Add krb_provider helper to set default krb5 options

When auth_provider=krb5 is used, SSSD requires krb5_realm,
krb5_server, and krb5_kpasswd options, otherwise SSSD would
fail with "Missing krb5_realm option!".
Adds krb_provider() method in SSSDCommonConfiguration that
sets default krb5 options (auth_provider, krb5_realm,
krb5_server, krb5_kpasswd) from the backend's host configuration.
  Uses setdefault() to preserve explicit config values
  Called by krb5_auth() to reduce boilerplate in YAML configs
  Works with KDC, IPA, and AD backends

Signed-off-by: Madhuri Upadhye <[email protected]>

Author: madhuriupadhye

sssd_test_framework/utils/sssd.py

@@ -868,6 +868,24 @@ def local(self) -> None:
         )
         self.sssd.default_domain = "local"
 
+    def krb_provider(self, backend: KDC | GenericProvider) -> None:
+        """
+        Set auth_provider to krb5 and populate krb5 options.
+
+        This method sets ``auth_provider=krb5`` and configures
+        ``krb5_realm``, ``krb5_server``, and ``krb5_kpasswd`` based on
+        the provided backend (KDC, IPA, or AD).
+
+        :param backend: Backend role object (KDC, IPA, or AD).
+        :type backend: KDC | GenericProvider
+        """
+        host = backend.host
+
+        self.sssd.domain["auth_provider"] = "krb5"
+        self.sssd.domain["krb5_realm"] = host.realm
+        self.sssd.domain["krb5_server"] = host.hostname
+        self.sssd.domain["krb5_kpasswd"] = host.hostname
+
     def krb5_auth(self, kdc: KDC, domain: str | None = None) -> None:
         """
         Configure auth_provider to krb5, using the KDC from the multihost
@@ -888,6 +906,7 @@ def krb5_auth(self, kdc: KDC, domain: str | None = None) -> None:
         if domain is None:
             raise ValueError("No domain specified!")
 
+        self.krb_provider(kdc)
         self.sssd.merge_domain(domain, kdc)
         self.sssd.fs.write("/etc/krb5.conf", kdc.config(), user="root", group="root", mode="0644")