#2987 Improve information about krb5_keytab & ldap_krb5_keytab option in sssd man pages
Closed: Fixed None Opened 5 years ago by jhrozek.

Improve information about krb5_keytab & ldap_krb5_keytab option in sssd man pages

Currently we have two option to specify krb5_keytab in /etc/sssd/sssd.conf

ldap_krb5_keytab (string)
Specify the keytab to use when using SASL/GSSAPI.
Default: System keytab, normally /etc/krb5.keytab

krb5_keytab (string)
The location of the keytab to use when validating credentials obtained from KDCs.
Default: /etc/krb5.keytab

Man pages should clearly reflect, which option is recommended in which auth_provider. The keytab indeed is used for TGT validation but it is also used for SASL/GSSAPI.

trivial issue, can be moved to 1.14 beta as agreed last week on our triage

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
milestone: NEEDS_TRIAGE => SSSD 1.14 beta
review: True => 0
selected: =>
testsupdated: => 0

manpage improvements don't have to block the 1.14 release.

milestone: SSSD 1.14 beta => SSSD 1.14.0

1.14.0 should be released no later than Wednesday next week, this ticket should not block the 1.14.0 release.

milestone: SSSD 1.14.0 => SSSD 1.14.1

This was actually already fixed a long time ago - 763f247 allowed to inherit the keytab into subdomains and cc4caf8 added a follow up fix.

The root cause from the original request (in the downstream BZ) was to allow ldap_krb5_keytab usage for subdomains. I think this is now solved.

resolution: => fixed
status: new => closed

Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD 1.14.1

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4028

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.