[Freeipa-devel] [SSSD] krb5.conf on IPA server and SSSD setup
Alexander Bokovoy
abokovoy at redhat.com
Tue Jan 29 21:08:09 UTC 2013
On Tue, 29 Jan 2013, Jakub Hrozek wrote:
>On Tue, Jan 29, 2013 at 10:50:02PM +0200, Alexander Bokovoy wrote:
>> And here I'm coming to grave error in the SSSD code: the name of
>> explicit mapping file contains non-filtered domain name, which contains
>> dot. krb5.conf manual page states that includedir allows to source all
>> files which names are constructed from alpha-numeric chars, dashes and
>> underscores.
>>
>> Files with other characters are ignored. So dots as in
>> domain_realm_example.com are ignored and our mapping is never sourced.
>>
>> For IDN domains we also will need to transform the name into its
>> Punycode (RFC3492) to avoid breaking out of alpha-numeric space.
>>
>> I'd suggest replacing dots with underscores.
>
>Please file a ticket
https://bugzilla.redhat.com/show_bug.cgi?id=905650
https://fedorahosted.org/sssd/ticket/1795
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list