I disagree with the idea of using gethostbyname()

Especially for the example above where we have a shortname, as gethostbyname() will easily break in case of romaing machines that get their resolv.conf via dhcp.
It would make it difficult for an admin to understand why: "laptop works in the office but breaks at home".

When we have the kerberos driver configured we should get the full hostname from the keytab.
When pure ldap drivers are in use we should simply log loudly in syslog that we really need a fully qualified name, and let admins deal with that (of course we should add that requirement to the documentation too).

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.6.0

Fields changed

owner: somebody => jzeleny

Ok, after a brief code inspection I'm going to close this bug.

I focused on those parts of the code where gethostname() is used. The only part where it makes any sense to think about canonicalizing the hostname is the recently added patch solving host based access control. In other parts it either doesn't make much sense or it's already in place.

resolution: => wontfix
status: new => closed

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1857

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.