Automatic Kerberos Host Keytab Renewal with SSSD

Solution 1:

This should happen automatically, but you need to install adcli. sssd just forks and execs adcli in order to perform the update.

Solution 2:

I just figured out what my problem was after having this issue for months.

I didn't name my server server.my.domain.com and instead it was just server. After changing the name, leaving and rejoining the realm, adcli update runs without a problem.