You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This should be made available as an option in sssd.conf, defaulting to enabled in the ipa provider. Due to compatibility issues with older servers, it needs to default to false in the krb5 provider.
summary: Add support to request canonicalization on krb AS requests => [RFE] Add support to request canonicalization on krb AS requests
type: defect => enhancement
Simo, does this change need to be implemented in LDAP provider as well?
For initialization of the credentials we have in the keytab ?
We might but it is not critical. We generally have the canonicalized name in the keytab anyway. But it wouldn't hurt.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/957
We should add support to set the canonicalization option with krb5_get_init_creds_opt_set_canonicalize() when asking for a TGT.
We should do that both in get_and_save_tgt_with_keytab() and probably krb5_child_setup()
Comments
Comment from sgallagh at 2011-08-08 21:48:59
This should be made available as an option in sssd.conf, defaulting to enabled in the ipa provider. Due to compatibility issues with older servers, it needs to default to false in the krb5 provider.
component: SSSD => Kerberos Provider
milestone: NEEDS_TRIAGE => SSSD 1.7.0
owner: somebody => sgallagh
priority: major => blocker
Comment from jgalipea at 2011-10-06 15:47:07
Fields changed
summary: Add support to request canonicalization on krb AS requests => [RFE] Add support to request canonicalization on krb AS requests
type: defect => enhancement
Comment from jzeleny at 2011-10-19 09:12:19
Fields changed
owner: sgallagh => jzeleny
status: new => assigned
Comment from jzeleny at 2011-10-20 10:48:30
Fields changed
patch: 0 => 1
Comment from jzeleny at 2011-10-25 12:35:33
Simo, does this change need to be implemented in LDAP provider as well?
Comment from simo at 2011-10-31 20:14:58
Replying to [comment:5 jzeleny]:
For initialization of the credentials we have in the keytab ?
We might but it is not critical. We generally have the canonicalized name in the keytab anyway. But it wouldn't hurt.
Comment from sgallagh at 2011-11-02 19:14:57
Fixed by:
- 20c1873
- 7dfc761
- ed80a7f
resolution: => fixed
status: assigned => closed
Comment from sgallagh at 2012-01-30 22:05:36
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=785907
rhbz: => [https://bugzilla.redhat.com/show_bug.cgi?id=785907 785907]
Comment from simo at 2017-02-24 14:26:40
Metadata Update from @Simo:
The text was updated successfully, but these errors were encountered: