#1380 domain_realm mappings manipulation by sssd
Closed: Fixed None Opened 6 years ago by simo.

IPA needs to be able to notify sssd that we have new domain-realm mappings and sssd needs to modify krb5.conf to store them in the [domain_realm] section.

This is needed both when IPA establish a new trust with an AD domain or when admins decide to start adding new IPA clients in a different DNS domain that is not a child domain of the IPA main DNS domain (which we allow).

Without the mapping IPA clients may not be able to successfully obtain tickets for machines belonging to these other DNS domains.

Ideally IPA will publish a list of domain-realm mappings in the LDAP tree, and sssd will periodically look them up and change krb5.conf accordingly if needed.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 4
priority: major => critical
rhbz: => 0

Fields changed

component: SSSD => Kerberos Provider
milestone: SSSD 1.9.0 beta 4 => SSSD 1.9.0 beta 5

Fields changed

milestone: SSSD 1.9.0 beta 5 => SSSD 1.9.0 beta 6

Fields changed

owner: somebody => simo

Fields changed

milestone: SSSD 1.9.0 beta 6 => SSSD 1.9.0 beta 7

Fields changed

status: new => assigned

Fields changed

component: Kerberos Provider => IPA Provider
patch: 0 => 1
version: 1.9.0 beta 1 => 1.9.0 beta 4

Fields changed

milestone: SSSD 1.9.0 beta 7 => SSSD 1.9.0 beta 6

Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: SSSD 1.9.0 beta 6

2 years ago

Login to comment on this ticket.

Metadata