Bug 60637

Summary: Configuration option to setup remote-only style logins.
Product: realmd Reporter: Stef Walter <stefw>
Component: GeneralAssignee: Stef Walter <stefw>
Status: RESOLVED FIXED QA Contact:
Severity: enhancement    
Priority: medium CC: stefw, yelley
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Bug Depends on: 55041, 63434    
Bug Blocks:    
Attachments: Add option to disable use of fully qualified names

Description Stef Walter 2013-02-11 09:08:24 UTC 
In some cases, realmd may be used to setup remote-only style logins. Where instead of using fully qualified domain user names, just the name part is recognized.

This is not a safe default because we cannot assume that remote logins won't conflict with local login names.

However, we should provide an /etc/realmd.conf configuration option, which will allow admins to deploy this behavior using realmd if desired.

In any case, realmd will recognize and interoperate with an sssd.conf AD or IPA domain deployed some other way. It's possible to deploy sssd manually and tweak options as desired. But all in all this seems like a high level enough choice to make into a realmd.conf configuration option.
Comment 1 Stef Walter 2013-04-25 13:02:23 UTC 
Created attachment 78470 [details] [review]
Add option to disable use of fully qualified names
Comment 2 Stef Walter 2013-04-29 16:04:58 UTC 
Attachment 78470 [details] pushed as bf1fe1a - Add option to disable use of fully qualified names

Pushed to git master in advance of the Fedora test day. Some testing can be done like this:

https://fedoraproject.org/wiki/QA:Testcase_realmd_join_qualify

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.