As of RHEL 6 (SSSD package 1.6), a case_sensitive option was added to the valid list of parameters for a given provider in the /etc/sssd/sssd.conf file. When this value is false, querying SSSD for a given user will return the username in all lower case, regardless of the casing in Active Directory. This value can be set to Preserving, which will return the casing used in the username in Active Directory.
The case sensitivity flag is important since attempting to create a new SSH
The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. logon in Keyfactor Command (see Adding Logons) requires that the username is entered as it appears in SSSD, regardless of this setting's value. Using Preserving makes the logons look like they do in Active Directory so it may be a less confusing experience for system administrators or those in charge of provisioning the accounts. If this flag is set to false, SSSD will return the name as all lower case characters to preserve POSIX compliance, which is how usernames will need to be entered into Keyfactor Command to create them.
Run the command below in your environment to determine how the username should be formatted.
Figure 412: Active Directory Account Properties
The results for the above user with the setting as false would be: bbrown@keyexample.com.
The result for the above user with the setting as Preserving would be: BBROWN@keyexample.com.
The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise.. Doing so will result in a conflict between Keyfactor Command's understanding of a login's casing and SSSD's. You will then receive an error until this logon is removed or its home directory is updated on the target server.