Beware of https://lists.fedorahosted.org/pipermail/sssd-devel/2012-July/010538.html

Canonicalization is already enabled when enterprise principal are used which is already the default for AD provider. So unless the administrator explicitly disables enterprise principals, we are already safe.

With Sumit's help I tested that only if enterprise principals are disabled and the principal is wrong for some reason, the authentication can fail. But I don't think we should be trying to fix this situation.

resolution: => wontfix
status: new => closed

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3155

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.