libipa_hbac0 - FreeIPA HBAC Evaluator library

Property Value
Distribution openSUSE Leap 15.0
Repository openSUSE Oss all
Package filename libipa_hbac0-1.16.1-lp150.1.1.x86_64.rpm
Package name libipa_hbac0
Package version 1.16.1
Package release lp150.1.1
Package architecture x86_64
Package type rpm
Category System/Libraries
License LGPL-3.0+
Maintainer -
Download size 63.39 KB
Installed size 14.20 KB
Utility library to validate FreeIPA HBAC rules for authorization


Package Version Architecture Repository
libipa_hbac0-1.16.1-lp150.2.13.1.x86_64.rpm 1.16.1 x86_64 openSUSE Update Oss
libipa_hbac0-1.16.1-lp150.2.9.1.x86_64.rpm 1.16.1 x86_64 openSUSE Update Oss
libipa_hbac0-1.16.1-lp150.2.6.1.x86_64.rpm 1.16.1 x86_64 openSUSE Update Oss
libipa_hbac0-1.16.1-lp150.2.3.1.x86_64.rpm 1.16.1 x86_64 openSUSE Update Oss
libipa_hbac0 - - -


Name Value
/sbin/ldconfig - - -


Name Value - - -
libipa_hbac0 = 1.16.1-lp150.1.1
libipa_hbac0(x86-64) = 1.16.1-lp150.1.1


Type URL
Binary Package libipa_hbac0-1.16.1-lp150.1.1.x86_64.rpm
Source Package sssd-1.16.1-lp150.1.1.src.rpm

Install Howto

Install libipa_hbac0 rpm package:

# zypper install libipa_hbac0




2018-04-27 -
- Update to new minor upstream release 1.16.1 (fate#323340):
New Features:
* A new option auto_private_groups was added. If this option is
enabled, SSSD will automatically create user private groups based
on user?s UID number. The GID number is ignored in this case.
* The SSSD smart card integration now supports a special type of PAM
conversation implemented by GDM which allows the user to select
the appropriate smrt card certificate in GDM.
* A new API for accessing user and group information was added.
This API is similar to the tradiional Name Service Switch API, but
allows the consumer to talk to SSSD directly as well as to
fine-tune the query with e.g. how cache should be evaluated.
* The sssctl command line tool gained a new command access-report,
which can generate who can access the client machine. Currently
only generating the report on an IPA client based on HBAC rules
is supported.
* The hostid provider was moved from the IPA specific code to
the generic LDAP code. This allows SSH host keys to be access by
the generic LDAP provider as well. See the ldap_host_* options in
the sssd-ldap manual page for more details.
* Setting the memcache_timeout option to 0 disabled creating
the memory cache files altogether. This can be useful in cases
there is a bug in the memory cache that needs working around.
2018-04-24 -
- Updated sssd.spec:
The IPA provider depends on AD provider's PAC executable, hence
introducing the package dependency. (bsc#1021441, bsc#1062124)
2018-02-27 -
- Remove package descriptions for the python 2 packages that are
no longer distributed:
* python-ipa_hbac
* python-sss-murmur
* python-sss_nss_idmap
* python-sssd-config
- Correct python version dependency of tools package. (bsc#1082108)
2017-12-04 -
- Correct dependency of sss_obfuscate command line program.
2017-12-01 -
- In an ongoing effort to reduce dependency on python version 2,
the following python libraries are no longer built. Nevertheless
their python3 counterparts remain in place:
* python-ipa_hbac
* python-sss-murmur
* python-sss_nss_idmap
* python-sssd-config
2017-10-23 -
- Update to new upstream release 1.16.0
Security fixes
* This release fixes CVE-2017-12173: Unsanitized input when searching in
local cache database. SSSD stores its cached data in an LDAP like local
database file using libldb. To lookup cached data LDAP search filters
like (objectClass=user)(name=user_name) are used. However, in
sysdb_search_user_by_upn_res(), the input was not sanitized and
allowed to manipulate the search filter for cache lookups. This would
allow a logged in user to discover the password hash of a different user.
New Features
* SSSD now supports session recording configuration through tlog. This
feature enables recording of everything specific users see or type
during their sessions on a text terminal. For more information, see
the sssd-session-recording(5) manual page.
* SSSD can act as a client agent to deliver
Fleet Commander <>
policies defined on an IPA server. Fleet Commander provides a
configuration management interface that is controlled centrally and
that covers desktop, applications and network configuration.
* Several new systemtap <> probes
were added into various locations in SSSD code to assist in
troubleshooting and analyzing performance related issues. Please see the
sssd-systemtap(5) manual page for more information.
* A new LDAP provide access control mechanism that allows to restrict
access based on PAM's rhost data field was added. For more details,
please consult the sssd-ldap(5) manual page, in particular the
options ldap_user_authorized_rhost and the rhost value of

See Also

Package Description
libiperf0-3.5-lp150.1.1.x86_64.rpm A library to measure network performance
libipmiconsole2-1.5.7-lp150.2.8.x86_64.rpm FreeIPMI library
libipmidetect0-1.5.7-lp150.2.8.x86_64.rpm FreeIPMI library
libipmimonitoring6-1.5.7-lp150.2.8.x86_64.rpm FreeIPMI library
libipq-devel-1.6.2-lp150.1.1.x86_64.rpm Development files for the ip_queue kernel mechanism
libipq0-1.6.2-lp150.1.1.x86_64.rpm Library to interface with the (old) ip_queue kernel mechanism
libipset11-6.36-lp150.1.1.x86_64.rpm Userspace library for the in-kernel Netfilter ipset interface
libiptc-devel-1.6.2-lp150.1.1.x86_64.rpm Development files for libiptc, a packet filter ruleset library
libiptc0-1.6.2-lp150.1.1.x86_64.rpm Library for low-level ruleset generation and parsing
libiptcdata-1.0.4-lp150.1.9.x86_64.rpm IPTC Metadata Tag Manipulation Library
libiptcdata-devel-1.0.4-lp150.1.9.x86_64.rpm IPTC Metadata Tag Manipulation Library
libiptcdata-doc-1.0.4-lp150.1.9.x86_64.rpm IPTC Metadata Tag Manipulation Library
libiptcdata-lang-1.0.4-lp150.1.9.noarch.rpm Translations for package libiptcdata
libiptcdata0-1.0.4-lp150.1.9.x86_64.rpm IPTC Metadata Tag Manipulation Library
libircclient-devel-1.9-lp150.2.7.x86_64.rpm Header files and libraries for compiling against libircclient