In SSSD ticket #1835, SSSD publishes a localauth plugin that can replace auth_to_local definitions that needs to be added to every FreeIPA client's krb5.conf to allow AD users authenticate with their Kerberos credentials.
We should update our default krb5.conf to load the localauth plugin. This should be also added on upgrades.
This significantly boosts usability of Trusts on clients, raising priority.
Very related discussion: https://bugzilla.redhat.com/show_bug.cgi?id=1145788
krb5 extension to allow SSSD to just drop the localauth plugin snippet: https://bugzilla.redhat.com/show_bug.cgi?id=1146945
Krb5 support is still not in, blocking the other fixes. But given this does not block 4.1, I am moving to 4.1.1.
FreeIPA 4.1.1 was released.
4.1.2 was released.
New sssd 1.12.3 was released, I can send a patch.
Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 4.1.3
to comment on this ticket.