URL: https://github.com/SSSD/sssd/pull/302 Author: sumit-bose Title: #302: krb5: disable enterprise principals during password changes Action: opened
PR body: """ Currently using enterprise principals during password changes does not work reliable.
First there is a special behavior if canonicalization, which in general should be used together with enterprise principals, is enabled with AD, see https://pagure.io/SSSD/sssd/issue/1405 and https://pagure.io/SSSD/sssd/issue/1615 for details. As a result of this SSSD currently disables canonicalization during password changes.
Additionally it looks like MIT Kerberos does not handle canonicalized principals well, even if canonicalization is enabled, if not the default krbtgt/REALM@REALM but kadmin/changepw@REALM is requested. Since it is currently not clear what is the expected behavior here it make sense to completely disable enterprise principals during password changes for the time being.
Resolves https://pagure.io/SSSD/sssd/issue/3426 """
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/302/head:pr302 git checkout pr302
URL: https://github.com/SSSD/sssd/pull/302 Title: #302: krb5: disable enterprise principals during password changes
jhrozek commented: """ (Just waiting for CI now..) """
See the full comment at https://github.com/SSSD/sssd/pull/302#issuecomment-307082861
URL: https://github.com/SSSD/sssd/pull/302 Title: #302: krb5: disable enterprise principals during password changes
jhrozek commented: """ CI: http://sssd-ci.duckdns.org/logs/job/71/16/summary.html """
See the full comment at https://github.com/SSSD/sssd/pull/302#issuecomment-307116658
URL: https://github.com/SSSD/sssd/pull/302 Title: #302: krb5: disable enterprise principals during password changes
Label: +Accepted
URL: https://github.com/SSSD/sssd/pull/302 Title: #302: krb5: disable enterprise principals during password changes
jhrozek commented: """ * master: 614057ea85c05d3a6d4b62217a41b8b5db8d5d38 """
See the full comment at https://github.com/SSSD/sssd/pull/302#issuecomment-307131639
URL: https://github.com/SSSD/sssd/pull/302 Author: sumit-bose Title: #302: krb5: disable enterprise principals during password changes Action: closed
To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/302/head:pr302 git checkout pr302
URL: https://github.com/SSSD/sssd/pull/302 Title: #302: krb5: disable enterprise principals during password changes
Label: +Pushed
sssd-devel@lists.fedorahosted.org