Learn more about these different git repos.
Other Git URLs
For #1041, SSSD tool will need some a way to renew AD (or IPA) keytab. In Fedora, there are multiple tools to do operations with AD - samba, adcli, msktutil.
Looking at msktutil upstream README, I see it has
- Create a computer account in Active Directory
- Create a service account in Active Directory
- Create a system Kerberos keytab
- Create a Kerberos keytab for a dedicated service
- Add and remove principals to and from keytabs
- Change the account's password
Looking at what adcli can do, it seems that msktutil would miss commands for user manipulation, maybe others.
The tools should be investigated to see what would make most sense using in SSSD to do operations on AD (keytab renewal, but also operations for joining domain mostly performed by realmd)
We should ideally use the similar tool limit the dependencies and also think SSSD may grow write interface in the future against AD/LDAP. This ticket is to investigate the tools and give recommendation.
owner: somebody => sbose
status: new => assigned
This is a task so the milestone is not that important, but 1.14 would be fine, since we may also work on keytab rotation by using msktutil..
rhbz: => 0
milestone: NEEDS_TRIAGE => SSSD 1.14 alpha
SSSD now implements updating the keytab using adcli, therefore I'm closing this ticket.
resolution: => invalid
status: assigned => closed
Metadata Update from @mkosek:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.14 alpha
SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here:
If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.
Thank you for understanding. We apologize for all inconvenience.
to comment on this ticket.