Ticket #415 (closed defect: fixed)

Opened 4 years ago

Last modified 2 years ago

Add krb5_kpasswd option to sssd.conf

Reported by: sgallagh Owned by: sbose
Priority: blocker Milestone: SSSD 1.1
Component: Kerberos Provider Version: 1.0.5
Keywords: Cc:
Blocked By: Blocking:
Tests Updated: yes Coverity Bug:
Patch Submitted: no Red Hat Bugzilla: 0
Design link:
Feature Milestone:
Design review: Fedora test page:
Chosen: Candidate to push out:
Release Notes:

Description

Currently, we always assume that the kerberos KDC is also a kerberos kadmin server. In real production environments, it is very common to have multiple read-only replicas of the KDC, but only a single kadmin server (since password changes and the like are comparitively rare).

The lack of this option should be considered a regression from pam_krb5.

Change History

comment:1 Changed 4 years ago by sgallagh

  • Resolution set to fixed
  • Status changed from new to closed
  • fixedin set to 1.1.0

comment:2 Changed 4 years ago by jgalipea

  • Resolution fixed deleted
  • Status changed from closed to reopened

This option is not in t he man pages?

comment:3 Changed 4 years ago by sbose

  • Resolution set to fixed
  • Status changed from reopened to closed

sorry, we renamed the option to krb5_kpasswd, which describes the purpose better. krb5_kpasswd is mentioned in the man page.

comment:4 Changed 4 years ago by sgallagh

  • Summary changed from Add krb5_kadmin option to sssd.conf to Add krb5_kpasswd option to sssd.conf

comment:5 Changed 4 years ago by sbose

krb5_kpasswd is described in the sssd-krb5 man page. Documentation should mention that the option should be used if kpasswd is running on a different server or on a non-default port.

comment:6 Changed 4 years ago by obriend

  • docupdated changed from 0 to 1
  • doc changed from 1 to 0

Added a para to 15.2.6. Setting Up Kerberos Authentication in the RHEL 6 Deployment Guide that covers this.

comment:7 Changed 3 years ago by jgalipea

  • Patch Submitted unset
  • Tests Updated set
  • tests changed from 1 to 0
  • upgrade set to 0

comment:8 Changed 2 years ago by dpal

  • Red Hat Bugzilla set to 0
Note: See TracTickets for help on using tickets.