d/ directory. Check sssd.conf manpage for more
details.
* Fix ldap_child process started by the backend process ending in defunc
state.
* Create the secrets directory for the KCM service; (bsc#1259253);
* Make sure previously rotated logs are chown-ed as well (bsc#1259475);
* Use %pre scriptlet instead of %pretrans to migrate from sssd-common
(bsc#1257509);
* Update to release 2.10.2; (jsc#PED-12449):
* If the ssh responder is not running, sss_ssh_knownhosts will not fail.
* SSSD is now capable of handling multiple services associated with the same port.
* sssd_pam, being a privileged binary, now clears the environment and does not allow configuration of the PR_SET_DUMPABLE flag as a precaution.
* Changes from sssd 2.10.1:
* SSSD does not create anymore missing path components of DIR:/FILE: ccache types while acquiring user's TGT.
* The option default_domain_suffix is deprecated.
* Changes from sssd 2.10.0:
* The `sssctl cache-upgrade` command was removed. SSSD performs automatic upgrades at startup when needed.
* Support of `enumeration` feature for AD/IPA providers is deprecated and might be removed in further releases.
* The new tool `sss_ssh_knownhosts` can be used with ssh's `KnownHostsCommand` configuration option to retrieve the host's public keys from a remote server. It replaces ``sss_ssh_knownhostsproxy`.
* The default value for `ldap_id_use_start_tls` changed from false to true for improved security.
* Fix socket activation of responders
* Daemon runs now as unprivileged user 'sssd'
* Fix sssctl config-check exit code when the conf.d snippets directory does
not exist (bsc#1230348);
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 16.0
zypper in -t patch SUSE-SLES-16.0-729=1
* SUSE Linux Enterprise Server for SAP applications 16.0
zypper in -t patch SUSE-SLES-16.0-729=1
## Package List:
* SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
* python3-ipa_hbac-2.10.2-160000.1.1
* libsss_nss_idmap0-2.10.2-160000.1.1
* libsss_idmap0-2.10.2-160000.1.1
* libipa_hbac-devel-2.10.2-160000.1.1
* libnfsidmap-sss-debuginfo-2.10.2-160000.1.1
* python3-sss_nss_idmap-2.10.2-160000.1.1
* sssd-kcm-debuginfo-2.10.2-160000.1.1
* libsss_nss_idmap0-debuginfo-2.10.2-160000.1.1
* sssd-proxy-debuginfo-2.10.2-160000.1.1
* sssd-proxy-2.10.2-160000.1.1
* sssd-ad-debuginfo-2.10.2-160000.1.1
* libsss_idmap0-debuginfo-2.10.2-160000.1.1
* python3-sssd-config-debuginfo-2.10.2-160000.1.1
* sssd-ldap-2.10.2-160000.1.1
* python3-sss-murmur-2.10.2-160000.1.1
* sssd-ipa-2.10.2-160000.1.1
* sssd-winbind-idmap-debuginfo-2.10.2-160000.1.1
* sssd-debugsource-2.10.2-160000.1.1
* sssd-krb5-common-2.10.2-160000.1.1
* sssd-ldap-debuginfo-2.10.2-160000.1.1
* libsss_nss_idmap-devel-2.10.2-160000.1.1
* libsss_certmap0-2.10.2-160000.1.1
* sssd-dbus-2.10.2-160000.1.1
* libsss_certmap-devel-2.10.2-160000.1.1
* python3-sss_nss_idmap-debuginfo-2.10.2-160000.1.1
* sssd-debuginfo-2.10.2-160000.1.1
* sssd-kcm-2.10.2-160000.1.1
* libipa_hbac0-2.10.2-160000.1.1
