#3475 Full information regarding priority of lookup of principal in keytab not in man page
Closed: Fixed 2 years ago Opened 2 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1450778

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

Description of problem:

Current man page provides the following information:

ldap_sasl_authid (string)
           Specify the SASL authorization id to use. When GSSAPI is used, this
represents the Kerberos
           principal used for authentication to the directory. This option can
either contain the full
           principal (for example host/myhost@EXAMPLE.COM) or just the
principal name (for example
           host/myhost).

           Default: host/hostname@REALM

This is not complete.
It would be helpful information on what priority or order is used.

Version-Release number of selected component (if applicable):
NA

How reproducible:
NA

Steps to Reproduce:
1.
2.
3.

Actual results:

ldap_sasl_authid (string)
           Specify the SASL authorization id to use. When GSSAPI is used, this
represents the Kerberos
           principal used for authentication to the directory. This option can
either contain the full
           principal (for example host/myhost@EXAMPLE.COM) or just the
principal name (for example
           host/myhost).

           Default: host/hostname@REALM

Expected results:


The priority of the lookup is noted in a comment of the function
select_principal_from_keytab() in the code:

     * Priority of lookup:
     * - our.hostname@REALM or host/our.hostname@REALM depending on the input
     * - SHORT.HOSTNAME$@REALM (AD domain)
     * - host/our.hostname@REALM
     * - foobar$@REALM (AD domain)
     * - host/foobar@REALM
     * - host/foo@BAR
     * - pick the first principal in the keytab
     */

It would be helpful if similar information is presented in the man page.

Additional info:

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1450778

2 years ago

Metadata Update from @jhrozek:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1450778

2 years ago

Metadata Update from @jhrozek:
- Issue priority set to: trivial

2 years ago

Since we are required to release a new upstream tarball no later than Friday Oct-20, I'm moving tickets that will not be closed by that date to the next milestone, 1.16.1

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.1 (was: SSSD 1.16.0)

2 years ago

Metadata Update from @jhrozek:
- Issue tagged with: postpone-to-2-0

2 years ago

Metadata Update from @jhrozek:
- Issue tagged with: docs

2 years ago

Metadata Update from @jhrozek:
- Issue untagged with: postpone-to-2-0
- Issue set to the milestone: SSSD 2.0 (was: SSSD 1.16.1)

2 years ago

Downstream requested us to fix this sooner.

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.16.3 (was: SSSD 2.0)

2 years ago

Metadata Update from @fidencio:
- Issue close_status updated to: Fixed
- Issue status updated to: Closed (was: Open)

2 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4501

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata