In order to test this patch, configure a domain that uses Kerberos (IPA
for example) and set krb5_use_kdcinfo=False. Without this option a
kdcinfo file (located in /var/lib/sss/pubconf) will be created at login
time at latest.
With the option set to False, the kdcinfo file will not get created and
also you would need to configure your realm in krb5.conf in order for
logins to work.
https://fedorahosted.org/sssd/ticket/1883
The patch introduces a new Kerberos provider option called
krb5_use_kdcinfo. The option is true by default in all providers. When
set to false, the SSSD will not create krb5 info files that the locator
plugin consumes and the user would have to set up the Kerberos options
manually in krb5.conf