[Freeipa-devel] [SSSD] krb5.conf on IPA server and SSSD setup
Jakub Hrozek
jhrozek at redhat.com
Tue Jan 29 21:11:17 UTC 2013
On Tue, Jan 29, 2013 at 10:03:38PM +0100, Jakub Hrozek wrote:
> On Tue, Jan 29, 2013 at 10:50:02PM +0200, Alexander Bokovoy wrote:
> > And here I'm coming to grave error in the SSSD code: the name of
> > explicit mapping file contains non-filtered domain name, which contains
> > dot. krb5.conf manual page states that includedir allows to source all
> > files which names are constructed from alpha-numeric chars, dashes and
> > underscores.
> >
> > Files with other characters are ignored. So dots as in
> > domain_realm_example.com are ignored and our mapping is never sourced.
> >
> > For IDN domains we also will need to transform the name into its
> > Punycode (RFC3492) to avoid breaking out of alpha-numeric space.
> >
> > I'd suggest replacing dots with underscores.
>
> Please file a ticket
OK, I cloned the F18 bug into:
https://fedorahosted.org/sssd/ticket/1795
More information about the Freeipa-devel
mailing list