On Fri, Oct 26, 2018 at 12:15:44PM -0400, Tom wrote:
Thanks Sumit. And canonicalize = yes in [libdefaults] will make that happen on login I think.
SSSD controls this option on its own, so if you want to be on the safe side you can set 'krb5_canonicalize = True' in sssd.conf.
But only the plain 'krb5' auth provider would use the default of 'False'. The 'ad' and 'ipa' providers have 'krb5_use_enterprise_principal = True' be default which will switch on canonicalization as well.
bye, Sumit
Sent from my iPhone
On Oct 26, 2018, at 11:40 AM, Sumit Bose sbose@redhat.com wrote:
On Fri, Oct 26, 2018 at 11:03:05AM -0400, Tom wrote: Is there a way to ensure the principal generated has the lowercase user not an uppercase user showing up in kinit?
The principal is part of the ticket generated by the KDC. So you have to make sure the canonical principal on the KDC is in lower case and use canonicalization on the client side ('-C' with kinit).
HTH
bye, Sumit
Cheers, Tom
Sent from my iPhone _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...