Security

The SSSD 'sss_simpleifp' library has been removed

Previously deprecated 'sss_simpleifp' library ('libsss_simpleifp' and 'libsss_simpleifp-devel' packages) has been removed.

Support for the enumeration feature has been deprecated for AD and IPA backends

The enumeration feature provides the ability to list all users or groups using getent passwd or getent group' without arguments for Active Directory (ad), FreeIPA (ipa) and LDAP (ldap) providers. Support for the `enumeration feature has been deprecated for AD and FreeIPA providers and might be removed in feature releases.

Passkey authentication for centrally managed users

In Fedora 39, users are able to log in a system enrolled into a centralized identity management solution using a passkey device connected to the system, and they will also get a Kerberos ticket to identify myself to other services. (For the purpose of this feature, the passkey is a FIDO2 compatible device supported by the libfido2 library.)

Passwordless and Multi-Factor Authentication (MFA) are becoming increasingly popular. Protocols like PIV and FIDO2 are becoming a must for organizations that want to secure their digital assets. These protocols lay the ground to secure authentication in the Zero Trust Architecture (ZTA), a framework that is recommended, and even required in several domains.

This feature provides a way to authenticate a user using a passkey device in centralized environments, thus improving the overall security of the system and the organization. Fedora is the first Linux distribution to include it.