On Thu, Nov 24, 2016 at 08:10:30AM +0100, Troels Hansen wrote:
Hi there
After default_domain_suffix finally began working corretly in SSSD 1.14 we have started
using it, but have found a side affect og not logging in with full domain:
We currently have some AD domain users having a override on out IPA servers, where they
have added their SSH key.
If AuthorizedKeysCommand is set to sss_ssh_authorizedkeys in SSH without a domain (-d) it
will not try to look up the users SSH key
I would suppose that sss_ssh_authorizedkeys should at least try to look up the user with
the default_domain_suffix from sssd.conf?
Even better would probably be to implement a fallback to try both the configured
ipa_domain and default_domain_suffix?
This sounds like something that should just work with 1.14. Can you paste
your server and client config files and the sss_ssh_authorizedkeys
configuration (should be just the default, right?) that doesn't work for
you so we can try to reproduce the issue locally?