-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/14/2010 12:07 PM, Dmitri Pal wrote: > If you use SSSD instead of pam_krb5 then kerberos configuration file is > ignored. > SSSD uses only the SSSD config file. >
This statement is not 100% true, unfortunately. The SSSD provides a Kerberos locator plugin that answers requests for most of this information, but it cannot handle all options that are available to the krb5.conf (since the locator API does not support them). Furthermore, there exist some applications (I forget which at this moment) that will read the krb5.conf directly instead of using the locator API. As such, it is unfortunately necessary that both sssd.conf and krb5.conf be properly configured for the host system. If you use authconfig 6.1.4 or later (on Red Hat and Fedora systems) to set up LDAP/Kerberos, both of these files are automatically configured properly. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxEQ8kACgkQeiVVYja6o6PPTQCfXGJpGTC8Rva69XU4rWQIFqV1 5/QAmwUabdnbzmJA+df+bRSxfeyW0Uu7 =1jc+ -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
