diff --git a/security/sssd2/Makefile b/security/sssd2/Makefile
index da3da59..b37e230 100644
--- a/security/sssd2/Makefile
+++ b/security/sssd2/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	sssd
 PORTVERSION=	2.9.4
-PORTREVISION=	6
+PORTREVISION=	7
 CATEGORIES=	security
 PKGNAMESUFFIX=	2
 
diff --git a/security/sssd2/files/patch-src_config_cfg__rules.ini b/security/sssd2/files/patch-src_config_cfg__rules.ini
index f6bc19e..c5a89de 100644
--- a/security/sssd2/files/patch-src_config_cfg__rules.ini
+++ b/security/sssd2/files/patch-src_config_cfg__rules.ini
@@ -5,21 +5,21 @@
  section = session_recording
  section_re = ^prompting/password$
 -section_re = ^prompting/password/[^/\@]\+$
-+section_re = ^prompting/password/[^/\@]+$
++section_re = ^prompting/password/[^/\@]\{1,\}$
  section_re = ^prompting/2fa$
 -section_re = ^prompting/2fa/[^/\@]\+$
-+section_re = ^prompting/2fa/[^/\@]+$
++section_re = ^prompting/2fa/[^/\@]\{1,\}$
  section_re = ^prompting/passkey$
 -section_re = ^prompting/passkey/[^/\@]\+$
 -section_re = ^domain/[^/\@]\+$
 -section_re = ^domain/[^/\@]\+/[^/\@]\+$
 -section_re = ^application/[^/\@]\+$
 -section_re = ^certmap/[^/\@]\+/[^/\@]\+$
-+section_re = ^prompting/passkey/[^/\@]+$
-+section_re = ^domain/[^/\@]+$
-+section_re = ^domain/[^/\@]+/[^/\@]+$
-+section_re = ^application/[^/\@]+$
-+section_re = ^certmap/[^/\@]+/[^/\@]+$
++section_re = ^prompting/passkey/[^/\@]\{1,\}$
++section_re = ^domain/[^/\@]\{1,\}$
++section_re = ^domain/[^/\@]\{1,\}/[^/\@]\{1,\}$
++section_re = ^application/[^/\@]\{1,\}$
++section_re = ^certmap/[^/\@]\{1,\}/[^/\@]\{1,\}$
  
  
  [rule/allowed_sssd_options]
@@ -28,14 +28,14 @@
  [rule/allowed_prompting_password_subsec_options]
  validator = ini_allowed_options
 -section_re = ^prompting/password/[^/\@]\+$
-+section_re = ^prompting/password/[^/\@]+$
++section_re = ^prompting/password/[^/\@]\{1,\}$
  
  option = password_prompt
  
  [rule/allowed_prompting_2fa_subsec_options]
  validator = ini_allowed_options
 -section_re = ^prompting/2fa/[^/\@]\+$
-+section_re = ^prompting/2fa/[^/\@]+$
++section_re = ^prompting/2fa/[^/\@]\{1,\}$
  
  option = single_prompt
  option = first_prompt
@@ -44,7 +44,7 @@
  [rule/allowed_prompting_passkey_subsec_options]
  validator = ini_allowed_options
 -section_re = ^prompting/passkey/[^/\@]\+$
-+section_re = ^prompting/passkey/[^/\@]+$
++section_re = ^prompting/passkey/[^/\@]\{1,\}$
  
  option = interactive
  option = interactive_prompt
@@ -53,7 +53,7 @@
  [rule/allowed_domain_options]
  validator = ini_allowed_options
 -section_re = ^\(domain\|application\)/[^/]\+$
-+section_re = ^(domain|application)/[^/]+$
++section_re = ^(domain|application)/[^/]\{1,\}$
  
  option = debug
  option = debug_level
@@ -62,7 +62,7 @@
  [rule/allowed_subdomain_options]
  validator = ini_allowed_options
 -section_re = ^domain/[^/\@]\+/[^/\@]\+$
-+section_re = ^domain/[^/\@]+/[^/\@]+$
++section_re = ^domain/[^/\@]+/[^/\@]\{1,\}$
  
  option = ldap_search_base
  option = ldap_user_search_base
@@ -71,7 +71,7 @@
  [rule/allowed_certmap_options]
  validator = ini_allowed_options
 -section_re = ^certmap/[^/\@]\+/[^/\@]\+$
-+section_re = ^certmap/[^/\@]+/[^/\@]+$
++section_re = ^certmap/[^/\@]+/[^/\@]\{1,\}$
  
  option = matchrule
  option = maprule