On Tue, 2018-04-24 at 11:19 +0100, John Hodrien wrote:
CAUTION: This email originated from outside of the organization. Do
not click links or open attachments unless you recognize the sender and know the content
On Tue, 24 Apr 2018, Joakim Tjernlund wrote:
> It seems like a missing keytab file prevents any login in a AD connected
> sssd. Does it need to be so?
> I have a vague memory from the past that a missing/invalid keytab file
> only prevented SSO but allowed login using your password ?
Presumably you can make it work without needing a keytab if you use ldap as an
If you're using AD, you're using kerberos and ldap. If you're using
you need to be able to validate the KDC. How would you plan on doing that?
I remember being able to login using pw when have a keytab but invalid
kvno in the keytab. Is this case any different from not having a keytab at all?