<div class="container">
<h1>Recommended update for sssd</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2026:0651-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2026-02-25T19:20:26Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212476">bsc#1212476</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257509">bsc#1257509</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-12449">jsc#PED-12449</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-13811">jsc#PED-13811</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">openSUSE Leap 15.6</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP6</li>
<li class="list-group-item">SUSE Linux Enterprise Server 15 SP6 LTSS</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP6</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that contains two features and has two fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for sssd fixes the following issues:</p>
<ul>
<li>Use %pre scriptlet instead of %pretrans to migrate from sssd-common (bsc#1257509).</li>
<li>Update to release 2.10.2 (jsc#PED-12449):<ul>
<li>If the ssh responder is not running, sss_ssh_knownhosts will not fail</li>
<li>SSSD is now capable of handling multiple services associated with the same port.</li>
<li>sssd_pam, being a privileged binary, now clears the environment and
does not allow configuration of the PR_SET_DUMPABLE flag as a precaution.</li>
</ul>
</li>
<li>Changes from sssd 2.10.1:<ul>
<li>SSSD does not create anymore missing path components of DIR:/FILE: ccache types
while acquiring user's TGT. The parent directory of requested ccache directory must exist and the user
trying to log in must have rwx access to this directory. This matches behavior of /usr/bin/kinit.</li>
<li>The option default_domain_suffix is deprecated.</li>
</ul>
</li>
<li>Changes from sssd 2.10.0:<ul>
<li>The <code>sssctl cache-upgrade</code> command was removed.
SSSD performs automatic upgrades at startup when needed.</li>
<li>Support of <code>enumeration</code> feature for AD/IPA providers is deprecated and
might be removed in further releases.</li>
<li>The new tool <code>sss_ssh_knownhosts</code> can be used with ssh's <code>KnownHostsCommand</code>
configuration option to retrieve the host's public keys from a remote server.
It replaces <code>`sss_ssh_knownhostsproxy</code>.</li>
<li>The default value for <code>ldap_id_use_start_tls</code> changed from false to true for improved security.</li>
</ul>
</li>
<li>Fix socket activation of responders</li>
<li>Daemon runs now as unprivileged user 'sssd'</li>
<li>Fix build parameter name omitted</li>
<li>Update filelists involving memberof.so and idmap/sss.so to
avoid gobbling up one file into multiple sssd subpackages.</li>
<li>Fix spec file for openSUSE ALP and SUSE SLFO, where the
python3_fix_shebang_path RPM macro is not available</li>
<li>remove dependency on /usr/bin/python3 using
%python3_fix_shebang_path macro (bsc#1212476)</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
openSUSE Leap 15.6
<br/>
<code>zypper in -t patch SUSE-2026-651=1 openSUSE-SLE-15.6-2026-651=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 15 SP6 LTSS
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-651=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 15 SP6
<br/>
<code>zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-651=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
<ul>
<li>sssd-ad-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-proxy-2.10.2-150600.3.36.1</li>
<li>libsss_certmap-devel-2.10.2-150600.3.36.1</li>
<li>sssd-dbus-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_idmap0-2.10.2-150600.3.36.1</li>
<li>libsss_nss_idmap-devel-2.10.2-150600.3.36.1</li>
<li>libnfsidmap-sss-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-2.10.2-150600.3.36.1</li>
<li>sssd-tools-2.10.2-150600.3.36.1</li>
<li>python3-sssd-config-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-common-2.10.2-150600.3.36.1</li>
<li>sssd-dbus-2.10.2-150600.3.36.1</li>
<li>python3-ipa_hbac-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-2.10.2-150600.3.36.1</li>
<li>libsss_idmap0-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_certmap0-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-proxy-debuginfo-2.10.2-150600.3.36.1</li>
<li>libnfsidmap-sss-2.10.2-150600.3.36.1</li>
<li>python3-sss-murmur-2.10.2-150600.3.36.1</li>
<li>python3-sss_nss_idmap-2.10.2-150600.3.36.1</li>
<li>sssd-winbind-idmap-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_simpleifp-devel-2.10.2-150600.3.36.1</li>
<li>python3-sssd-config-2.10.2-150600.3.36.1</li>
<li>sssd-debugsource-2.10.2-150600.3.36.1</li>
<li>sssd-ldap-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_simpleifp0-2.10.2-150600.3.36.1</li>
<li>sssd-ad-2.10.2-150600.3.36.1</li>
<li>sssd-tools-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_simpleifp0-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_nss_idmap0-2.10.2-150600.3.36.1</li>
<li>sssd-ipa-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-ldap-2.10.2-150600.3.36.1</li>
<li>sssd-ipa-2.10.2-150600.3.36.1</li>
<li>sssd-kcm-2.10.2-150600.3.36.1</li>
<li>libsss_certmap0-2.10.2-150600.3.36.1</li>
<li>sssd-winbind-idmap-2.10.2-150600.3.36.1</li>
<li>libipa_hbac0-debuginfo-2.10.2-150600.3.36.1</li>
<li>libipa_hbac-devel-2.10.2-150600.3.36.1</li>
<li>sssd-kcm-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-common-debuginfo-2.10.2-150600.3.36.1</li>
<li>libipa_hbac0-2.10.2-150600.3.36.1</li>
