# SSSD 2.4.0
The SSSD team is proud to announce the release of version 2.4.0 of the System Security Services Daemon. The tarball can be downloaded from: https://github.com/SSSD/sssd/releases/tag/sssd-2_4_0
See the full release notes at: https://sssd.io/docs/users/relnotes/notes_2_4_0
RPM packages will be made available for Fedora shortly.
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
## Highlights
- `libnss` support was dropped, SSSD now supports only `openssl` cryptography
### New features
- Session recording can now exclude specific users or groups when `scope` is set to `all` (see `exclude_users` and `exclude_groups` options) - Active Directory provider now sends CLDAP pings over UDP protocol to Domain Controllers in parallel to determine site and forest to speed up server discovery
### Packaging changes
- python2 bindings are disable by default, use `--with-python2-bindings` to build it
### Documentation Changes
- Default value of `client_idle_timeout` changed from 60 to 300 seconds for KCM, this allows more time for user interaction (e.g. during `kinit`) - Added `exclude_users` and `exclude_groups` option to `session_recording` section, this allows to exclude user or groups from session recording when `scope` is set to `all` - Added `ldap_library_debug_level` option to enable debug messages from `libldap` - Added `dyndns_auth_ptr` to set authentication mechanism for PTR DNS records update - Added `ad_allow_remote_domain_local_groups` to be compatible with other solutions
freeipa-users@lists.fedorahosted.org