#415 Add krb5_kpasswd option to sssd.conf

Created 6 years ago by sgallagh
Modified 3 days ago

Currently, we always assume that the kerberos KDC is also a kerberos kadmin server. In real production environments, it is very common to have multiple read-only replicas of the KDC, but only a single kadmin server (since password changes and the like are comparitively rare).

The lack of this option should be considered a regression from pam_krb5.

Fixed by 5096bb4c2242b426aa6f5ea2cb82223e0b81a345

fixedin: => 1.1.0
resolution: => fixed
status: new => closed

This option is not in t he man pages?

resolution: fixed =>
status: closed => reopened

sorry, we renamed the option to krb5_kpasswd, which describes the purpose better. krb5_kpasswd is mentioned in the man page.

resolution: => fixed
status: reopened => closed

Fields changed

summary: Add krb5_kadmin option to sssd.conf => Add krb5_kpasswd option to sssd.conf

krb5_kpasswd is described in the sssd-krb5 man page. Documentation should mention that the option should be used if kpasswd is running on a different server or on a non-default port.

Added a para to 15.2.6. Setting Up Kerberos Authentication in the RHEL 6 Deployment Guide that covers this.

doc: 1 => 0
docupdated: 0 => 1

Fields changed

coverity: =>
patch: => 0
tests: 1 => 0
testsupdated: 0 => 1
upgrade: => 0

Fields changed

rhbz: => 0

3 days ago

Metadata Update from @sgallagh:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.1

Login to comment on this ticket.


Kerberos Provider