We recently ventured on the mystic path of using freeIPA as out central authentication/authorization service. All in all this path leads to a quite nice location, where single sign on is spoken by most natives.
But WHAT THE HELL is wrong with the configuration zoo necessary to care for to make these natives happy?!
Here is just a small list of configurations involved:
This mess leads to such fine bugs like this…
Hopefully this situation will be improved by a more widespread usage of sssd in the different linux ditros.