On Fri, Jul 22, 2016 at 09:36:27AM -0400, Linov Suresh wrote: > I'm facing another issue now, my kerberos tickets are not renewing,
In general I think it's better to start separate threads about separate issues. That way people who only scan the subject lines can see if this thread is something they can help with :) > > *[root@caer ~]# ipa cert-show 1* > ipa: ERROR: Ticket expired > > *[root@caer ~]# klist* > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: ad...@teloip.net > > Valid starting Expires Service principal > 07/20/16 14:42:26 07/21/16 14:42:22 krbtgt/teloip....@teloip.net > 07/20/16 14:42:36 07/21/16 14:42:22 HTTP/caer.teloip....@teloip.net > 07/21/16 11:40:15 07/21/16 14:42:22 ldap/caer.teloip....@teloip.net > > I need to manually renew the tickets every day, > > *[root@caer ~]# kinit admin* > Password for ad...@teloip.net: > Warning: Your password will expire in 6 days on Thu Jul 28 15:20:15 2016 > > *[root@caer ~]# klist * > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: ad...@teloip.net > > Valid starting Expires Service principal > 07/22/16 09:34:52 07/23/16 09:34:49 krbtgt/teloip....@teloip.net The first thing to keep in mind is that SSSD only renews tickets it 'knows about', so tickets that were acquired through SSSD, not directly with kinit. For options about renewing SSSD-acquired tickets, see man sssd-krb5 and search for renew. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project