Hi there

After default_domain_suffix finally began working corretly in SSSD 1.14 we have started using it, but have found a side affect og not logging in with full domain:

We currently have some AD domain users having a override on out IPA servers, where they have added their SSH key.

If AuthorizedKeysCommand is set to sss_ssh_authorizedkeys in SSH without a domain (-d) it will not try to look up the users SSH key

I would suppose that sss_ssh_authorizedkeys should at least try to look up the user with the default_domain_suffix from sssd.conf?

Even better would probably be to implement a fallback to try both the configured ipa_domain and default_domain_suffix?



--

Med venlig hilsen

Troels Hansen

Systemkonsulent

Casalogic A/S

T  (+45) 70 20 10 63

M (+45) 22 43 71 57


Red Hat, SUSE, VMware, Citrix, Novell, Yellowfin BI, EnterpriseDB, Sophos og meget mere.