* sssd-tools-2.10.2-160000.1.1
* python3-ipa_hbac-debuginfo-2.10.2-160000.1.1
* sssd-krb5-debuginfo-2.10.2-160000.1.1
* sssd-winbind-idmap-2.10.2-160000.1.1
* sssd-ad-2.10.2-160000.1.1
* libsss_idmap-devel-2.10.2-160000.1.1
* sssd-krb5-common-debuginfo-2.10.2-160000.1.1
* libipa_hbac0-debuginfo-2.10.2-160000.1.1
* sssd-2.10.2-160000.1.1
* sssd-ipa-debuginfo-2.10.2-160000.1.1
* sssd-krb5-2.10.2-160000.1.1
* libnfsidmap-sss-2.10.2-160000.1.1
* sssd-dbus-debuginfo-2.10.2-160000.1.1
* libsss_certmap0-debuginfo-2.10.2-160000.1.1
* python3-sssd-config-2.10.2-160000.1.1
* python3-sss-murmur-debuginfo-2.10.2-160000.1.1
* sssd-tools-debuginfo-2.10.2-160000.1.1
* SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64)
* python3-ipa_hbac-2.10.2-160000.1.1
* libsss_nss_idmap0-2.10.2-160000.1.1
* libsss_idmap0-2.10.2-160000.1.1
* libipa_hbac-devel-2.10.2-160000.1.1
* libnfsidmap-sss-debuginfo-2.10.2-160000.1.1
* python3-sss_nss_idmap-2.10.2-160000.1.1
* sssd-kcm-debuginfo-2.10.2-160000.1.1
* libsss_nss_idmap0-debuginfo-2.10.2-160000.1.1
* sssd-proxy-debuginfo-2.10.2-160000.1.1
* sssd-proxy-2.10.2-160000.1.1
* libsss_idmap0-debuginfo-2.10.2-160000.1.1
* sssd-ad-debuginfo-2.10.2-160000.1.1
* python3-sssd-config-debuginfo-2.10.2-160000.1.1
* sssd-ldap-2.10.2-160000.1.1
* python3-sss-murmur-2.10.2-160000.1.1
* sssd-ipa-2.10.2-160000.1.1
* sssd-winbind-idmap-debuginfo-2.10.2-160000.1.1
* sssd-debugsource-2.10.2-160000.1.1
* sssd-krb5-common-2.10.2-160000.1.1
* sssd-ldap-debuginfo-2.10.2-160000.1.1
* libsss_nss_idmap-devel-2.10.2-160000.1.1
* libsss_certmap0-2.10.2-160000.1.1
* sssd-dbus-2.10.2-160000.1.1
* libsss_certmap-devel-2.10.2-160000.1.1
* python3-sss_nss_idmap-debuginfo-2.10.2-160000.1.1
* sssd-debuginfo-2.10.2-160000.1.1
* sssd-kcm-2.10.2-160000.1.1
* libipa_hbac0-2.10.2-160000.1.1
* sssd-tools-2.10.2-160000.1.1
* python3-ipa_hbac-debuginfo-2.10.2-160000.1.1
* sssd-krb5-debuginfo-2.10.2-160000.1.1
* sssd-winbind-idmap-2.10.2-160000.1.1
* sssd-ad-2.10.2-160000.1.1
* libsss_idmap-devel-2.10.2-160000.1.1
* sssd-krb5-common-debuginfo-2.10.2-160000.1.1
* libipa_hbac0-debuginfo-2.10.2-160000.1.1
* sssd-2.10.2-160000.1.1
* sssd-ipa-debuginfo-2.10.2-160000.1.1
* sssd-krb5-2.10.2-160000.1.1
* libnfsidmap-sss-2.10.2-160000.1.1
* sssd-dbus-debuginfo-2.10.2-160000.1.1
* libsss_certmap0-debuginfo-2.10.2-160000.1.1
* python3-sssd-config-2.10.2-160000.1.1
* python3-sss-murmur-debuginfo-2.10.2-160000.1.1
* sssd-tools-debuginfo-2.10.2-160000.1.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1230348
* https://bugzilla.suse.com/show_bug.cgi?id=1257509
* https://bugzilla.suse.com/show_bug.cgi?id=1257643
* https://bugzilla.suse.com/show_bug.cgi?id=1259253
* https://bugzilla.suse.com/show_bug.cgi?id=1259436
* https://bugzilla.suse.com/show_bug.cgi?id=1259475
* https://jira.suse.com/browse/PED-12449
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260515/cc781e08/attachment.htm>
More information about the sle-updates
mailing list