On Thu, Sep 01, 2016 at 10:13:01AM +0100, John Hodrien wrote:
On Mon, 29 Aug 2016, Jakub Hrozek wrote:
btw one more remark. Even if you can't join the client to AD and have to resort to id_provider=ldap there is nothing preventing you from using: auth_provider=krb5 at least as long as the KDC is reachable..
Although without a system keytab (typically the machine credential), you can't validate that you're talking to the correct KDC, can you?
correct