Learn more about these different git repos.
Other Git URLs
Active Directory 2008 R2 has a bug where it will return bad data if a password-change operation is performed with the 'canonicalize' option specified.
We need to handle this appropriately.
The current behavior in the AD provider is to disable canonicalization by default to avoid this issue. SSSD treats this option as global for both auth and chpass operations. This will need to be adjusted as well to address this issue.
milestone: NEEDS_TRIAGE => SSSD Kerberos Improvements Feature
rhbz: => todo
When we do this, we should take some additional cues from kpasswd: explicitly disabling the forwardable and proxiable flags (in case they're enabled by default in /etc/krb5.conf), setting the renewable lifetime to 0, and requesting a short ticket lifetime (kpasswd uses 5 minutes).
proposed_priority: => Undefined
proposed_priority: Undefined => Core
Moving all the features planned for 1.10 release into 1.10 beta.
milestone: SSSD Kerberos Improvements Feature => SSSD 1.10 beta
priority: minor => critical
design_review: => 0
summary: Kerberos canonicalization should be skipped on password-changes in AD provider => [RFE] Kerberos canonicalization should be skipped on password-changes in AD provider
Will be handled together with https://fedorahosted.org/sssd/ticket/1615 .
resolution: => duplicate
status: new => closed
rhbz: todo => 0
For tickets already closed set the field to "Want"
selected: => Want
Metadata Update from @sgallagh:
- Issue set to the milestone: SSSD 1.10 beta
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.