On Tue, 24 Apr 2018, Joakim Tjernlund wrote:
It seems like a missing keytab file prevents any login in a AD
connected
sssd. Does it need to be so?
I have a vague memory from the past that a missing/invalid keytab file
only prevented SSO but allowed login using your password ?
Presumably you can make it work without needing a keytab if you use ldap as an
auth provider.
If you're using AD, you're using kerberos and ldap. If you're using
kerberos,
you need to be able to validate the KDC. How would you plan on doing that?
jh