That is an excellent question. I'm guessing you're meaning connecting to an AD back-end.
We've had beaucoup problems historically with that; AD itself is not case sensitive, but Kerberos client on Linux very much is. Our (Windows-based) erstwhile AD admins love them some camel-case user principal names. And we're Linux engineers, so AD is not in our span of control. We're merely consumers of it. We'd used other AD integration tools where you have an explicit option to "map samAcccountName or UPN to lower case". Then -- regardless of the case that your AD admin used for user name, it gets mapped in Linux to lower case. I'm looking at our SSSD deployments. They seem to do this auto-magically. whatever case I use to log in, it gets accepted and it consistently maps the login name to lower case. That's good for us, but I'd guess some companies wouldn't like this -- now the Linux account name doesn't match the Kerberos principal name. Spike
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
