sssd professionals,
When the sssd-ldap man page refers to "hostname", is it referring to the short name or the FQDN? I know nebiosname is short, with a '$' on the end.
From sssd-ldap man page:
ldap_sasl_authid (string) Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, this represents the Kerberos principal used for authentication to the directory. This option can either contain the full principal (for example host/myhost@EXAMPLE.COM) or just the principal name (for example host/myhost). By default, the value is not set and the following principals are used:
hostname@REALM netbiosname$@REALM host/hostname@REALM *$@REALM host/*@REALM host/*
If none of them are found, the first principal in keytab is returned.
Default: host/hostname@REALM
Spike White
Hi,
There is always confusion when talking about hostnames and FQDN :-)
Here we are talking about a hostname that has a domain part in it - i. e. long one. But strictly speaking it is not the same thing as FQDN because the machine can have multiple addresses/interfaces and various FQDNs associated with them on a DNS server. So we stick to the term `hostname` in the man page rather than FQDN.
I think that it is also one of the requirements when enrolling into the IPA domain, that the hostname has the domain part and this name can be resolved to one of host's addresses.
HTH Tom
On Fri, May 17, 2024 at 10:37 PM Spike White spikewhitetx@gmail.com wrote:
sssd professionals,
When the sssd-ldap man page refers to "hostname", is it referring to the short name or the FQDN? I know nebiosname is short, with a '$' on the end.
From sssd-ldap man page:
ldap_sasl_authid (string) Specify the SASL authorization id to use. When
GSSAPI/GSS-SPNEGO are used, this represents the Kerberos principal used for authentication to the directory. This option can either contain the full principal (for example host/myhost@EXAMPLE.COM) or just the principal name (for example host/myhost). By default, the value is not set and the following principals are used:
hostname@REALM netbiosname$@REALM host/hostname@REALM *$@REALM host/*@REALM host/* If none of them are found, the first principal in keytab is
returned.
Default: host/hostname@REALM
Spike White
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Thank you for clarifying.
Spike
On Mon, May 20, 2024 at 8:14 AM Tomas Halman thalman@redhat.com wrote:
Hi,
There is always confusion when talking about hostnames and FQDN :-)
Here we are talking about a hostname that has a domain part in it - i. e. long one. But strictly speaking it is not the same thing as FQDN because the machine can have multiple addresses/interfaces and various FQDNs associated with them on a DNS server. So we stick to the term `hostname` in the man page rather than FQDN.
I think that it is also one of the requirements when enrolling into the IPA domain, that the hostname has the domain part and this name can be resolved to one of host's addresses.
HTH Tom
On Fri, May 17, 2024 at 10:37 PM Spike White spikewhitetx@gmail.com wrote:
sssd professionals,
When the sssd-ldap man page refers to "hostname", is it referring to the short name or the FQDN? I know nebiosname is short, with a '$' on the end.
From sssd-ldap man page:
ldap_sasl_authid (string) Specify the SASL authorization id to use. When
GSSAPI/GSS-SPNEGO are used, this represents the Kerberos principal used for authentication to the directory. This option can either contain the full principal (for example host/myhost@EXAMPLE.COM) or just the principal name (for example host/myhost). By default, the value is not set and the following principals are used:
hostname@REALM netbiosname$@REALM host/hostname@REALM *$@REALM host/*@REALM host/* If none of them are found, the first principal in keytab is
returned.
Default: host/hostname@REALM
Spike White
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- Tomáš Halman
-- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
sssd-users@lists.fedorahosted.org