Hi, Can you bring this issue up on the sssd-devel list so it can be discussed with other developers as well? Or open an upstream ticket.
I don't like the idea of trying all principals in the keytab, simply because it would be uneffective, but I would personally be fine with using the same code that we use for selecting the 'right' principal which is either what the admin sets manually as ldap_sasl_authid, or, the default AD case which is shortname$@realm. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1274543 Title: sssd-ad uses wrong key to verify tgt at login time To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1274543/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
