On Tue, 2018-04-24 at 11:19 +0100, John Hodrien wrote: > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. > > > On Tue, 24 Apr 2018, Joakim Tjernlund wrote: > > > It seems like a missing keytab file prevents any login in a AD connected > > sssd. Does it need to be so? > > > > I have a vague memory from the past that a missing/invalid keytab file > > only prevented SSO but allowed login using your password ? > > Presumably you can make it work without needing a keytab if you use ldap as an > auth provider. > > If you're using AD, you're using kerberos and ldap. If you're using kerberos, > you need to be able to validate the KDC. How would you plan on doing that?
I remember being able to login using pw when have a keytab but invalid kvno in the keytab. Is this case any different from not having a keytab at all? Jocke _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
