<div class="container">
<h1>Recommended update for sssd</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-RU-2026:21588-1</td>
</tr>
<tr>
<th>Release Date:</th>
<td>2026-05-11T12:02:48Z</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230348">bsc#1230348</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257509">bsc#1257509</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257643">bsc#1257643</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259253">bsc#1259253</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259436">bsc#1259436</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259475">bsc#1259475</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-12449">jsc#PED-12449</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Micro 6.2</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that contains one feature and has six fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for sssd fixes the following issues:</p>
<ul>
<li>With the 2.10 update sssd runs under unprivileged user which is not possible in certain scenarios.
This update reverts to run as root with minimum privileges (bsc#1259436);</li>
<li>Let krb5 child tolerate missing capabilities;</li>
<li>Add support for UsrEtc; (bsc#1257643);</li>
<li>The default configuration file is installed now in /usr/etc/sssd/sssd.conf.
It can be completely overridden by manually creating the system specific config file
/etc/sssd/sssd.conf, or partially overridden by creating config snippets in
/etc/sssd/conf.d/ directory. Check sssd.conf manpage for more details.</li>
<li>Fix ldap_child process started by the backend process ending in defunc state.</li>
<li>Create the secrets directory for the KCM service; (bsc#1259253);</li>
<li>Make sure previously rotated logs are chown-ed as well (bsc#1259475);</li>
<li>Use %pre scriptlet instead of %pretrans to migrate from sssd-common (bsc#1257509);</li>
<li>Update to release 2.10.2; (jsc#PED-12449):<ul>
<li>If the ssh responder is not running, sss_ssh_knownhosts will not fail.</li>
<li>SSSD is now capable of handling multiple services associated with the same port.</li>
<li>sssd_pam, being a privileged binary, now clears the environment and
does not allow configuration of the PR_SET_DUMPABLE flag as a precaution.</li>
</ul>
</li>
<li>Changes from sssd 2.10.1:<ul>
<li>SSSD does not create anymore missing path components of DIR:/FILE:
ccache types while acquiring user's TGT.</li>
<li>The option default_domain_suffix is deprecated.</li>
</ul>
</li>
<li>Changes from sssd 2.10.0:<ul>
<li>The <code>sssctl cache-upgrade</code> command was removed.
SSSD performs automatic upgrades at startup when needed.</li>
<li>Support of <code>enumeration</code> feature for AD/IPA providers is deprecated and
might be removed in further releases.</li>
<li>The new tool <code>sss_ssh_knownhosts</code> can be used with ssh's <code>KnownHostsCommand</code> configuration option
to retrieve the host's public keys from a remote server. It replaces <code>`sss_ssh_knownhostsproxy</code>.</li>
<li>The default value for <code>ldap_id_use_start_tls</code> changed from false to true for improved security.</li>
</ul>
</li>
<li>Fix socket activation of responders</li>
<li>Daemon runs now as unprivileged user 'sssd'</li>
<li>Fix sssctl config-check exit code when the conf.d snippets directory does not exist (bsc#1230348);</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Micro 6.2
<br/>
<code>zypper in -t patch SUSE-SL-Micro-6.2-729=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Micro 6.2 (aarch64 ppc64le s390x x86_64)
<ul>
<li>libsss_idmap0-2.10.2-160000.1.1</li>
<li>libsss_idmap0-debuginfo-2.10.2-160000.1.1</li>
<li>sssd-ad-debuginfo-2.10.2-160000.1.1</li>
<li>python3-sssd-config-debuginfo-2.10.2-160000.1.1</li>
<li>sssd-ldap-2.10.2-160000.1.1</li>
<li>sssd-debugsource-2.10.2-160000.1.1</li>
<li>sssd-krb5-common-2.10.2-160000.1.1</li>
<li>sssd-ldap-debuginfo-2.10.2-160000.1.1</li>
<li>libsss_certmap0-2.10.2-160000.1.1</li>
<li>sssd-dbus-2.10.2-160000.1.1</li>
<li>sssd-debuginfo-2.10.2-160000.1.1</li>
<li>sssd-tools-2.10.2-160000.1.1</li>
<li>sssd-krb5-debuginfo-2.10.2-160000.1.1</li>
<li>sssd-ad-2.10.2-160000.1.1</li>
<li>sssd-krb5-common-debuginfo-2.10.2-160000.1.1</li>
<li>sssd-2.10.2-160000.1.1</li>
<li>sssd-krb5-2.10.2-160000.1.1</li>
<li>sssd-dbus-debuginfo-2.10.2-160000.1.1</li>
<li>libsss_certmap0-debuginfo-2.10.2-160000.1.1</li>
<li>python3-sssd-config-2.10.2-160000.1.1</li>
<li>sssd-tools-debuginfo-2.10.2-160000.1.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1230348">https://bugzilla.suse.com/show_bug.cgi?id=1230348</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257509">https://bugzilla.suse.com/show_bug.cgi?id=1257509</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1257643">https://bugzilla.suse.com/show_bug.cgi?id=1257643</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259253">https://bugzilla.suse.com/show_bug.cgi?id=1259253</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259436">https://bugzilla.suse.com/show_bug.cgi?id=1259436</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1259475">https://bugzilla.suse.com/show_bug.cgi?id=1259475</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-12449">https://jira.suse.com/browse/PED-12449</a>
</li>
</ul>
</div>