[Freeipa-users] FreeIPA redundant server login problems
Stephen Gallagher
sgallagh at redhat.com
Mon Jul 19 12:23:37 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 07/14/2010 12:07 PM, Dmitri Pal wrote:
> If you use SSSD instead of pam_krb5 then kerberos configuration file is
> ignored.
> SSSD uses only the SSSD config file.
>
This statement is not 100% true, unfortunately. The SSSD provides a
Kerberos locator plugin that answers requests for most of this
information, but it cannot handle all options that are available to the
krb5.conf (since the locator API does not support them). Furthermore,
there exist some applications (I forget which at this moment) that will
read the krb5.conf directly instead of using the locator API.
As such, it is unfortunately necessary that both sssd.conf and krb5.conf
be properly configured for the host system. If you use authconfig 6.1.4
or later (on Red Hat and Fedora systems) to set up LDAP/Kerberos, both
of these files are automatically configured properly.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxEQ8kACgkQeiVVYja6o6PPTQCfXGJpGTC8Rva69XU4rWQIFqV1
5/QAmwUabdnbzmJA+df+bRSxfeyW0Uu7
=1jc+
-----END PGP SIGNATURE-----
More information about the Freeipa-users
mailing list