Learn more about these different git repos.
Other Git URLs
We should add support to set the canonicalization option with krb5_get_init_creds_opt_set_canonicalize() when asking for a TGT.
We should do that both in get_and_save_tgt_with_keytab() and probably krb5_child_setup()
This should be made available as an option in sssd.conf, defaulting to enabled in the ipa provider. Due to compatibility issues with older servers, it needs to default to false in the krb5 provider.
component: SSSD => Kerberos Provider milestone: NEEDS_TRIAGE => SSSD 1.7.0 owner: somebody => sgallagh priority: major => blocker
Fields changed
summary: Add support to request canonicalization on krb AS requests => [RFE] Add support to request canonicalization on krb AS requests type: defect => enhancement
owner: sgallagh => jzeleny status: new => assigned
patch: 0 => 1
Simo, does this change need to be implemented in LDAP provider as well?
Replying to [comment:5 jzeleny]:
For initialization of the credentials we have in the keytab ? We might but it is not critical. We generally have the canonicalized name in the keytab anyway. But it wouldn't hurt.
Fixed by: - 20c1873 - 7dfc761 - ed80a7f
resolution: => fixed status: assigned => closed
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=785907
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=785907 785907]
Metadata Update from @simo: - Issue assigned to jzeleny - Issue set to the milestone: SSSD 1.7.0
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/1999
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.