Sumit Bose wrote:
> Hi,
>
> this patch to the sssd-krb5 man page should clarify how the krb5
> provider will find the right UPN.
>
> This hopefully fixes #204.
>
> Please fell free to correct any grammar or spelling mistakes.
>
> bye,
> Sumit
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> sssd-devel mailing list
> sssd-devel@lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/sssd-devel
<snip>
<term>krb5try_simple_upn (boolean)</term>
<listitem>
<para>
- Set this option to 'true'
- if an User Principle Name (UPN) cannot be found in
sysdb
- and you want to use an UPN like 'usern...@realm'.
+ Set this option to ´true´ if the identity provider
+ cannot supply an User Principle Name (UPN). In this
+ case sssd will try to request a TGT with an UPN
+ build as ´usern...@realm´.
</para>
<para>
</snip>
Default: false
Okay, as I see it know, if only the username is stored in the db, you
can set this to true and upon kerberos authentication the request will
be sent with usern...@realm and realm is what is defined in krb5REALM
... correct? If so, "kbr5try_simple_upn", is still confusing. why not
krb5_construct_upn or something ... ?
~Jenny
--
Jenny Galipeau <jgali...@redhat.com>
Principal Software QA Engineer
Red Hat, Inc. Security Engineering
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
