[Freeipa-users] HBAC and AD users
Jakub Hrozek
jhrozek at redhat.com
Mon Jul 18 08:12:29 UTC 2016
On Mon, Jul 18, 2016 at 09:17:06AM +1000, Lachlan Musicman wrote:
> Previously we did have the default_domain_suffix set, but we had to unset
> it. I can't remember why we had to - something to do with
> ownership/permissions and our filesystem (IBM v7000) not playing nice iirc.
> We really wanted to use the dds => the researchers are complaining of
> broken brains due to the new concept of "ssh user1 at domain.com@ipa.domain.com".
> I will need to teach ssh config.
OK, in the versions before 1.14 it was quite hard (read: impossible) to
set short names for trusted users on the clients.
On the IDM servers, you should still use long names for output, because
that's what the IPA plugins expect, but on the clients, it should be
possible to set shortnames with the full_name_format.
More information about the Freeipa-users
mailing list