SSSD use the credentials from the host keytab to read entries from the IPA server. The current ACIs do not allow to read the ipaSshPubKey attribute in override objects with this credentials.
Patch posted for review: https://www.redhat.com/archives/freeipa-devel/2014-October/msg00486.html
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=891984 (Red Hat Enterprise Linux 7)
Needed for ID Views.
master:
ipa-4-1:
Metadata Update from @sbose: - Issue assigned to abbra - Issue set to the milestone: FreeIPA 4.1.1
Login to comment on this ticket.