#1380 domain_realm mappings manipulation by sssd
Closed: Fixed None Opened 10 years ago by simo.

IPA needs to be able to notify sssd that we have new domain-realm mappings and sssd needs to modify krb5.conf to store them in the [domain_realm] section.

This is needed both when IPA establish a new trust with an AD domain or when admins decide to start adding new IPA clients in a different DNS domain that is not a child domain of the IPA main DNS domain (which we allow).

Without the mapping IPA clients may not be able to successfully obtain tickets for machines belonging to these other DNS domains.

Ideally IPA will publish a list of domain-realm mappings in the LDAP tree, and sssd will periodically look them up and change krb5.conf accordingly if needed.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 4
priority: major => critical
rhbz: => 0

Fields changed

component: SSSD => Kerberos Provider
milestone: SSSD 1.9.0 beta 4 => SSSD 1.9.0 beta 5

Fields changed

milestone: SSSD 1.9.0 beta 5 => SSSD 1.9.0 beta 6

Fields changed

owner: somebody => simo

Fields changed

milestone: SSSD 1.9.0 beta 6 => SSSD 1.9.0 beta 7

Fields changed

status: new => assigned

Fields changed

component: Kerberos Provider => IPA Provider
patch: 0 => 1
version: 1.9.0 beta 1 => 1.9.0 beta 4

Fields changed

milestone: SSSD 1.9.0 beta 7 => SSSD 1.9.0 beta 6

Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: SSSD 1.9.0 beta 6

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2422

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.