SUSE-RU-2026:21588-1: important: Recommended update for sssd

SLE-UPDATES null at suse.de
Fri May 15 08:34:18 UTC 2026 

# Recommended update for sssd

Announcement ID: SUSE-RU-2026:21588-1  
Release Date: 2026-05-11T12:02:48Z  
Rating: important  
References:

  * bsc#1230348
  * bsc#1257509
  * bsc#1257643
  * bsc#1259253
  * bsc#1259436
  * bsc#1259475
  * jsc#PED-12449

  
Affected Products:

  * SUSE Linux Micro 6.2

  
  
An update that contains one feature and has six fixes can now be installed.

## Description:

This update for sssd fixes the following issues:

  * With the 2.10 update sssd runs under unprivileged user which is not possible
    in certain scenarios. This update reverts to run as root with minimum
    privileges (bsc#1259436);
  * Let krb5 child tolerate missing capabilities;
  * Add support for UsrEtc; (bsc#1257643);
  * The default configuration file is installed now in /usr/etc/sssd/sssd.conf.
    It can be completely overridden by manually creating the system specific
    config file /etc/sssd/sssd.conf, or partially overridden by creating config
    snippets in /etc/sssd/conf.d/ directory. Check sssd.conf manpage for more
    details.
  * Fix ldap_child process started by the backend process ending in defunc
    state.
  * Create the secrets directory for the KCM service; (bsc#1259253);
  * Make sure previously rotated logs are chown-ed as well (bsc#1259475);
  * Use %pre scriptlet instead of %pretrans to migrate from sssd-common
    (bsc#1257509);
  * Update to release 2.10.2; (jsc#PED-12449):
    * If the ssh responder is not running, sss_ssh_knownhosts will not fail.
    * SSSD is now capable of handling multiple services associated with the same port.
    * sssd_pam, being a privileged binary, now clears the environment and does not allow configuration of the PR_SET_DUMPABLE flag as a precaution.
  * Changes from sssd 2.10.1:
    * SSSD does not create anymore missing path components of DIR:/FILE: ccache types while acquiring user's TGT.
    * The option default_domain_suffix is deprecated.
  * Changes from sssd 2.10.0:
    * The `sssctl cache-upgrade` command was removed. SSSD performs automatic upgrades at startup when needed.
    * Support of `enumeration` feature for AD/IPA providers is deprecated and might be removed in further releases.
    * The new tool `sss_ssh_knownhosts` can be used with ssh's `KnownHostsCommand` configuration option to retrieve the host's public keys from a remote server. It replaces ``sss_ssh_knownhostsproxy`.
    * The default value for `ldap_id_use_start_tls` changed from false to true for improved security.
  * Fix socket activation of responders
  * Daemon runs now as unprivileged user 'sssd'
  * Fix sssctl config-check exit code when the conf.d snippets directory does
    not exist (bsc#1230348);

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Micro 6.2  
    zypper in -t patch SUSE-SL-Micro-6.2-729=1

## Package List:

  * SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64)
    * libsss_idmap0-2.10.2-160000.1.1
    * libsss_idmap0-debuginfo-2.10.2-160000.1.1
    * sssd-ad-debuginfo-2.10.2-160000.1.1
    * python3-sssd-config-debuginfo-2.10.2-160000.1.1
    * sssd-ldap-2.10.2-160000.1.1
    * sssd-debugsource-2.10.2-160000.1.1
    * sssd-krb5-common-2.10.2-160000.1.1
    * sssd-ldap-debuginfo-2.10.2-160000.1.1
    * libsss_certmap0-2.10.2-160000.1.1
    * sssd-dbus-2.10.2-160000.1.1
    * sssd-debuginfo-2.10.2-160000.1.1
    * sssd-tools-2.10.2-160000.1.1
    * sssd-krb5-debuginfo-2.10.2-160000.1.1
    * sssd-ad-2.10.2-160000.1.1
    * sssd-krb5-common-debuginfo-2.10.2-160000.1.1
    * sssd-2.10.2-160000.1.1
    * sssd-krb5-2.10.2-160000.1.1
    * sssd-dbus-debuginfo-2.10.2-160000.1.1
    * libsss_certmap0-debuginfo-2.10.2-160000.1.1
    * python3-sssd-config-2.10.2-160000.1.1
    * sssd-tools-debuginfo-2.10.2-160000.1.1

## References:

  * https://bugzilla.suse.com/show_bug.cgi?id=1230348
  * https://bugzilla.suse.com/show_bug.cgi?id=1257509
  * https://bugzilla.suse.com/show_bug.cgi?id=1257643
  * https://bugzilla.suse.com/show_bug.cgi?id=1259253
  * https://bugzilla.suse.com/show_bug.cgi?id=1259436
  * https://bugzilla.suse.com/show_bug.cgi?id=1259475
  * https://jira.suse.com/browse/PED-12449

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260515/d2fa5c6e/attachment.htm>

More information about the sle-updates mailing list