On Tue, 2016-08-23 at 15:56 +0200, Sumit Bose wrote: > On Mon, Aug 22, 2016 at 09:00:34AM +0000, Joakim Tjernlund wrote: > > > > I changed the default REALM in krb5.conf but that did not have any effect > > on logins. > > I had to change the order of domains = in sssd.conf for logins to switch > > over to the > > new default domain. Should not sssd respect default_realm = xx in krb5.conf? > > Using sssd 1.13.4 > > no, default_realm is an option for libkrb5 which is used in the case > when no realm is available. E.g. if default_realm is not set > > kinit user > > will fail while > > kinit [email protected] > > will work (as long as kinit can find a KDC for EXAMPLE.COM and > [email protected] is know to the KDC). > > If you set default_realm = MY_REALM.COM > > kinit user > > will try to get a ticket for user@MY_REALM.COM while > > kinit [email protected] > > will still try to get a ticket for [email protected].
Yes, this is what I would expect but when I login(over LXDM) with only user name I get a ticket for whatever domain which is listed first in domains = REALM1,REALM2 not the default realm krb5.conf: default_realm = REALM2 Jocke _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
