> On 6 Apr 2018, at 17:54, Bastian Rosner <bro-s...@d00m.org> wrote: > > Unfortunately, users from other domains can't use their Kerberos ticket, only > password works. These users are specifying their domain on login.
This all sounds like the issue is not on the SSSD level, but either the krb5.conf configuration might be perhaps missing the domain-realm mappings, but what you said next was interesting: > Surprisingly, once logged in after authenticating with a password, > foreign-domain users are able to issue a Kerberos ticket with kinit if they > specify username@FQDN Hmm, are you saying that if you log in with a password you don’t get a TGT? _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
