Does IPA only use ‘sssd.conf’ for kerberos authentication? Is there another 
file used to configure kerberos? 

I’ve built a host using Foreman and our puppet configuration usually pushes a 
krb5.conf file. However, if I delete it, everything still works fine.

What if any function does /etc/krb5.conf have now?


[root@ipa_client ggrindle]# cat /etc/krb5.conf
cat: /etc/krb5.conf: No such file or directory
[root@ipa_client ggrindle]# rpm -qa |grep ipa-client
[root@ipa_client ggrindle]# kdestroy
[root@ipa_client ggrindle]# kinit ggrindle
Password for
[root@ipa_client ggrindle]# klist
Ticket cache: FILE:/tmp/krb5cc_0.1
Default principal:

Valid starting     Expires            Service principal
06/01/16 19:40:19  06/02/16 19:40:14  krbtgt/

[root@ipa_client ggrindle]# tcpdump port 88
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:40:53.765163 IP >  v5
19:40:53.788043 IP >
19:41:06.601826 IP >  v5
19:41:06.630012 IP >  v5
4 packets captured
6 packets received by filter
0 packets dropped by kernel.kerberos:  v5


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to