#204 man page for sss-krb5 is missing required option and the option name is a bit confusing
Closed: Fixed None Opened 14 years ago by jgalipea.

Description[[BR]]

man page for sskrb5 is missing the new required option krb5try_simple_upn.[[BR]]

Try simple UPN is odd to me. You can auth using samaccountname if NTLM and not in a forest, and if in a forest environment where userprinciplename is required authenticating against a global catalog. So, I am not sure try simple upn makes sense. Can we come up with something different? [[BR]]

I could be wrong but I think what this is doing is saying which to use for ADS support.[[BR]]


Jenny, I think you may have been using manpages from an old RPM. The current git master does contain this option in the manpage.

That said, I agree that this option needs a better description (and probably a better name) and the HOWTO pages need to be updated.

owner: somebody => sbose

In general krb5try_simple_upn is not required.

The current version is:

krb5try_simple_upn (boolean)
    Set this option to ´true´ if an User Principle Name (UPN) cannot be found in sysdb and you want to use an UPN like ´username@realm´.

    Default: false

do you like:

krb5try_simple_upn (boolean)
    Set this option to ´true´ if the identity provider cannot supply an User Principle Name (UPN). In this case sssd will try to request a TGT with an UPN build as ´username@realm´.

    Default: false

better?

I'm not sure what you mean by "In general krb5try_simple_upn is not required.", but 389 and FreeIPA don't work unless this is set to TRUE, so I think it's pretty important to have it be clear.

Fixed in 9e82101

This option is no longer needed (and the documentation is more clear about what the UPN is)

fixedin: => 0.6.0
resolution: => fixed
status: new => closed

Fixed in 0.6.0 - just updating "doc updated"

docupdated: 0 => 1

Fields changed

rhbz: => 0

Metadata Update from @jgalipea:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 0.6.0

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1246

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata