URL: https://github.com/SSSD/sssd/pull/5647 Title: #5647: krb5_child: Honor Kerberos keytab location
sumit-bose commented: """ Hi, I'm afraid this won't work. With your patch you cannot make a difference if `/etc/krb5.keytab` is set because the SSSD default for `krb5_keytab` is used or is `krb5_keytab = /etc/krb5.keytab` is explicitly set in `sssd.conf`. In the first case the `libkrb5` default value should be used, in the second case the value from `sssd.conf` should be used. I would suggest to handle this similar to `ldap_krb5_keytab` where internally `NULL` is used if the value is not set explicitly in `sssd.conf` and pass `NULL` until `krb5_kt_resolve()` is called and then call `krb5_kt_default()` instead. HTH bye, Sumit """ See the full comment at https://github.com/SSSD/sssd/pull/5647#issuecomment-846942925
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure