Comment 2 for bug 1274543

Revision history for this message
Jakub Hrozek (jakub-hrozek) wrote :

Hi,

Can you bring this issue up on the sssd-devel list so it can be discussed with other developers as well? Or open an upstream ticket.

I don't like the idea of trying all principals in the keytab, simply because it would be uneffective, but I would personally be fine with using the same code that we use for selecting the 'right' principal which is either what the admin sets manually as ldap_sasl_authid, or, the default AD case which is shortname$@realm.