We should support GSSAPI as authentication method against secrets proxy server.
08:14 < lslebodn> simo: it is not enough; becase sssd-secrets does not have any krb5 ticket :-)
08:14 < lslebodn> just sssd has
08:16 < pbrezina> simo, https://pagure.io/SSSD/sssd/issue/3370
08:21 < simo> lslebodn: we can give sssd-secrets access to the keytab, nothing else is needed
08:21 < simo> either directly or via gssproxy if we prefer some privilege separation
08:22 < simo> pbrezina: thanks
Metadata Update from @jhrozek:
- Issue set to the milestone: SSSD Future releases (no date set yet)
to comment on this ticket.
Copyright © 2014-2017 Red Hat
3.10.1 — Documentation