Learn more about these different git repos.
Other Git URLs
The krb5_canonicalize for trusted AD domains is false by default. We should change it to true.
Beware of https://lists.fedorahosted.org/pipermail/sssd-devel/2012-July/010538.html
Canonicalization is already enabled when enterprise principal are used which is already the default for AD provider. So unless the administrator explicitly disables enterprise principals, we are already safe.
With Sumit's help I tested that only if enterprise principals are disabled and the principal is wrong for some reason, the authentication can fail. But I don't think we should be trying to fix this situation.
resolution: => wontfix status: new => closed
Metadata Update from @jhrozek: - Issue set to the milestone: NEEDS_TRIAGE
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3155
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.