IdM and AD users are identified by Kerberos Principal name and Email address interchangeably

Solution Verified - Updated -

Issue

  • Network users (IdM and AD) are identified by both Kerberos Principal name and Email address, and they can authentication with either identifier.

    # ipa user-show bob
  User login: bob
  First name: Bob
  Last name: User
  Home directory: /home/bob
  Login shell: /bin/sh
  Principal name: bob@EXAMPLE.COM
  Principal alias: bob@EXAMPLE.COM
  Email address: info@email.example.com
  UID: 510600003
  GID: 510600003
  Account disabled: False
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False

# id bob@EXAMPLE.COM
uid=510600003(bob) gid=510600003(bob) groups=510600003(bob)

# id info@email.example.com
uid=510600003(bob) gid=510600003(bob) groups=510600003(bob)

Environment

  • Red Hat Enterprise Linux 7
  • Red Hat Enterprise Linux 8
  • Red Hat Enterprise Linux 9
  • System Security Services Daemon (SSSD)
  • Red Hat Identity Management (IdM) / FreeIPA
  • Active Directory (AD)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content