Ticket #415 (closed defect: fixed)

Opened 6 years ago

Last modified 4 years ago

Add krb5_kpasswd option to sssd.conf

Reported by: sgallagh Owned by: sbose
Priority: blocker Milestone: SSSD 1.1
Component: Kerberos Provider Version: 1.0.5
Keywords: Cc:
Blocked By: Blocking:
Sensitive: Tests Updated: yes
Coverity Bug: Patch Submitted: no
Red Hat Bugzilla: 0 Design link:
Feature Milestone:
Design review: Fedora test page:
Chosen: Candidate to push out:
Release Notes:
Temp mark:


Currently, we always assume that the kerberos KDC is also a kerberos kadmin server. In real production environments, it is very common to have multiple read-only replicas of the KDC, but only a single kadmin server (since password changes and the like are comparitively rare).

The lack of this option should be considered a regression from pam_krb5.

Change History

comment:1 Changed 6 years ago by sgallagh

  • Resolution set to fixed
  • fixedin set to 1.1.0
  • Status changed from new to closed

comment:2 Changed 6 years ago by jgalipea

  • Resolution fixed deleted
  • Status changed from closed to reopened

This option is not in t he man pages?

comment:3 Changed 6 years ago by sbose

  • Resolution set to fixed
  • Status changed from reopened to closed

sorry, we renamed the option to krb5_kpasswd, which describes the purpose better. krb5_kpasswd is mentioned in the man page.

comment:4 Changed 6 years ago by sgallagh

  • Summary changed from Add krb5_kadmin option to sssd.conf to Add krb5_kpasswd option to sssd.conf

comment:5 Changed 5 years ago by sbose

krb5_kpasswd is described in the sssd-krb5 man page. Documentation should mention that the option should be used if kpasswd is running on a different server or on a non-default port.

comment:6 Changed 5 years ago by obriend

  • docupdated changed from 0 to 1
  • doc changed from 1 to 0

Added a para to 15.2.6. Setting Up Kerberos Authentication in the RHEL 6 Deployment Guide that covers this.

comment:7 Changed 5 years ago by jgalipea

  • Tests Updated set
  • Patch Submitted unset
  • upgrade set to 0
  • tests changed from 1 to 0

comment:8 Changed 4 years ago by dpal

  • Red Hat Bugzilla set to 0
Note: See TracTickets for help on using tickets.