On Mon, Feb 13, 2017 at 01:01:54PM -0500, Michael Smith wrote:

> Thanks for the tip - I can see in strace that Kerberos is looking for
> plugins in /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5:
>
> open("/usr/lib/x86_64-linux-gnu/krb5/plugins/libkrb5",
> O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or
> directory)
>
> But sssd_krb5_locator_plugin.so is in
> /usr/lib/x86_64-linux-gnu/krb5/plugins/krb5 (last component is krb5 instead
> of libkrb5).
>
> If I copy the krb5 directory to libkrb5, strace shows the plugin is loaded,
> the kdcinfo file is read, and kinit is talking to my local DC first.
>
> Would I be correct in thinking this is an Ubuntu packaging issue?

Perhaps, but I'm not a Ubuntu developer, so I'm not sure I can comment
more. I'll just note that there is a configure time option called
"--with-pubconf-path=PATH" in SSSD that allows to tweak where the files
are stored.