<div class="container">
<h1>Recommended update for sssd</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2026:0640-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2026-02-25T15:40:40Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212476">bsc#1212476</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257509">bsc#1257509</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-12449">jsc#PED-12449</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-13811">jsc#PED-13811</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">Basesystem Module 15-SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP7</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP7</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that contains two features and has two fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for sssd fixes the following issues:</p>
<ul>
<li>Use %pre scriptlet instead of %pretrans to migrate from sssd-common (bsc#1257509)</li>
<li>Update to release 2.10.2 (jsc#PED-12449):<ul>
<li>If the ssh responder is not running, sss_ssh_knownhosts will not fail</li>
<li>SSSD is now capable of handling multiple services associated with the same port.</li>
<li>sssd_pam, being a privileged binary, now clears the environment and
does not allow configuration of the PR_SET_DUMPABLE flag as a precaution.</li>
</ul>
</li>
<li>Changes from sssd 2.10.1:<ul>
<li>SSSD does not create anymore missing path components of DIR:/FILE: ccache types
while acquiring user's TGT. The parent directory of requested ccache directory must exist and the user
trying to log in must have rwx access to this directory. This matches behavior of /usr/bin/kinit.</li>
<li>The option default_domain_suffix is deprecated.</li>
</ul>
</li>
<li>Changes from sssd 2.10.0:<ul>
<li>The <code>sssctl cache-upgrade</code> command was removed.
SSSD performs automatic upgrades at startup when needed.</li>
<li>Support of <code>enumeration</code> feature for AD/IPA providers is deprecated and
might be removed in further releases.</li>
<li>The new tool <code>sss_ssh_knownhosts</code> can be used with ssh's <code>KnownHostsCommand</code>
configuration option to retrieve the host's public keys from a remote server.
It replaces <code>`sss_ssh_knownhostsproxy</code>.</li>
<li>The default value for <code>ldap_id_use_start_tls</code> changed from false to true for improved security.</li>
</ul>
</li>
<li>Fix socket activation of responders</li>
<li>Daemon runs now as unprivileged user 'sssd'</li>
<li>Fix build parameter name omitted</li>
<li>Update filelists involving memberof.so and idmap/sss.so to
avoid gobbling up one file into multiple sssd subpackages.</li>
<li>Fix spec file for openSUSE ALP and SUSE SLFO, where the
python3_fix_shebang_path RPM macro is not available</li>
<li>remove dependency on /usr/bin/python3 using
%python3_fix_shebang_path macro (bsc#1212476)</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
Basesystem Module 15-SP7
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-640=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
Basesystem Module 15-SP7 (aarch64 ppc64le s390x x86_64)
<ul>
<li>sssd-2.10.2-150700.9.17.1</li>
<li>libsss_nss_idmap0-debuginfo-2.10.2-150700.9.17.1</li>
<li>libsss_idmap0-2.10.2-150700.9.17.1</li>
<li>sssd-krb5-2.10.2-150700.9.17.1</li>
<li>sssd-tools-2.10.2-150700.9.17.1</li>
<li>libsss_certmap-devel-2.10.2-150700.9.17.1</li>
<li>libsss_nss_idmap0-2.10.2-150700.9.17.1</li>
<li>sssd-ad-debuginfo-2.10.2-150700.9.17.1</li>
<li>libipa_hbac-devel-2.10.2-150700.9.17.1</li>
<li>sssd-winbind-idmap-debuginfo-2.10.2-150700.9.17.1</li>
<li>sssd-ipa-2.10.2-150700.9.17.1</li>
<li>sssd-proxy-debuginfo-2.10.2-150700.9.17.1</li>
<li>sssd-krb5-common-debuginfo-2.10.2-150700.9.17.1</li>
<li>libsss_simpleifp-devel-2.10.2-150700.9.17.1</li>
<li>libsss_idmap-devel-2.10.2-150700.9.17.1</li>
<li>sssd-debugsource-2.10.2-150700.9.17.1</li>
<li>sssd-ipa-debuginfo-2.10.2-150700.9.17.1</li>
<li>sssd-krb5-debuginfo-2.10.2-150700.9.17.1</li>
<li>python3-sssd-config-2.10.2-150700.9.17.1</li>
<li>sssd-tools-debuginfo-2.10.2-150700.9.17.1</li>
<li>libsss_idmap0-debuginfo-2.10.2-150700.9.17.1</li>
<li>sssd-kcm-2.10.2-150700.9.17.1</li>
<li>sssd-kcm-debuginfo-2.10.2-150700.9.17.1</li>
<li>sssd-ldap-2.10.2-150700.9.17.1</li>
<li>sssd-dbus-debuginfo-2.10.2-150700.9.17.1</li>
<li>libsss_simpleifp0-debuginfo-2.10.2-150700.9.17.1</li>
<li>sssd-dbus-2.10.2-150700.9.17.1</li>
<li>sssd-winbind-idmap-2.10.2-150700.9.17.1</li>
<li>sssd-ad-2.10.2-150700.9.17.1</li>
<li>sssd-proxy-2.10.2-150700.9.17.1</li>
<li>sssd-debuginfo-2.10.2-150700.9.17.1</li>
<li>libsss_certmap0-debuginfo-2.10.2-150700.9.17.1</li>
<li>sssd-krb5-common-2.10.2-150700.9.17.1</li>
<li>python3-sssd-config-debuginfo-2.10.2-150700.9.17.1</li>
<li>libipa_hbac0-debuginfo-2.10.2-150700.9.17.1</li>
<li>libsss_simpleifp0-2.10.2-150700.9.17.1</li>
<li>libipa_hbac0-2.10.2-150700.9.17.1</li>
<li>libsss_nss_idmap-devel-2.10.2-150700.9.17.1</li>
<li>libsss_certmap0-2.10.2-150700.9.17.1</li>
<li>sssd-ldap-debuginfo-2.10.2-150700.9.17.1</li>
</ul>
</li>
<li>
Basesystem Module 15-SP7 (x86_64)
<ul>
<li>sssd-32bit-debuginfo-2.10.2-150700.9.17.1</li>
<li>sssd-32bit-2.10.2-150700.9.17.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212476">https://bugzilla.suse.com/show_bug.cgi?id=1212476</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257509">https://bugzilla.suse.com/show_bug.cgi?id=1257509</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-12449">https://jira.suse.com/browse/PED-12449</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-13811">https://jira.suse.com/browse/PED-13811</a>
</li>
</ul>
</div>