On Tue, 2012-10-02 at 21:29 +0200, Sumit Bose wrote:
> Hi,
> this patch should fix https://fedorahosted.org/freeipa/ticket/2955 by
> adding a fallback group as described in comment 2 of the ticket in
> ipa-adtrust-install.
> If you prefer to use a different kind of group I can change the patch
> accordingly.

Yes I think we should use a more natural group name. In my recent
testing I have been using the name 'Trust Users' that pairs well with
another group we create called 'Trust Admins'. But I am open to
suggestions on a better name, 'Domain Users' may be better if we really
want to associate the wellknown SID to this group.

On the SID side I wonder if using the wellknown 'Domain Users' SID is
the right thing to do. I do not see any special reasons why it shouldn't
but I also do not have any special reason why we should.
Anyone can think of any pros/cons of doing that ?


Simo Sorce * Red Hat, Inc * New York

Freeipa-devel mailing list

Reply via email to