Learn more about these different git repos.
Other Git URLs
The sssd-ldap manual page says:
Specify the Kerberos REALM (for SASL/GSSAPI auth).
Default: System defaults, see /etc/krb5.conf
That's not true since we added the online/offline callbacks to create and delete kdcinfo files. They require the realm to be specified to construct the pathname of the kdcinfo files.
We have two options:
1. Fix the manual page to say the realm is required
2. Fix the code so it's in sync with the manual page and get the default realm from krb5.conf using krb5_get_default_realm()
Please note that the Kerberos auth provider requires the realm to be specified. This might be confusing to users and is already being tracked by ticket #570.
I vote for fixing the code to fetch the realm from the krb5 profile if this attribute is not set and the value is used.
Users must set stuff right in /etc/krb5.conf anyway in general, so it make sense to allow them to let sssd pick up values from there.
I agree, we should try a sequence of fallbacks in the krb5 provider if krb5_realm is not given, like checking krb5_get_default_realm() and if this fails we can try with the uppercase name of the sssd domain as we do int the ipa provider.
milestone: NEEDS_TRIAGE => SSSD 1.5.13
owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned
- 7452c32 (master)
- c3423f9 (sssd-1-6)
- 575096c (sssd-1-5)
resolution: => fixed
status: assigned => closed
rhbz: => 0
Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.5.13
to comment on this ticket.