> Hi Aron,
> the support case you referenced is linked to bugzilla
> https://bugzilla.redhat.com/show_bug.cgi?id=1066153 which is fully acked
> for RHEL-6.6, the state of the bugzilla is ON_QA, so currently it looks the
> patch will be released in 6.6..

username@domain is coded in the NFS spec as an NFS id which goes over the wire. 
It's unclear what allowing two "@" signs means (which "@" separates username 
from doman, and which is part of one of these components?) While I'm sure this 
patch is trivial and I'm certain the patch works, it breaks interoperability 
with everything not running the patch (all non-linux and any non RHEL/Centos 
6.6 linux). This is probably acceptable in certain closed environments, but I 
can never use it here.

However, patching the idmapper so that if the username already contains an "@", 
it doesn't add another one should also be trivial and should also work. It has 
the added benefit of not trashing interoperability. Conceptually, it allows 
sssd to convey both username and domain with no extra overhead and upgrades the 
linux nfs idmapper to handle living on a system which understands more than a 
flat namespace. To do it right, sssd always needs to supply the nfs idmapper 
usernames of the form "username@domain" regardless of the regex used to parse 
out those components at the login prompt.

I'd have put that on the bugzilla, but I can't get at it.


This electronic message contains information generated by the USDA solely for 
the intended recipients. Any unauthorized interception of this message or the 
use or disclosure of the information it contains may violate the law and 
subject the violator to civil or criminal penalties. If you believe you have 
received this message in error, please notify the sender and delete the email 

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to