[Freeipa-users] username case sensitivity
Andy Thompson
Andy.Thompson at e-tcc.com
Sun May 17 22:26:45 UTC 2015
> -----Original Message-----
> From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-
> bounces at redhat.com] On Behalf Of Jakub Hrozek
> Sent: Sunday, May 17, 2015 5:23 PM
> To: freeipa-users at redhat.com
> Subject: Re: [Freeipa-users] username case sensitivity
>
> On Fri, May 15, 2015 at 09:44:31PM +0200, Lukas Slebodnik wrote:
> > On (15/05/15 17:27), Andy Thompson wrote:
> > >Is there a way to enforce case sensitivity for trusted AD users? I
> > >am
> > trying to use username for ssh chroots and I can authenticated with
> > any case combination of <UsERname> but if ssh is set to match on
> > <username> then the chroot is not enforced and the user is dropped to
> > their usual home directory. I found a case_sensitive option for sssd but it
> does not
> > seem to have any affect. Running RHEL6.6 clients.
> > >
> >
> > IPA domain is by default case sensitive.
> > So You will not change anything if you put "case_sensitive = true"
> > into domain section of sssd.conf.
> >
> > But SSSD will create subdomains for each AD domain. It is different
> > id_provider therefore different default values are used for subdomains
> > and for AD provider it is case *insensitive* by default.
> >
> > Currently there's no way how to change it for subdomains (AD trusted
> > domains)
> >
>
> What are you using for the SSH matching? The way the case insensitiveness is
> implemented in SSSD is that all usernames are forcibly lowercased on output,
> so as long as SSH uses the standard NSS calls, you should be good with using
> the lowecase usernames..
>
They were initially all in lower case and working when I tested and finalized the setup. I passed the credentials off and they used mixed case and the match stopped working.
-andy
More information about the Freeipa-users
mailing list