The installer enforces certain keytab settings

Co-authored-by: Ewoud Kohl van Wijngaarden <[email protected]>

guides/common/modules/proc_configuring-direct-ad-integration-with-gss-proxy.adoc

@@ -40,7 +40,6 @@ security = ads
 # id {apache-user}
 ----
 +
-The Apache user must not have access to the keytab file.
 . Create the `/etc/gssproxy/00-http.conf` file with the following content:
 +
 [options="nowrap", subs="+quotes,verbatim,attributes"]
@@ -62,8 +61,6 @@ euid = __ID_of_Apache_User__
 [options="nowrap", subs="+quotes,verbatim,attributes"]
 ----
 # KRB5_KTNAME=FILE:/etc/httpd/conf/http.keytab net ads keytab add HTTP -U administrator -d3 -s /etc/net-keytab.conf
-# chown root.root /etc/httpd/conf/http.keytab
-# chmod 600 /etc/httpd/conf/http.keytab
 ----
 . Configure SSSD to map Group Policy Objects (GPOs) from AD to the `foreman` PAM service:
 .. In your `/etc/sssd/sssd.conf` file, add the following lines to the `domain` section for the Active Directory domain: