With a client keytab and the env var, GSSAPI and ipalib will automatically pick up and use the keytab for authentication. That's all! Even the principal is looked up from the client keytab.
The path to the portal keytab should be configurable in the config file.
Kerberos / GSSAPI authentication can be simplified a lot with a single env var:
With a client keytab and the env var, GSSAPI and ipalib will automatically pick up and use the keytab for authentication. That's all! Even the principal is looked up from the client keytab.
The path to the portal keytab should be configurable in the config file.