On Mon, 29 Aug 2016, Jakub Hrozek wrote:
btw one more remark. Even if you can't join the client to AD and have to resort to id_provider=ldap there is nothing preventing you from using: auth_provider=krb5 at least as long as the KDC is reachable..
Although without a system keytab (typically the machine credential), you can't validate that you're talking to the correct KDC, can you? jh _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
