On 05/26/2015 04:22 PM, Jakub Hrozek wrote:
On Tue, May 26, 2015 at 03:39:20PM +0200, Pavel Reichl wrote:
> On 05/26/2015 03:09 PM, Jakub Hrozek wrote:
>> On Tue, May 26, 2015 at 11:13:38AM +0200, Jakub Hrozek wrote:
>>> I'll test the patch now..
>> Functionality passed:
>>
>> [jhrozek@client] sssd $ [(review)] su - jhrozek
>> Password: (I used the IPA admin password here)
>> [jhrozek@client] ~ $ [] klist
>> Ticket cache: KEYRING:persistent:1000:krb_ccache_tovv73R
>> Default principal: admin(a)LINUX.TEST
>>
>> Valid starting Expires Service principal
>> 05/26/2015 15:07:31 05/27/2015 15:07:31 krbtgt/LINUX.TEST(a)LINUX.TEST
>>
>> So fix the nitpicks and I'll ack :-)
> Great, thanks.
>
> Please see attached patch. I'm completely sure that I've absolutely sorted
> out the nitpicks...unless I've made them even worse. :-)
>
> I think that the coverity warning was false positive, because the map value
> would never be read when uninitialized, but to get rid of the warning I
> added a check and call the function conditionally. Would you prefer If I
> rather initialized the variable?
This is fine.
I found one typo in manpage (sorry..), the rest looks good to me now. I
tested proxy user, IPA user and AD trust user, all worked fine.
Sorry for missing
that. Fixed.
I'm happy that testing passed.
>> _______________________________________________
>> sssd-devel mailing list
>> sssd-devel(a)lists.fedorahosted.org
>>
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
> From 81473f2441dcdfb3c04864414d9bb30a20a2740d Mon Sep 17 00:00:00 2001
> From: Pavel Reichl <preichl(a)redhat.com>
> Date: Thu, 30 Apr 2015 06:43:05 -0400
> Subject: [PATCH] krb5: new option krb5_map_user
>
> New option `krb5_map_user` providing mapping of ID provider names to
> Kerberos principals.
>
> Resolves:
>
https://fedorahosted.org/sssd/ticket/2509
[...]
> diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml
> index
8d5bbeed6ce6ec6bcb2db09895ca045905338639..eee6dfbdf9f8ae75b6b20d8f3d3cf21d7e38971f 100644
> --- a/src/man/sssd-krb5.5.xml
> +++ b/src/man/sssd-krb5.5.xml
> @@ -516,6 +516,42 @@
> </listitem>
> </varlistentry>
>
> + <varlistentry>
> + <term>krb5_map_user (string)</term>
> + <listitem>
> + <para>
> + The list of mappings is given as a comma-separated
> + list of pairs
<quote>username:primary</quote>
> + where <quote>username</quote> is a UNIX
user name
> + and <quote>primary</quote> is a user part
of
> + a kerberos principal. This mapping is used when
> + user is authenticating using
> + <quote>auth_provider = krb5</quote>.
> + </para>
> +
> + <para>
> + example:
> +<programlisting>
> +krb5_realm = REALM
> +krb5_map_user = joe:juser,dick:richard
> +</programlisting>
> + </para>
> + <para>
> + <quote>joe</quote> and
<quote>vince</quote> are
> + UNIX user names and <quote>juser</quote>
and
> + <quote>rraines</quote> are primaries of
kerberos
> + principals. For user <quote>joe</quote>
resp.
> + <quote>dick</quote> SSSD will try to kinit
as
> + <quote>dick@REALM</quote> resp.
> + <quote>richard@REALM</quote>.
The example gives joe and dick but the text talks about joe and vince.
_______________________________________________
sssd-devel mailing list
sssd-devel(a)lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel