Name of the Vulnerable Software and Affected Versions: SSSD versions 1.16.5-10.el7 9.7

Description: The System Security Services Daemon (SSSD) service is affected by several issues, including a wrong default debug level of sssd tools, missing secondary IPA Posix groups, failure to detect subdomain from AD forest, and issues with pam sss gss.so and large kerberos tickets.

Recommendations: For SSSD version 1.16.5-10.el7 9.7, consider updating the sssd tools to fix the wrong default debug level issue. For SSSD version 1.16.5-10.el7 9.7, ensure that secondary IPA Posix groups are properly configured to avoid missing groups. For SSSD version 1.16.5-10.el7 9.7 on AlmaLinux 8.3, check the AD forest configuration to ensure subdomain detection is working correctly. For SSSD version 1.16.5-10.el7 9.7, review the ad gpo implicit deny setting to prevent unintended user login when no gpo is found. For SSSD version 1.16.5-10.el7 9.7, as a temporary workaround, consider restricting the use of pam sss gss.so with large kerberos tickets until a patch is available.