On Mon, May 13, 2013 at 04:00:55PM +0200, Sumit Bose wrote:
Hi,
this patch should fix
https://fedorahosted.org/sssd/ticket/1921 . IF
enterprise principals are used the principal returned duing the kinit
process will most certainly look different then the one we guess or read
from LDAP attributes. This means we should always update our cache with
the new value so the e.g. we can properly parse the credential cache.
Initially I have seen validation failures, but currently I cannot
reproduce them anymore.
bye,
Sumit
This works for me, but do you remember what was the reason to keep the
principal check around at all?
Also another thing that we mentioned last week on the SSSD meeting was
that even with principal canonicalization the principal might change,
wouldn't that be another similar case?