SSSD Manual pages
sssd-krb5
5
File Formats and Conventions
sssd-krb5
the configuration file for SSSD
DESCRIPTION
This manual page describes the configuration of the Kerberos
5 authentication backend for
sssd
8
.
For a detailed syntax reference, please refer to the FILE FORMAT
section of the
sssd.conf
5
manual page
CONFIGURATION OPTIONS
If the auth-module krb5 is used in a SSSD domain, the following
options must be used. See the
sssd.conf
5
manual page, section DOMAIN SECTIONS
for details on the configuration of a SSSD domain.
krb5_kdcip (string)
Specifies the IP address of the Kerberos server.
krb5_realm (string)
The name of the Kerberos realm.
krb5_try_simple_upn (boolean)
Set this option to 'true'
if an User Principle Name (UPN) cannot be found in sysdb
and you want to use an UPN like 'username@realm'.
Default: false
krb5_changepw_principle (string)
The priciple of the change password service.
If only the 'identifier/instance' part of the
principle are given the realm part is added
automatically.
Default: kadmin/changepw
krb5_ccachedir (string)
Directory to store credential caches.
Default: /tmp
krb5_ccname_template (string)
Location of the user's credential cache. Currently
only file based credential caches are supported. In
the template the following sequences are
substituted:
%u
login name
%U
login UID
%p
principle name
%r
realm name
%h
home directory
%d
value of krb5ccache_dir
%P
the process ID of the sssd
client
%%
a literal '%'
If the template ends with 'XXXXXX' mkstemp(3) is
used to create a unique filename in a safe way.
Default: FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout (integer)
Timeout in seconds after an online authentication or
change password request is aborted. If possible the
authentication request is continued offline.
Default: 15
EXAMPLE
The following example assumes that SSSD is correctly
configured and FOO is one of the domains in the
[sssd] section. This example shows
only configuration of Kerberos authentication, it does not include
any identity provider.
[domain/FOO]
auth_provider = krb5
krb5_kdcip = 192.168.1.1
krb5_realm = EXAMPLE.COM
SEE ALSO
sssd.conf5
,
sssd8