Learn more about these different git repos.
Other Git URLs
IPA needs to be able to notify sssd that we have new domain-realm mappings and sssd needs to modify krb5.conf to store them in the [domain_realm] section.
This is needed both when IPA establish a new trust with an AD domain or when admins decide to start adding new IPA clients in a different DNS domain that is not a child domain of the IPA main DNS domain (which we allow).
Without the mapping IPA clients may not be able to successfully obtain tickets for machines belonging to these other DNS domains.
Ideally IPA will publish a list of domain-realm mappings in the LDAP tree, and sssd will periodically look them up and change krb5.conf accordingly if needed.
FreeIPA side ticket: https://fedorahosted.org/freeipa/ticket/2848
milestone: NEEDS_TRIAGE => SSSD 1.9.0 beta 4
priority: major => critical
rhbz: => 0
FreeIPA companion ticket:
component: SSSD => Kerberos Provider
milestone: SSSD 1.9.0 beta 4 => SSSD 1.9.0 beta 5
milestone: SSSD 1.9.0 beta 5 => SSSD 1.9.0 beta 6
owner: somebody => simo
milestone: SSSD 1.9.0 beta 6 => SSSD 1.9.0 beta 7
status: new => assigned
component: Kerberos Provider => IPA Provider
patch: 0 => 1
version: 1.9.0 beta 1 => 1.9.0 beta 4
milestone: SSSD 1.9.0 beta 7 => SSSD 1.9.0 beta 6
resolution: => fixed
status: assigned => closed
Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: SSSD 1.9.0 beta 6
to comment on this ticket.