# SSSD 2.3.0
The SSSD team is proud to announce the release of version 2.3.0 of the System Security Services Daemon. The tarball can be downloaded from: https://github.com/SSSD/sssd/releases/tag/sssd-2_3_0
See the full release notes at: https://sssd.github.io/docs/users/relnotes/notes_2_3_0
RPM packages will be made available for Fedora shortly.
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
## Highlights
### New features
- SSSD can now handle `hosts` and `networks` nsswitch databases (see `resolve_provider` option) - By default, authentication request only refresh user's initgroups if it is expired or there is not active user's session (see `pam_initgroups_scheme` option) - OpenSSL is used as default crypto provider, NSS is deprecated - Active Directory provider now defaults to GSS-SPNEGO SASL mechanism (see `ldap_sasl_mech` option) - Active Directory provider can now be configured to use only `ldaps` port (see `ad_use_ldaps` option) - SSSD now accepts host entries from GPO's security filter - Format of debug messages has changed to be shorter and better sortable - New debug level (`0x10000`) was added for low level ldb messages only (see `sssd.conf` man page)
### Packaging changes
- New configure option `--enable-gss-spnego-for-zero-maxssf`
### Documentation Changes
- Default value of `ldap_sasl_mech` has changed to `GSS-SPNEGO` for AD provider - Return code of `pam_sss.so` are documented in `pam_sss` manpage - Added option `ad_update_samba_machine_account_password` - Added option `ad_use_ldaps` - Added option `ldap_iphost_object_class` - Added option `ldap_iphost_name` - Added option `ldap_iphost_number` - Added option `ldap_ipnetwork_object_class` - Added option `ldap_ipnetwork_name` - Added option `ldap_ipnetwork_number` - Added option `ldap_iphost_search_base` - Added option `ldap_ipnetwork_search_base` - Added option `ldap_connection_expire_offset` - Added option `ldap_sasl_maxssf` - Added option `pam_initgroups_scheme` - Added option `entry_cache_resolver_timeout` - Added option `entry_cache_computer_timeout` - Added option `resolver_provider` - Added option `proxy_resolver_lib_name` - Minor text improvements
sssd-users@lists.fedorahosted.org