URL: https://github.com/SSSD/sssd/pull/69
Title: #69: krb5: Use command line arguments instead env vars for krb5_child
lslebodn commented:
"""
On (11/11/16 03:13), sumit-bose wrote:
>Sorry, this issue was introduced by a assume simple last minute change which I
>didn't test properly. I couldn't decide if I want to keep the options in the
>global krb5_ctx since the currently do not change or if they will always be
>generated on the fly. I finally picked the latter to avoid issues in future
>with options changing per request but didn't do the change properly.
>
I ran some downstream tests and there are failures
with authentication for krb5-fast-principal related tests
sssd.conf lokks like:
```
[domain/LDAP-KRB5]
debug_level=0xFFF0
id_provider = ldap
ldap_uri = ldap://$SERVER
ldap_search_base = dc=example,dc=com
auth_provider = krb5
krb5_server = $SERVER
krb5_realm = EXAMPLE.COM
krb5_use_fast = demand
krb5_fast_principal = host/$CLIENT
```
```
[domain/LDAP-KRB5]
debug_level=0xFFF0
id_provider = ldap
ldap_uri = ldap://$SERVER
ldap_search_base = dc=example,dc=com
auth_provider = krb5
krb5_server = $SERVER
krb5_realm = EXAMPLE.COM
krb5_use_fast = demand
krb5_fast_principal = host/$CLIENT
krb5_validate = true
```
and maybe more issues later :-)
LS
"""
See the full comment at
https://github.com/SSSD/sssd/pull/69#issuecomment-260936892
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
