On Mon, 2013-09-02 at 09:56 +0200, Sumit Bose wrote: > On Mon, Sep 02, 2013 at 01:18:36AM +0200, steve wrote: > > Hi > > 1.11.0 > > > > In one config this works: > > krb5_keytab = /etc/krb5.keytab > > but this doesn't: > > ldap_krb5_keytab = /etc/krb5.keytab > > > > What should I be using and what's the difference? > > ldap_krb5_keytab is used by the LDAP provider to authenticate against a > LDAP server with SASL/GSSAPI. > > krb5_keytab is used by the Kerberos provider if ticket validation is > enabled. > > Typically both default to /etc/krb5.keytab because the host key is a > good key for both. > > To say why one setting is working and the other not, I need a bit more > context, the full config for both cases might help as a start. > > bye, > Sumit > > Cheers, > > Steve > > Hi OK. I understand. Were joined to a Samba4 AD so the correct option for us is: krb5_keytab = or krb5_keytab = /some/other.keytab The latter if our key is _not_ in /etc/krv5.keytab
Thanks Steve _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel