Description of problem: Failed to lookup user since /var/lib/sss/pubconf/kdcinfo.EXAMPLE.COM has stale entries or decommissioned server. Clearing the content of /var/lib/sss/pubconf/kdcinfo.EXAMPLE.COM file resolves the issue. SSSD should handle AD's behavior of handling Kerberos realms case-insensitive better. One possible fix might be to always create the realm part of the name of the kdcinfo file in upper-case letters (since there is a convention to use upper-case for realm names). Before that the directory should be checked for kdcinfo files for the same realm but different cases. The locator plugin itself should then use the upper-case name as a fallback in case a kdcinfo file with the realm received was not found. This is needed because the locator plugin is not aware of the type the KDC for different realms and in general Kerberos realms are case-sensitive. Version-Release number of selected component (if applicable): sssd-2.7.3-4.el8_7.3.x86_64 How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: sssd should clean up the content of /var/lib/sss/pubconf/kdcinfo.EXAMPLE.COM periodically Additional info: WORKAROUND: Clearing the content of /var/lib/sss/pubconf/kdcinfo.EXAMPLE.COM file resolves the issue.