diff options
author | Lukas Slebodnik <lslebodn@redhat.com> | 2017-03-14 10:34:00 +0100 |
---|---|---|
committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-04-12 23:15:06 +0200 |
commit | c6f1bc32774a7cf2f8678499dfbced420be3a3a1 (patch) | |
tree | b5eb93554612755fa57bdf26381b588ac91bf271 | |
parent | 35186217d44d0138a1aedf7a4db72249b2c40e66 (diff) | |
download | sssd-c6f1bc32774a7cf2f8678499dfbced420be3a3a1.tar.gz sssd-c6f1bc32774a7cf2f8678499dfbced420be3a3a1.tar.xz sssd-c6f1bc32774a7cf2f8678499dfbced420be3a3a1.zip |
UTIL: Use max 15 characters for AD host UPN
We do not want to use host principal with AD
"host/name.domain.tld@DOMAIN.TLD" because it does not work.
We need to use correct user principal for AD hosts. And we cannot
rely all fallback "*$" because of other principals in keytab.
The NetBIOS naming convention allows for 16 characters in a NetBIOS
name. Microsoft, however, limits NetBIOS names to 15 characters and
uses the 16th character as a NetBIOS suffix.
https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name
Resolves:
https://pagure.io/SSSD/sssd/issue/3329
Reviewed-by: Michal Židek <mzidek@redhat.com>
-rw-r--r-- | src/util/sss_krb5.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index d461cf881..a3f066e8a 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -51,7 +51,13 @@ sss_krb5_get_primary(TALLOC_CTX *mem_ctx, *c = toupper(*c); } - primary = talloc_asprintf(mem_ctx, "%s$", shortname); + /* The samAccountName is recommended to be less than 20 characters. + * This is only for users and groups. For machine accounts, + * the real limit is caused by NetBIOS protocol. + * NetBIOS names are limited to 16 (15 + $) + * https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name + */ + primary = talloc_asprintf(mem_ctx, "%.15s$", shortname); talloc_free(shortname); return primary; } |