Issue #3530: alias broken when canonicalization is not requested - freeipa

freeipa

#3530 alias broken when canonicalization is not requested

Opened 11 years ago by simo. Modified 7 years ago

If kerberos principal aliases are added to an entry, AS requests that do not request canonicalization receive back a CLIENT_NOT_FOUND error.

I tested this by adding a second principal with a different case to my ipa server host/ entry and also adding the canon name.

Example:

krbPrincipalName: host/server.example.com@EXAMPLE.COM
krbPrincipalName: HOST/server.example.com@EXAMPLE.COM
krbCanonicalName: host/server.example.com@EXAMPLE.COM

"kinit -kt /etc/krb5.keytab" fails
"kinit -C -kt /etc/krb5.keytab" succeeds

Both should succeed when using the default name.

mkosek commented 10 years ago

Merge KDC LDAP components to one.

Metadata Update from @simo:
- Issue assigned to someone
- Issue set to the milestone: Future Releases

7 years ago

Metadata

Assignee

someone

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

Future Releases

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

KDC LDAP driver

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

todo

tester

None

changelog

None

design

None

freeipa

Source Code

#3530 alias broken when canonicalization is not requested Opened 11 years ago by simo. Modified 7 years ago

Close issue as:

Metadata

#3530 alias broken when canonicalization is not requested

Opened 11 years ago by simo. Modified 7 years ago