Learn more about these different git repos.
Other Git URLs
Per this: https://docs.pagure.org/SSSD.sssd/users/pam_krb5_migration.html it looks like an attempt was made to integrate all that pam_krb5 offered into sssd. However support for mapping users using regexes was not included: https://docs.pagure.org/SSSD.sssd/users/pam_krb5_migration.html#localauth-k5login instead static mapping of users was included. This unfortunately doesn't scale very well. The details of our particular use case are here: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org/thread/L5HBZGOENS5FH6J2XUJX2HUSGCE4CSFL/
The short version is that we need the ability to remap the user dynamically, we have <username> objects and <username>-sudo objects that exist in the AD, we remap sudo auth to go against the <username>-sudo objects using the following in /etc/krb5.conf: pam = { debug = false forwardable = true renew_lifetime = 24h ticket_lifetime = 24h krb4_convert = false mappings = ^(.*)$ $1/sudo }
Something like this is no longer supported in SSSD and as such we have had to repackage pam_krb5 into our own repo for RHEL 8.
-Erinn
Metadata Update from @thalman: - Issue tagged with: Future milestone
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/5071
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Metadata Update from @pbrezina: - Issue close_status updated to: cloned-to-github - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.