[Freeipa-users] .k5login and auth_to_local_names principal -> account mapping and localauth plugin not working on 6.7
Sumit Bose
sbose at redhat.com
Sat Dec 12 15:01:08 UTC 2015
On Sat, Dec 12, 2015 at 01:34:53PM +0100, Stefano Cortese wrote:
> </blockquote>
> <pre wrap=""><!---->
> This is expected because if either the principal or the user name is
> known to SSSD the localauth plugin will take control because by default
> the added modules are registered first (see [plugins] section of man
> krb5.conf for details).
>
> To check auth_to_local_names first you can try
>
> enable_only=names,k5login,sssd
>
> </pre>
> </blockquote>
> It does not work for me. <br>
> Changed the snippet and made immutable, after sssd restart the
> behaviour is the same.<br>
> It does not work also putting k5login or names alone.<br>
> Note that the sssd version in SL6.7<->RHEL6.7 is 1.12.4-47<br>
> Should those keywords work in this version ?<br>
ah, this is not related to the SSSD version, but to the version of MIT
Kerberos. SL/CentOS/RHEL 6.7 should have version 1.10.3 which already
has the new plugin interface but the localauth plugin was only released
in MIT Kerberos version 1.12.
bye,
Sumit
More information about the Freeipa-users
mailing list