Learn more about these different git repos.
Other Git URLs
The sssd-ldap manual page says:
krb5_realm (string) Specify the Kerberos REALM (for SASL/GSSAPI auth). Default: System defaults, see /etc/krb5.conf
That's not true since we added the online/offline callbacks to create and delete kdcinfo files. They require the realm to be specified to construct the pathname of the kdcinfo files.
We have two options: 1. Fix the manual page to say the realm is required 2. Fix the code so it's in sync with the manual page and get the default realm from krb5.conf using krb5_get_default_realm()
krb5_get_default_realm()
Please note that the Kerberos auth provider requires the realm to be specified. This might be confusing to users and is already being tracked by ticket #570.
I vote for fixing the code to fetch the realm from the krb5 profile if this attribute is not set and the value is used. Users must set stuff right in /etc/krb5.conf anyway in general, so it make sense to allow them to let sssd pick up values from there.
I agree, we should try a sequence of fallbacks in the krb5 provider if krb5_realm is not given, like checking krb5_get_default_realm() and if this fails we can try with the uppercase name of the sssd domain as we do int the ipa provider.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.5.13
owner: somebody => jhrozek
patch: 0 => 1 status: new => assigned
Fixed by: - 7452c32 (master) - c3423f9 (sssd-1-6) - 575096c (sssd-1-5)
resolution: => fixed status: assigned => closed
rhbz: => 0
Metadata Update from @jhrozek: - Issue assigned to jhrozek - Issue set to the milestone: SSSD 1.5.13
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/2012
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.