On 12/29/2016 09:03 AM, Jakub Hrozek wrote: >> If I configure the server to enforce STARTTLS is SSSD "smart enough" to >> work with that if I use sssd-ad or would I need to go the LDAP+Kerberos >> route in order to configure some of the TLS-related settings? >> > > The gssapi authentication is by default and cannot even be changed with > sssd-ad. >
Just to clarify here: the GSSAPI used by SSSD also provides encrypted communication. You do not need to enable TLS as well (and I think SSSD will just ignore that option in this case).
signature.asc
Description: OpenPGP digital signature
_______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
