Our IPA servers are in a one-way AD trust. Since all of our users are in AD, I take advantage of the SSSD settings on the clients to hide the @AD_REALM from their login names, and use AD_REALM as the default_realm. This works nicely.
Solaris clients, however, do not have the convenience of SSSD. I understand that the fully-qualified login names are required for systems using the compat feature so that the IPA servers know to lookup those users in AD. Still, I was wondering if there is anyway of doing something similar on Solaris to hide the domain part if it is the default. I had hoped that maybe an idview would do it, but seems unlikely.
Amos
freeipa-users@lists.fedorahosted.org