[Freeipa-users] IPA+AD trust and NFS nobody issue
Nordgren, Bryce L -FS
bnordgren at fs.fed.us
Thu Jun 26 22:02:47 UTC 2014
> The reason is that rpcidmapd` does not parse fully-qualified usernames
> so"adtest at AD.EXAMPLE.ORG@IPA.EXAMPLE.ORG" does not work.
If someone can educate me as to why there are two @ signs in the above, I can fix the wiki page (http://www.freeipa.org/page/Collaboration_with_Kerberos#Mechanism_1:_Kerberos_cross-realm_trusts)
I know about individual cross-realm principals,
adtest/AD.EXAMPLE.ORG at IPA.EXAMPLE.ORG
And I know about cross-realm trust principals:
krbtgt/AD.EXAMPLE.ORG at IPA.EXAMPLE.ORG
But I was under the impression that if a user traversed a trust, their client principal name would still be adtest at AD.EXAMPLE.ORG . I am not aware of any circumstances which would produce a client principal with two "@" signs in it. Pls fix my ignorance.
Thanks,
Bryce
This electronic message contains information generated by the USDA solely for the intended recipients. Any unauthorized interception of this message or the use or disclosure of the information it contains may violate the law and subject the violator to civil or criminal penalties. If you believe you have received this message in error, please notify the sender and delete the email immediately.
More information about the Freeipa-users
mailing list