- Prior to this update, if the Kerberos principal keys were expired, the password change request did not take into account the FAST framework settings for password change requests. Consequently, the pre-auth methods, which require FAST, could not be used for user authentication. This update modifies krb5 to correctly use FAST armor in the password change messages, and the pre-auth methods can be used for user authentication.
- Previously, after the user set up incremental propagation between a KDC master and slave, an attempt to perform a full synchronization failed with an error message. A patch has been applied to fix this problem, and full synchronization no longer fails after the user sets up incremental propagation between a KDC master and slave.
- This update adds the LocalAuth plug-in API to krb5. SSSD can leverage LocalAuth to allow seamless authentication of Active Directory (AD) users to Red Hat Enterprise Linux Identity Management (IdM) clients.