#2709 RFE: add a way to map realm to domain
Closed: Invalid None Opened 7 years ago by adelton.

When user is authenticated in Apache using mod_auth_gssapi or mod_auth_kerb, the result is the full principal name (user@REALM.COM) or just the short version without the realm.

We'd need to be able to reliably get the canonical fully qualified name of the user (user@sssd-domain) even if the result of the Kerberos authentication is not a process running with user's uid so that we could use the uid as the lookup key. Note that the SSSD domain string can be different from lowercase(realm).

Presumably in some setups (AD?), the Kerberos principal can be freely assigned / modified for users. So SSSD probably should make some lookup, not just assume realm ~ SSSD domain.

I think if #2011 is fixed this ticket is more or less solved for free because I would expect that with the new cache layout there will be an attribute with the fully-qualified name for all user and group objects which can be made available via InfoPipe.

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 beta

Fields changed

rhbz: => todo

We need to re-test once #2011 is fixed.

Still need to re-test this

milestone: SSSD 1.14 beta => SSSD 1.14.0

1.14.0 should be released no later than Wednesday next week, this ticket should not block the 1.14.0 release.

milestone: SSSD 1.14.0 => SSSD 1.14.1

We need to release 1.14.1 soon, therefore moving to 1.14.2.

milestone: SSSD 1.14.1 => SSSD 1.14.2

We should transition the 1.14 branch to the maintenance mode, moving to triage to discuss which milestone to fix this ticket at.

milestone: SSSD 1.14.2 => NEEDS_TRIAGE

As Sumit said, this should be possible already. Please reopen if not.

resolution: => worksforme
status: new => closed

Metadata Update from @adelton:
- Issue set to the milestone: NEEDS_TRIAGE

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3750

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.