On Fri, Apr 22, 2016 at 04:29:36PM +0200, Sumit Bose wrote: > On Fri, Apr 22, 2016 at 03:20:56PM +0200, Jakub Hrozek wrote: > > On Wed, Apr 13, 2016 at 03:45:22PM +0200, Sumit Bose wrote: > > > Hi, > > > > > > this is a bit of a follow-up patch to "subdomains: inherit > > > ldap_krb5_keytab". It turned out that if the default keytab contains > > > some completely unrelated keys the SASL initialization might e.g. pick a > > > wrong realm name because the alternative keytab was only added later > > > during the initialization. > > > > > > bye, > > > Sumit > > > > > > > How do I test this patch? I tried to set: > > krb5_keytab = /tmp/another.keytab > > which was just a copy of the ordinary host keytab, but then lookups of > > users from trusted domains stopped working.. > > did you set 'subdomain_inherit = ldap_krb5_keytab' as well?
No I didn't and that helped. With keytab moved to /tmp and subdomain_inherit = ldap_krb5_keytab I was able to verify that lookups for both main and child domain work. Before, the child domain lookups errored out with "no ID ctx for domain..." ACK _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
