[Freeipa-users] AD Integration - /etc/krb5.conf requirements
Alexander Bokovoy
abokovoy at redhat.com
Thu Apr 28 15:58:58 UTC 2016
On Thu, 28 Apr 2016, Alexander Bokovoy wrote:
>On Thu, 28 Apr 2016, Michael ORourke wrote:
>>I'm just looking for some clarification from the documentation:
>>http://www.freeipa.org/page/Active_Directory_trust_setup
>>
>>In the section that starts with "Edit /etc/krb5.conf", they mention a manual configuration to the krb5.conf file for machines that will be leveraging AD users:
>>[realms]
>>IPA_DOMAIN = {
>>....
>> auth_to_local = RULE:[1:$1@$0](^.*@AD_DOMAIN$)s/@AD_DOMAIN/@ad_domain/
>> auth_to_local = DEFAULT
>>}
>>
>>Is this still required for sssd 1.13.0 and above?
>The actual requirement is MIT Kerberos 1.12+ where localauth plugin
>support was added. Then, of course, SSSD with localauth plugin
>implementation, which is SSSD 1.12.1+.
I've updated the section http://www.freeipa.org/page/Active_Directory_trust_setup#Edit_.2Fetc.2Fkrb5.conf
with the information about SSSD support for localauth plugin.
Thanks for reporting it, Michael!
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list