On 06/09/2013 01:56 PM, Jakub Hrozek wrote:
In order to test this patch, configure a domain that uses Kerberos (IPA
for example) and set krb5_use_kdcinfo=False. Without this option a
kdcinfo file (located in /var/lib/sss/pubconf) will be created at login
time at latest.
With the option set to False, the kdcinfo file will not get created and
also you would need to configure your realm in krb5.conf in order for
logins to work.
https://fedorahosted.org/sssd/ticket/1883
The patch introduces a new Kerberos provider option called
krb5_use_kdcinfo. The option is true by default in all providers. When
set to false, the SSSD will not create krb5 info files that the locator
plugin consumes and the user would have to set up the Kerberos options
manually in krb5.conf
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
Hi,
Tested with following scenarios against IPA server (F19):
login kdcinfo present?
- not configured krb5.conf
- krb5_use_kdcinfo = false FAIL NO
- krb5_use_kdcinfo = true PASS YES
- configured krb5.conf
- krb5_use_kdcinfo = false PASS NO
- krb5_use_kdcinfo = true PASS YES
Everything works as expected, logs are clean, code-wise the patch looks
good to me, so *ACK*
Ondra
--
Ondrej Kos
Associate Software Engineer
Identity Management - SSSD
Red Hat Czech
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
