#1883 Add a new option to disable the Kerberos locator plugin completely
Closed: Fixed None Opened 5 years ago by jhrozek.

This is a short-term workaround until ticket #941 could be implemented fully.

Sumit proposed that we could add a new Kerberos provider option that would disable creating the kdcinfo files completely. Then the libkrb5 and by extension the sssd too would rely on servers from krb5.conf.


Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.11 beta

Fields changed

milestone: SSSD 1.12 beta => SSSD 1.11 beta

Fields changed

changelog: =>
milestone: SSSD 1.11 beta => SSSD 1.10.0

I realized this option would require a string change, so I went ahead and wrote a patch for inclusion in 1.10 beta.

milestone: SSSD 1.10.0 => SSSD 1.10 beta
owner: somebody => jhrozek
patch: 0 => 1
status: new => assigned

Fields changed

changelog: => The enhancement introduces a new Kerberos provider option called krb5_use_kdcinfo. The option is true by default in all providers. When set to false, the SSSD will not create krb5 info files that the locator plugin consumes and the user would have to set up the Kerberos options manually in krb5.conf.

resolution: => fixed
status: assigned => closed

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.10 beta

2 years ago

Login to comment on this ticket.

Metadata