In some cases, realmd may be used to setup remote-only style logins. Where instead of using fully qualified domain user names, just the name part is recognized. This is not a safe default because we cannot assume that remote logins won't conflict with local login names. However, we should provide an /etc/realmd.conf configuration option, which will allow admins to deploy this behavior using realmd if desired. In any case, realmd will recognize and interoperate with an sssd.conf AD or IPA domain deployed some other way. It's possible to deploy sssd manually and tweak options as desired. But all in all this seems like a high level enough choice to make into a realmd.conf configuration option.
Created attachment 78470 [details] [review] Add option to disable use of fully qualified names
Attachment 78470 [details] pushed as bf1fe1a - Add option to disable use of fully qualified names Pushed to git master in advance of the Fedora test day. Some testing can be done like this: https://fedoraproject.org/wiki/QA:Testcase_realmd_join_qualify
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.