#4514 Update krb5.conf to utilize sssd localauth plugin
Closed: Fixed None Opened 6 years ago by mkosek.

In SSSD ticket #1835, SSSD publishes a localauth plugin that can replace auth_to_local definitions that needs to be added to every FreeIPA client's krb5.conf to allow AD users authenticate with their Kerberos credentials.

We should update our default krb5.conf to load the localauth plugin. This should be also added on upgrades.

This significantly boosts usability of Trusts on clients, raising priority.

krb5 extension to allow SSSD to just drop the localauth plugin snippet: https://bugzilla.redhat.com/show_bug.cgi?id=1146945

Krb5 support is still not in, blocking the other fixes. But given this does not block 4.1, I am moving to 4.1.1.

New sssd 1.12.3 was released, I can send a patch.


  • 9225624 Bump SSSD Requires to 1.12.3


  • 30dae37 Bump SSSD Requires to 1.12.3

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 4.1.3

3 years ago

Login to comment on this ticket.