#415 Add krb5_kpasswd option to sssd.conf
Closed: Fixed None Opened 14 years ago by sgallagh.

Currently, we always assume that the kerberos KDC is also a kerberos kadmin server. In real production environments, it is very common to have multiple read-only replicas of the KDC, but only a single kadmin server (since password changes and the like are comparitively rare).

The lack of this option should be considered a regression from pam_krb5.


Fixed by 5096bb4

fixedin: => 1.1.0
resolution: => fixed
status: new => closed

This option is not in t he man pages?

resolution: fixed =>
status: closed => reopened

sorry, we renamed the option to krb5_kpasswd, which describes the purpose better. krb5_kpasswd is mentioned in the man page.

resolution: => fixed
status: reopened => closed

Fields changed

summary: Add krb5_kadmin option to sssd.conf => Add krb5_kpasswd option to sssd.conf

krb5_kpasswd is described in the sssd-krb5 man page. Documentation should mention that the option should be used if kpasswd is running on a different server or on a non-default port.

Added a para to 15.2.6. Setting Up Kerberos Authentication in the RHEL 6 Deployment Guide that covers this.

doc: 1 => 0
docupdated: 0 => 1

Fields changed

coverity: =>
patch: => 0
tests: 1 => 0
testsupdated: 0 => 1
upgrade: => 0

Fields changed

rhbz: => 0

Metadata Update from @sgallagh:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.1

7 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/1457

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata