Learn more about these different git repos.
Other Git URLs
When user is authenticated in Apache using mod_auth_gssapi or mod_auth_kerb, the result is the full principal name (user@REALM.COM) or just the short version without the realm.
We'd need to be able to reliably get the canonical fully qualified name of the user (user@sssd-domain) even if the result of the Kerberos authentication is not a process running with user's uid so that we could use the uid as the lookup key. Note that the SSSD domain string can be different from lowercase(realm).
Presumably in some setups (AD?), the Kerberos principal can be freely assigned / modified for users. So SSSD probably should make some lookup, not just assume realm ~ SSSD domain.
I think if #2011 is fixed this ticket is more or less solved for free because I would expect that with the new cache layout there will be an attribute with the fully-qualified name for all user and group objects which can be made available via InfoPipe.
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.14 beta
rhbz: => todo
We need to re-test once #2011 is fixed.
Still need to re-test this
milestone: SSSD 1.14 beta => SSSD 1.14.0
1.14.0 should be released no later than Wednesday next week, this ticket should not block the 1.14.0 release.
milestone: SSSD 1.14.0 => SSSD 1.14.1
We need to release 1.14.1 soon, therefore moving to 1.14.2.
milestone: SSSD 1.14.1 => SSSD 1.14.2
We should transition the 1.14 branch to the maintenance mode, moving to triage to discuss which milestone to fix this ticket at.
milestone: SSSD 1.14.2 => NEEDS_TRIAGE
As Sumit said, this should be possible already. Please reopen if not.
resolution: => worksforme status: new => closed
Metadata Update from @adelton: - Issue set to the milestone: NEEDS_TRIAGE
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3750
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Log in to comment on this ticket.