Hi 1.11.0
In one config this works: krb5_keytab = /etc/krb5.keytab but this doesn't: ldap_krb5_keytab = /etc/krb5.keytab
What should I be using and what's the difference? Cheers, Steve
On Mon, Sep 02, 2013 at 01:18:36AM +0200, steve wrote:
Hi 1.11.0
In one config this works: krb5_keytab = /etc/krb5.keytab but this doesn't: ldap_krb5_keytab = /etc/krb5.keytab
What should I be using and what's the difference?
ldap_krb5_keytab is used by the LDAP provider to authenticate against a LDAP server with SASL/GSSAPI.
krb5_keytab is used by the Kerberos provider if ticket validation is enabled.
Typically both default to /etc/krb5.keytab because the host key is a good key for both.
To say why one setting is working and the other not, I need a bit more context, the full config for both cases might help as a start.
bye, Sumit
Cheers, Steve
sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
On Mon, 2013-09-02 at 09:56 +0200, Sumit Bose wrote:
On Mon, Sep 02, 2013 at 01:18:36AM +0200, steve wrote:
Hi 1.11.0
In one config this works: krb5_keytab = /etc/krb5.keytab but this doesn't: ldap_krb5_keytab = /etc/krb5.keytab
What should I be using and what's the difference?
ldap_krb5_keytab is used by the LDAP provider to authenticate against a LDAP server with SASL/GSSAPI.
krb5_keytab is used by the Kerberos provider if ticket validation is enabled.
Typically both default to /etc/krb5.keytab because the host key is a good key for both.
To say why one setting is working and the other not, I need a bit more context, the full config for both cases might help as a start.
bye, Sumit
Cheers, Steve
Hi OK. I understand. Were joined to a Samba4 AD so the correct option for us is: krb5_keytab = or krb5_keytab = /some/other.keytab The latter if our key is _not_ in /etc/krv5.keytab
Thanks Steve
sssd-devel@lists.fedorahosted.org