URL: https://github.com/SSSD/sssd/pull/193 Author: lslebodn Title: #193: UTIL: Use max 15 characters for AD host UPN Action: synchronized
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/193/head:pr193 git checkout pr193
From f6dc8a0a50090c923f27d6b25b4b9be20f12e708 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik <lsleb...@redhat.com> Date: Tue, 14 Mar 2017 10:34:00 +0100 Subject: [PATCH] UTIL: Use max 15 characters for AD host UPN We do not want to use host principal with AD "host/name.domain....@domain.tld" becasue it does not work. We need to use correct user principal for AD hosts. And we cannot rely all fallback "*$" becuase of other principals in keytab. The NetBIOS naming convention allows for 16 characters in a NetBIOS name. Microsoft, however, limits NetBIOS names to 15 characters and uses the 16th character as a NetBIOS suffix. https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name Resolves: https://pagure.io/SSSD/sssd/issue/3329 --- src/util/sss_krb5.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index d461cf8..8dfb6af 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -51,7 +51,13 @@ sss_krb5_get_primary(TALLOC_CTX *mem_ctx, *c = toupper(*c); } - primary = talloc_asprintf(mem_ctx, "%s$", shortname); + /* The samAccountName is recommended to be less than 20 characters. + * This is only for users and groups. For machine accounts, + * the real limit is caused by NetBIOS protocol. + * NetBIOS names are limited to 16 (15 + $) + * https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name + */ + primary = talloc_asprintf(mem_ctx, ".15%s$", shortname); talloc_free(shortname); return primary; }
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org