-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 07/14/2010 12:07 PM, Dmitri Pal wrote:
> If you use SSSD instead of pam_krb5 then kerberos configuration file is
> ignored.
> SSSD uses only the SSSD config file.
> 

This statement is not 100% true, unfortunately. The SSSD provides a
Kerberos locator plugin that answers requests for most of this
information, but it cannot handle all options that are available to the
krb5.conf (since the locator API does not support them). Furthermore,
there exist some applications (I forget which at this moment) that will
read the krb5.conf directly instead of using the locator API.

As such, it is unfortunately necessary that both sssd.conf and krb5.conf
be properly configured for the host system. If you use authconfig 6.1.4
or later (on Red Hat and Fedora systems) to set up LDAP/Kerberos, both
of these files are automatically configured properly.

- -- 
Stephen Gallagher
RHCE 804006346421761

Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkxEQ8kACgkQeiVVYja6o6PPTQCfXGJpGTC8Rva69XU4rWQIFqV1
5/QAmwUabdnbzmJA+df+bRSxfeyW0Uu7
=1jc+
-----END PGP SIGNATURE-----

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to