sssd-krb5 5 File Formats and Conventions sssd-krb5 the configuration file for SSSD This manual page describes the configuration of the Kerberos 5 authentication backend for sssd 8 . For a detailed syntax reference, please refer to the FILE FORMAT section of the sssd.conf 5 manual page If the auth-module krb5 is used in a SSSD domain, the following options must be used. See the sssd.conf 5 manual page, section DOMAIN SECTIONS for details on the configuration of a SSSD domain. krb5KDCIP (string) Specifies the IP address of the Kerberos server. krb5REALM (string) The name of the Kerberos realm. krb5try_simple_upn (boolean) Set this option to 'true' if an User Principle Name (UPN) cannot be found in sysdb and you want to use an UPN like 'username@realm'. Default: false krb5changepw_principle (string) The priciple of the change password service. If only the 'identifier/instance' part of the principle are given the realm part is added automatically. Default: kadmin/changepw krb5ccache_dir (string) Directory to store credential caches. Default: /tmp krb5ccname_template (string) Location of the user's credential cache. Currently only file based credential caches are supported. In the template the following sequences are substituted: %u login name %U login UID %p principle name %r realm name %h home directory %d value of krb5ccache_dir %P the process ID of the sssd client %% a literal '%' If the template ends with 'XXXXXX' mkstemp(3) is used to create a unique filename in a safe way. Default: FILE:%d/krb5cc_%U_XXXXXX krb5auth_timeout (integer) Timeout in seconds after an online authentication or change password request is aborted. If possible the authentication request is continued offline. Default: 15 The following example assumes that SSSD is correctly configured and FOO is one of the domains in the [domains] section. [domains/FOO] auth-module = krb5 krb5KDCIP = 192.168.1.1 krb5REALM = EXAMPLE.COM sssd.conf5 , sssd8