#570 fall back to defaults from krb5.conf if the realm is not specified explicitly in sssd.conf
Closed: Invalid None Opened 9 years ago by jhrozek.

In most cases, like kerberos and IPA provider, SSSD enforces that the realm must be specified in the config file. On the other hand, in the case of using LDAP provider with GSSAPI mech, the realm is not required and the ldap_child can autodiscover it from /etc/krb5.conf.

I think it would be better if the behaviour was the same in all providers. Simo even suggested that we might make the krb5_realm option optional and fall back to getting the realm via krb5_get_default_realm.


Fields changed

milestone: NEEDS_TRIAGE => SSSD Deferred

Fields changed

coverity: =>
milestone: SSSD Deferred => NEEDS_TRIAGE
patch: => 0
rhbz: =>
upgrade: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.8.0

Changing the description to better match the scope of the ticket.

summary: standardize on requiring the Kerberos realm => fall back to defaults from krb5.conf if the realm is not specified explicitly in sssd.conf

Fields changed

blockedby: =>
blocking: =>
milestone: SSSD 1.8.0 => SSSD 1.9.0 NEEDS_TRIAGE

Fields changed

milestone: SSSD 1.9.0 NEEDS_TRIAGE => SSSD Kerberos improvements

Fields changed

feature_milestone: =>
proposed_priority: => Important

Moving all the features planned for 1.10 release into 1.10 beta.

milestone: SSSD Kerberos Improvements Feature => SSSD 1.10 beta

Fields changed

priority: major => minor

Fields changed

priority: minor => major

Fields changed

selected: => Not need

Moving tickets that are not a priority for SSSD 1.10 into the next release.

milestone: SSSD 1.10 beta => SSSD 1.11 beta

Fields changed

design: =>
design_review: => 0
fedora_test_page: =>
owner: somebody => arielb
review: => 0
status: new => assigned

as last condition if fails sssd.conf and krb5.conf, taking the domain is viable?

similar as this:

dp_opt_get_string(opts, KRB5_REALM); // 1

krb5_get_default_realm(krb_ctx, &default_realm); //2

get_uppercase_realm(opts, domain); //3

Fields changed

mark: => 0

Patches welcome..

changelog: =>
owner: arielb => somebody
priority: major => trivial
review: 0 => 1
status: assigned => new

Fields changed

milestone: SSSD 1.13 beta => SSSD 1.13 backlog

Mass-moving tickets not planned for any immediate release and re-setting priority.

milestone: SSSD 1.13 backlog => SSSD Deferred
priority: trivial => major

Fields changed

component: SSSD => Kerberos Provider
sensitive: => 0

This ticked is no longer valid, therefore closing.

resolution: => wontfix
status: new => closed

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD Patches welcome

2 years ago

Login to comment on this ticket.

Metadata