There is no way to do this. The way this is done is to set KrbMethodK5Passwd on in /etc/httpd/conf.d/ipa.conf and restart httpd. By default this is off. This is documented on the wiki.

Well we might defer this ticket then but ultimately i think the sequence should be the following:

- User navigates to the IPA server config UI. 
- On the UI he sees al sorts of different options (we will extend it over time)
- User chooses some configuration change
- A warning that it will disrupt all user sessions will be given
- If he click Ok the state is saved in ldap and replicated
- The ldap plugin sends a message to some kind of local config management service to perform a task and restart httpd.
- Came thing happens on all servers

I realize that it is complex and probably would not be done any time soon.
I wonder if there is some kind of the service that comes with Apache that allows to change its config and restart it. May be we should log an enhancement request. I would be surprised if the answer to "I need to make a change to the apache configuration" is only "go to the raw files, edit them and restart apache". I bet there is some library that allows that kind of config management.

This would represent a significant amount of work to flip one value from off to on. I think I'd want to have more than one setting to change before undertaking this effort.

I agree but in general there should be some framework to do so for not only this one value but bunch of others that we might want to expose when/if the ability is there.

Closing this because this is a duplicate fixed when we added forms based auth as part of the session implementation done for 2.2.