On Fri, May 15, 2015 at 09:44:31PM +0200, Lukas Slebodnik wrote:
> On (15/05/15 17:27), Andy Thompson wrote:
> >Is there a way to enforce case sensitivity for trusted AD users?  I am
> trying to use username for ssh chroots and I can authenticated with any
> case combination of <UsERname> but if ssh is set to match on <username>
> then the chroot is not enforced and the user is dropped to their usual
> home directory.  I found a case_sensitive option for sssd but it does not
> seem to have any affect.   Running RHEL6.6 clients.
> >
> 
> IPA domain is by default case sensitive.
> So You will not change anything if you put "case_sensitive = true" into domain
> section of sssd.conf.
> 
> But SSSD will create subdomains for each AD domain. It is different 
> id_provider
> therefore different default values are used for subdomains and for AD provider
> it is case *insensitive* by default.
> 
> Currently there's no way how to change it for subdomains (AD trusted domains)
> 

What are you using for the SSH matching? The way the case
insensitiveness is implemented in SSSD is that all usernames are
forcibly lowercased on output, so as long as SSH uses the standard NSS
calls, you should be good with using the lowecase usernames..

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to