Learn more about these different git repos.
Other Git URLs
Active Directory 2008 R2 has a bug where it will return bad data if a password-change operation is performed with the 'canonicalize' option specified.
We need to handle this appropriately.
The current behavior in the AD provider is to disable canonicalization by default to avoid this issue. SSSD treats this option as global for both auth and chpass operations. This will need to be adjusted as well to address this issue.
milestone: NEEDS_TRIAGE => SSSD Kerberos Improvements Feature
rhbz: => todo
When we do this, we should take some additional cues from kpasswd: explicitly disabling the forwardable and proxiable flags (in case they're enabled by default in /etc/krb5.conf), setting the renewable lifetime to 0, and requesting a short ticket lifetime (kpasswd uses 5 minutes).
proposed_priority: => Undefined
proposed_priority: Undefined => Core
Moving all the features planned for 1.10 release into 1.10 beta.
milestone: SSSD Kerberos Improvements Feature => SSSD 1.10 beta
priority: minor => critical
design_review: => 0
summary: Kerberos canonicalization should be skipped on password-changes in AD provider => [RFE] Kerberos canonicalization should be skipped on password-changes in AD provider
Will be handled together with https://fedorahosted.org/sssd/ticket/1615 .
resolution: => duplicate
status: new => closed
rhbz: todo => 0
For tickets already closed set the field to "Want"
selected: => Want
Metadata Update from @sgallagh:
- Issue set to the milestone: SSSD 1.10 beta
to comment on this ticket.