The change to run as an unprivileged user was documented in the 26.04 release notes:
https://documentation.ubuntu.com/release-notes/26.04/changes-since- previous-interim/#sssd-changes https://documentation.ubuntu.com/release-notes/26.04/summary-for-lts- users/#sssd Changing /etc/krb5.keytab to be 0640 root:sssd sounds sensible at a glance. We have tests that run a member server joined to a samba AD server, and using sssd on the member server. I'll check if those tests adjust the permissions of the keytab, or if something else is going on there, because they pass, and were instrumental in telling us all that we had to change to accommodate this new security feature of sssd where it can run as an unprivileged user. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2139337 Title: don't run as root, instead use --with-sssd-user=sssd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2139337/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
