Skip to content

Set default krb5 options in KDCHost #230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
madhuriupadhye merged 2 commits into from
Feb 10, 2026
Merged

Set default krb5 options in KDCHost #230

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
259fef4
Add krb_provider helper to set default krb5 options
madhuriupadhye Jan 29, 2026
35c05d2
Merge branch 'master' into kdc_fix
jakub-vavra-cz Feb 10, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions sssd_test_framework/utils/sssd.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -868,6 +868,26 @@ def local(self) -> None:
)
self.sssd.default_domain = "local"

def krb_provider(self, backend: KDC | GenericProvider) -> None:
"""
Set auth_provider to krb5 and populate krb5 options.

This method sets ``auth_provider=krb5`` and configures
``krb5_realm``, ``krb5_server``, and ``krb5_kpasswd`` based on
the provided backend (KDC, IPA, or AD).

:param backend: Backend role object (KDC, IPA, or AD).
:type backend: KDC | GenericProvider
"""
host = backend.host
if not isinstance(host, BaseDomainHost):
raise TypeError(f"Expected BaseDomainHost, got {type(host)}")

host.client.setdefault("auth_provider", "krb5")
host.client.setdefault("krb5_realm", host.realm)
host.client.setdefault("krb5_server", host.hostname)
host.client.setdefault("krb5_kpasswd", host.hostname)

def krb5_auth(self, kdc: KDC, domain: str | None = None) -> None:
"""
Configure auth_provider to krb5, using the KDC from the multihost
Expand All @@ -888,6 +908,7 @@ def krb5_auth(self, kdc: KDC, domain: str | None = None) -> None:
if domain is None:
raise ValueError("No domain specified!")

self.krb_provider(kdc)
self.sssd.merge_domain(domain, kdc)
self.sssd.fs.write("/etc/krb5.conf", kdc.config(), user="root", group="root", mode="0644")

Expand Down