> Hi Aron,
> the support case you referenced is linked to bugzilla
> https://bugzilla.redhat.com/show_bug.cgi?id=1066153 which is fully acked
> for RHEL-6.6, the state of the bugzilla is ON_QA, so currently it looks the
> patch will be released in 6.6..
username@domain is coded in the NFS spec as an NFS id which goes over the wire.
It's unclear what allowing two "@" signs means (which "@" separates username
from doman, and which is part of one of these components?) While I'm sure this
patch is trivial and I'm certain the patch works, it breaks interoperability
with everything not running the patch (all non-linux and any non RHEL/Centos
6.6 linux). This is probably acceptable in certain closed environments, but I
can never use it here.
However, patching the idmapper so that if the username already contains an "@",
it doesn't add another one should also be trivial and should also work. It has
the added benefit of not trashing interoperability. Conceptually, it allows
sssd to convey both username and domain with no extra overhead and upgrades the
linux nfs idmapper to handle living on a system which understands more than a
flat namespace. To do it right, sssd always needs to supply the nfs idmapper
usernames of the form "username@domain" regardless of the regex used to parse
out those components at the login prompt.
I'd have put that on the bugzilla, but I can't get at it.
This electronic message contains information generated by the USDA solely for
the intended recipients. Any unauthorized interception of this message or the
use or disclosure of the information it contains may violate the law and
subject the violator to civil or criminal penalties. If you believe you have
received this message in error, please notify the sender and delete the email
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project