Hi,
my recent patch "sysdb_get_user_attr: use fqn for subdomain users" kinda
broke authentication (thx ab).
The problem was that sysdb_get_user_attr is often called with fully
qualified name and we basically ended up with "user@domain@domain" name.
One solution would be to translate the name to fq format in IFP. Other
would be to change the other places so they use just name without the
domain part. But since sysdb_get_user_attr now calls sss_get_domain_name
in the same way as other sysdb functions does I think the best solution
here is to check the name format in this function and response as
appropriate.
Show replies by date