Bug 6210 - You cannot use an alternative ticket for kerberos authentication
Summary: You cannot use an alternative ticket for kerberos authentication
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Client (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Pierre Ossman
Depends on:
Reported: 2017-03-29 11:15 CEST by Henrik Andersson
Modified: 2021-12-07 12:57 CET (History)
1 user (show)

See Also:
Acceptance Criteria:


Description Henrik Andersson cendio 2017-03-29 11:15:45 CEST
The problem is that kerberos ticket names are restricted to what tickets are available in the ticket cache. This means that you are only allowed to use usernames without domain specified.

What I mean is that Linux supports authentication with users in different domains. For example cendio@lab.lkpg.cendio.se is a valid username in a sssd configuration. However if you choose to use kerberos you are not allowed to write the @domain suffix, because the username is the name of the ticket in cache.

One solution might be to change the free text editbox for ticket names to a dropdown menu populated with enumerated tickets from the cache for the end user to use for authentication.

Note You need to log in before you can comment on or make changes to this bug.