- allow_missing_name now treats empty strings the same as missing names.
- 'soft_ocsp' and 'soft_crl options have been added to make the checks for revoked certificates more flexible if the system is offline.
- Smart card authentication in polkit is now allowed by default.
- ssh_use_certificate_matching_rules now allows no_rules and all_rules values (see man page for description).
Notable bug fixes
- Fixed several memory management errors that caused SSSD to crash under some circumstances.
- Handling of FreeIPA users and groups containing '@' sign now works.
- Issue when autofs was unable to mount shares was fixed.
- SSSD was unable to hande ldap_uri containing URIs with different port numbers. This was fixed.
- Added sssd-ldap-attributes man page.
- Added new sssd-ldap-attributes man page.
- Added option monitor_resolv_conf.
- Added option ssh_use_certificate_matching_rules
- Improved AD GPO options man page.
- Improved sssd-systemtap man page.
See full release notes here.