<li>python3-sss_nss_idmap-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_nss_idmap0-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_idmap-devel-2.10.2-150600.3.36.1</li>
<li>python3-ipa_hbac-debuginfo-2.10.2-150600.3.36.1</li>
<li>python3-sss-murmur-debuginfo-2.10.2-150600.3.36.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.6 (x86_64)
<ul>
<li>sssd-32bit-2.10.2-150600.3.36.1</li>
<li>sssd-32bit-debuginfo-2.10.2-150600.3.36.1</li>
</ul>
</li>
<li>
openSUSE Leap 15.6 (aarch64_ilp32)
<ul>
<li>sssd-64bit-2.10.2-150600.3.36.1</li>
<li>sssd-64bit-debuginfo-2.10.2-150600.3.36.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
<ul>
<li>sssd-ad-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-proxy-2.10.2-150600.3.36.1</li>
<li>libsss_certmap-devel-2.10.2-150600.3.36.1</li>
<li>sssd-dbus-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_idmap0-2.10.2-150600.3.36.1</li>
<li>libsss_nss_idmap-devel-2.10.2-150600.3.36.1</li>
<li>sssd-2.10.2-150600.3.36.1</li>
<li>sssd-tools-2.10.2-150600.3.36.1</li>
<li>python3-sssd-config-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-common-2.10.2-150600.3.36.1</li>
<li>sssd-dbus-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-2.10.2-150600.3.36.1</li>
<li>libsss_idmap0-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_certmap0-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-proxy-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-winbind-idmap-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_simpleifp-devel-2.10.2-150600.3.36.1</li>
<li>sssd-debugsource-2.10.2-150600.3.36.1</li>
<li>sssd-ldap-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_simpleifp0-2.10.2-150600.3.36.1</li>
<li>sssd-ad-2.10.2-150600.3.36.1</li>
<li>sssd-tools-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_simpleifp0-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_nss_idmap0-2.10.2-150600.3.36.1</li>
<li>sssd-ipa-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-ldap-2.10.2-150600.3.36.1</li>
<li>sssd-ipa-2.10.2-150600.3.36.1</li>
<li>libsss_idmap-devel-2.10.2-150600.3.36.1</li>
<li>sssd-kcm-2.10.2-150600.3.36.1</li>
<li>libsss_certmap0-2.10.2-150600.3.36.1</li>
<li>sssd-winbind-idmap-2.10.2-150600.3.36.1</li>
<li>libipa_hbac0-debuginfo-2.10.2-150600.3.36.1</li>
<li>libipa_hbac-devel-2.10.2-150600.3.36.1</li>
<li>sssd-kcm-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-common-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_nss_idmap0-debuginfo-2.10.2-150600.3.36.1</li>
<li>python3-sssd-config-2.10.2-150600.3.36.1</li>
<li>libipa_hbac0-2.10.2-150600.3.36.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 15 SP6 LTSS (x86_64)
<ul>
<li>sssd-32bit-2.10.2-150600.3.36.1</li>
<li>sssd-32bit-debuginfo-2.10.2-150600.3.36.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)
<ul>
<li>sssd-ad-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-proxy-2.10.2-150600.3.36.1</li>
<li>libsss_certmap-devel-2.10.2-150600.3.36.1</li>
<li>sssd-dbus-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_idmap0-2.10.2-150600.3.36.1</li>
<li>libsss_nss_idmap-devel-2.10.2-150600.3.36.1</li>
<li>sssd-2.10.2-150600.3.36.1</li>
<li>sssd-tools-2.10.2-150600.3.36.1</li>
<li>python3-sssd-config-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-common-2.10.2-150600.3.36.1</li>
<li>sssd-dbus-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-2.10.2-150600.3.36.1</li>
<li>libsss_idmap0-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_certmap0-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-proxy-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-winbind-idmap-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_simpleifp-devel-2.10.2-150600.3.36.1</li>
<li>sssd-debugsource-2.10.2-150600.3.36.1</li>
<li>sssd-ldap-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_simpleifp0-2.10.2-150600.3.36.1</li>
<li>sssd-ad-2.10.2-150600.3.36.1</li>
<li>sssd-tools-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_simpleifp0-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_nss_idmap0-2.10.2-150600.3.36.1</li>
<li>sssd-ipa-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-ldap-2.10.2-150600.3.36.1</li>
<li>sssd-ipa-2.10.2-150600.3.36.1</li>
<li>libsss_idmap-devel-2.10.2-150600.3.36.1</li>
<li>sssd-kcm-2.10.2-150600.3.36.1</li>
<li>libsss_certmap0-2.10.2-150600.3.36.1</li>
<li>sssd-winbind-idmap-2.10.2-150600.3.36.1</li>
<li>libipa_hbac0-debuginfo-2.10.2-150600.3.36.1</li>
<li>libipa_hbac-devel-2.10.2-150600.3.36.1</li>
<li>sssd-kcm-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-common-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-krb5-debuginfo-2.10.2-150600.3.36.1</li>
<li>sssd-debuginfo-2.10.2-150600.3.36.1</li>
<li>libsss_nss_idmap0-debuginfo-2.10.2-150600.3.36.1</li>
<li>python3-sssd-config-2.10.2-150600.3.36.1</li>
<li>libipa_hbac0-2.10.2-150600.3.36.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 15 SP6 (x86_64)
<ul>
<li>sssd-32bit-2.10.2-150600.3.36.1</li>
<li>sssd-32bit-debuginfo-2.10.2-150600.3.36.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212476">https://bugzilla.suse.com/show_bug.cgi?id=1212476</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257509">https://bugzilla.suse.com/show_bug.cgi?id=1257509</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-12449">https://jira.suse.com/browse/PED-12449</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-13811">https://jira.suse.com/browse/PED-13811</a>
</li>
</ul>
</div>