libipa_hbac0 - FreeIPA HBAC Evaluator library

Property Value
Distribution openSUSE Tumbleweed
Repository openSUSE Oss all
Package filename libipa_hbac0-2.1.0-1.1.i586.rpm
Package name libipa_hbac0
Package version 2.1.0
Package release 1.1
Package architecture i586
Package type rpm
Category System/Libraries
License LGPL-3.0+
Maintainer -
Download size 47.87 KB
Installed size 17.46 KB
Utility library to validate FreeIPA HBAC rules for authorization


Package Version Architecture Repository
libipa_hbac0-2.1.0-1.1.x86_64.rpm 2.1.0 x86_64 openSUSE Oss
libipa_hbac0 - - -


Name Value
/sbin/ldconfig - - -


Name Value - - -
libipa_hbac0 = 2.1.0-1.1
libipa_hbac0(x86-32) = 2.1.0-1.1


Type URL
Binary Package libipa_hbac0-2.1.0-1.1.i586.rpm
Source Package sssd-2.1.0-1.1.src.rpm

Install Howto

Install libipa_hbac0 rpm package:

# zypper install libipa_hbac0




2019-03-16 - Jan Engelhardt <>
- Update to new upstream release 2.1.0
* Any provider can now match and map certificates to user
* pam_sss can now be configured to only perform Smart Card
authentication or return an error if this is not possible.
* pam_sss can also prompt the user to insert a Smart Card if,
during an authentication it is not available.
* A new configuration option ad_gpo_implicit_deny was added.
This option (when set to True) can be used to deny access to
users even if there is not applicable GPO.
* The dynamic DNS update can now batch DNS updates to include
all address family updates in a single transaction.
2019-02-20 - Samuel Cabrero <>
- Install systemd service unit file created from source's template
- Install logrotate configuration (bsc#1004220)
- Set journald as system logger
2019-02-15 - Jan Engelhardt <>
- Add krb-noversion.diff so sssd_pac builds even with newer krb.
2018-10-01 -
- Add dependency to adcli for sssd-ad
(SLE15: fate#326619, bsc#1109849)
(SLE12SP4: fate#326620, bsc#1110121)
2018-09-07 - Jan Engelhardt <>
- Update to new upstream release 2.0.0
* The Python API for managing users and groups in local domains
(id_provider=local) was removed completely. The local
provider (id_provider=local) and the command line tools to
manage users and groups in the local domains, such as
sss_useradd is not built anymore.
* The LDAP provider had a special-case branch for evaluating
group memberships with the RFC2307bis schema when group
nesting was explicitly disabled. This codepath is removed.
* The "ldap_sudo_include_regexp" option changed its default
value from true to false. Wildcards in the sudoHost LDAP
attribute are no longer evaluated. This was costly to
evaluate on the LDAP server side and at the same time rarely
* The list of PAM services which are allowed to authenticate
using a Smart Card is now configurable using a new option
2018-08-31 -
- Update to upstream release 1.16.3
* New Features:
* kdcinfo files for informing krb5 about discovered KDCs are
now also generated for trusted domains in setups that use
id_provider=ad and IPA masters in a trust relationship with
an AD domain.
* The Kerberlos locator plugin can now process multiple
address if SSSD generates more than one. A
* Bug fixes:
* Fixed information leak due to incorrect permissions on
/var/lib/sss/pipes/sudo [CVE-2018-10852, bsc#1098377]
* Cached password are now stored with a salt. Old ones will be
regenerated on next authentication, and the auth server needs
to be reachable for that.
* The sss_ssh proces leaked file descriptors when converting
more than one X.509 certificate to an SSH public key.
* The PAC responder is now able to process Domain Local in case
the PAC uses SID compression (Windows Server 2012+).
* Address the issue that some versions of OpenSSH would close
the pipe towards sss_ssh_authorizedkeys when the matching key
is found before the rest of the output is read.
* User lookups no longer fail if user's e-mail address
conflicts with another user's fully qualified name.
* The override_shell and override_homedir options are no longer
applied to entries from the files domain.
* The grace logins with an expired password when authenticating
against certain newer versions of the 389DS/RHDS LDAP server
did not work.
- Removed patches that are included upstream now:
2018-07-01 -
- Fixed patch name.

See Also

Package Description
libiperf0-3.6-1.2.i586.rpm A library to measure network performance
libiperf0-3.6-1.2.x86_64.rpm A library to measure network performance
libipmiconsole2-1.6.3-1.1.i586.rpm FreeIPMI library
libipmiconsole2-1.6.3-1.1.x86_64.rpm FreeIPMI library
libipmidetect0-1.6.3-1.1.i586.rpm FreeIPMI library
libipmidetect0-1.6.3-1.1.x86_64.rpm FreeIPMI library
libipmimonitoring6-1.6.3-1.1.i586.rpm FreeIPMI library
libipmimonitoring6-1.6.3-1.1.x86_64.rpm FreeIPMI library
libipq-devel-1.8.2-2.1.i586.rpm Development files for the ip_queue kernel mechanism
libipq-devel-1.8.2-2.1.x86_64.rpm Development files for the ip_queue kernel mechanism
libipq0-1.8.2-2.1.i586.rpm Library to interface with the (old) ip_queue kernel mechanism
libipq0-1.8.2-2.1.x86_64.rpm Library to interface with the (old) ip_queue kernel mechanism
libipset13-7.1-1.2.i586.rpm Userspace library for the in-kernel Netfilter ipset interface
libipset13-7.1-1.2.x86_64.rpm Userspace library for the in-kernel Netfilter ipset interface
libiptc-devel-1.8.2-2.1.i586.rpm Development files for libiptc, a packet filter ruleset library