Learn more about these different git repos.
Other Git URLs
In https://bugzilla.redhat.com/show_bug.cgi?id=963818 two issue could be identified when SSSD was configured with two AD domains and enterprise principals were enabled for both domains. In this case there was a trust between both domains which mainly triggers the first issue. If there is no trust between the two AD domains the second issue would block authentication to one of the domains.
The two issues are: 1. The principal used in the TGS request was used to find a matching keytab entry for validation. Ideally a service principal from the realm of the user is taken for validation. When enterprise principals (or canonization) is used the realm of the principal used in the request and the realm in the returned ticket might differ. The realm from the ticket should be taken instead the one from the request.
sorry, #1931 is already tracking the BZ ticket.
resolution: => duplicate status: new => closed
Metadata Update from @sbose: - Issue assigned to sbose - Issue set to the milestone: NEEDS_TRIAGE
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3029
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.