URL: https://github.com/SSSD/sssd/pull/69 Title: #69: krb5: Use command line arguments instead env vars for krb5_child
lslebodn commented: """ On (11/11/16 03:13), sumit-bose wrote: >Sorry, this issue was introduced by a assume simple last minute change which I >didn't test properly. I couldn't decide if I want to keep the options in the >global krb5_ctx since the currently do not change or if they will always be >generated on the fly. I finally picked the latter to avoid issues in future >with options changing per request but didn't do the change properly. > I ran some downstream tests and there are failures with authentication for krb5-fast-principal related tests sssd.conf lokks like: ``` [domain/LDAP-KRB5] debug_level=0xFFF0 id_provider = ldap ldap_uri = ldap://$SERVER ldap_search_base = dc=example,dc=com auth_provider = krb5 krb5_server = $SERVER krb5_realm = EXAMPLE.COM krb5_use_fast = demand krb5_fast_principal = host/$CLIENT ``` ``` [domain/LDAP-KRB5] debug_level=0xFFF0 id_provider = ldap ldap_uri = ldap://$SERVER ldap_search_base = dc=example,dc=com auth_provider = krb5 krb5_server = $SERVER krb5_realm = EXAMPLE.COM krb5_use_fast = demand krb5_fast_principal = host/$CLIENT krb5_validate = true ``` and maybe more issues later :-) LS """ See the full comment at https://github.com/SSSD/sssd/pull/69#issuecomment-260936892
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org