So yes I saw krb5_map_user, problem is we have hundreds of these users and that list grows and shrinks dynamically as people come and go. I could do some really terrible hack to pull the data from wherever and stick it into krb5_map_user but that's just awful. Ultimately regex support here would solve everything.
I can't fully answer your second question yet, I am digging into it and I don't know this area of auth well enough. It appears for the moment that user/sudo is NOT a separate object. I know we don't have any other kerb other than the AD so perhaps we are injecting principles directly into the krb database in AD, which I realize is just backed into LDAP etc. etc. I'll pass along more info when I have it. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
