Learn more about these different git repos.
Other Git URLs
For #1041, SSSD tool will need some a way to renew AD (or IPA) keytab. In Fedora, there are multiple tools to do operations with AD - samba, adcli, msktutil.
Looking at msktutil upstream README, I see it has following capabilities:
- Create a computer account in Active Directory - Create a service account in Active Directory - Create a system Kerberos keytab - Create a Kerberos keytab for a dedicated service - Add and remove principals to and from keytabs - Change the account's password
Looking at what adcli can do, it seems that msktutil would miss commands for user manipulation, maybe others.
The tools should be investigated to see what would make most sense using in SSSD to do operations on AD (keytab renewal, but also operations for joining domain mostly performed by realmd)
We should ideally use the similar tool limit the dependencies and also think SSSD may grow write interface in the future against AD/LDAP. This ticket is to investigate the tools and give recommendation.
Fields changed
owner: somebody => sbose status: new => assigned
This is a task so the milestone is not that important, but 1.14 would be fine, since we may also work on keytab rotation by using msktutil..
rhbz: => 0
milestone: NEEDS_TRIAGE => SSSD 1.14 alpha
SSSD now implements updating the keytab using adcli, therefore I'm closing this ticket.
resolution: => invalid status: assigned => closed
Metadata Update from @mkosek: - Issue assigned to sbose - Issue set to the milestone: SSSD 1.14 alpha
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3894
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.