Hi,
I've found a misleading statement in the man page, this patch should fix it.
bye, Sumit
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/19/2010 04:44 AM, Sumit Bose wrote:
Hi,
I've found a misleading statement in the man page, this patch should fix it.
Nack. GSSAPI does not guarantee that Kerberos is available for user logins. It's strongly indicative, but it WOULD be possible for an environment to be set up to use GSSAPI instead of certificates for maintaining client->LDAP connectivity, without using Kerberos for auth.
Yes, it would make more SENSE to use Kerberos for auth in this situation, but it's not mandatory.
Also, I was under the impression that we DID support authentication over GSSAPI. If that's not true, please file an enhancement bug.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/19/2010 06:39 AM, Stephen Gallagher wrote:
On 11/19/2010 04:44 AM, Sumit Bose wrote:
Hi,
I've found a misleading statement in the man page, this patch should fix it.
Nack. GSSAPI does not guarantee that Kerberos is available for user logins. It's strongly indicative, but it WOULD be possible for an environment to be set up to use GSSAPI instead of certificates for maintaining client->LDAP connectivity, without using Kerberos for auth.
Yes, it would make more SENSE to use Kerberos for auth in this situation, but it's not mandatory.
Also, I was under the impression that we DID support authentication over GSSAPI. If that's not true, please file an enhancement bug.
After discussion with Sumit on IRC, I withdraw my nack. This is something we can add later if we actually get a request for it.
Ack to the manpage change.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/19/2010 07:38 AM, Stephen Gallagher wrote:
On 11/19/2010 06:39 AM, Stephen Gallagher wrote:
On 11/19/2010 04:44 AM, Sumit Bose wrote:
Hi,
I've found a misleading statement in the man page, this patch should fix it.
Nack. GSSAPI does not guarantee that Kerberos is available for user logins. It's strongly indicative, but it WOULD be possible for an environment to be set up to use GSSAPI instead of certificates for maintaining client->LDAP connectivity, without using Kerberos for auth.
Yes, it would make more SENSE to use Kerberos for auth in this situation, but it's not mandatory.
Also, I was under the impression that we DID support authentication over GSSAPI. If that's not true, please file an enhancement bug.
After discussion with Sumit on IRC, I withdraw my nack. This is something we can add later if we actually get a request for it.
Ack to the manpage change.
Pushed to master.
- -- Stephen Gallagher RHCE 804006346421761
Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/
sssd-devel@lists.fedorahosted.org