On Mon, Aug 22, 2016 at 09:00:34AM +0000, Joakim Tjernlund wrote:
> I changed the default REALM in krb5.conf but that did not have any effect on
> logins.
> I had to change the order of domains = in sssd.conf for logins to switch over
> to the
> new default domain. Should not sssd respect default_realm = xx in krb5.conf?
> Using sssd 1.13.4
no, default_realm is an option for libkrb5 which is used in the case
when no realm is available. E.g. if default_realm is not set
kinit user
will fail while
kinit [email protected]
will work (as long as kinit can find a KDC for EXAMPLE.COM and
[email protected] is know to the KDC).
If you set default_realm = MY_REALM.COM
kinit user
will try to get a ticket for user@MY_REALM.COM while
kinit [email protected]
will still try to get a ticket for [email protected].
HTH
bye,
Sumit
>
> Jocke
> _______________________________________________
> sssd-users mailing list
> [email protected]
> https://lists.fedorahosted.org/admin/lists/[email protected]
_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/admin/lists/[email protected]
