Sumit Bose wrote: > Hi, > > this patch to the sssd-krb5 man page should clarify how the krb5 > provider will find the right UPN. > > This hopefully fixes #204. > > Please fell free to correct any grammar or spelling mistakes. > > bye, > Sumit > > ------------------------------------------------------------------------ > > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel <snip>
<term>krb5try_simple_upn (boolean)</term> <listitem> <para> - Set this option to 'true' - if an User Principle Name (UPN) cannot be found in sysdb - and you want to use an UPN like 'usern...@realm'. + Set this option to ´true´ if the identity provider + cannot supply an User Principle Name (UPN). In this + case sssd will try to request a TGT with an UPN + build as ´usern...@realm´. </para> <para> </snip> Default: false Okay, as I see it know, if only the username is stored in the db, you can set this to true and upon kerberos authentication the request will be sent with usern...@realm and realm is what is defined in krb5REALM ... correct? If so, "kbr5try_simple_upn", is still confusing. why not krb5_construct_upn or something ... ? ~Jenny -- Jenny Galipeau <jgali...@redhat.com> Principal Software QA Engineer Red Hat, Inc. Security Engineering _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel