On Wed, Dec 16, 2020 at 2:53 PM Kees Bakker <[email protected]> wrote: > Thanks for the pointer. A bit old, but probably still relevant. > > Anyway, I was thinking that the following may be the cause of > my observation. I'm now working from home (as many will recognize). > My setup is a X2GO connection to the office. The session is kept alive > all the time and without a screenlock in that X2GO session. > > Before I was working in the office, and there I had a screenlock as soon > as I left my desk. I'm guessing that the TGT was renewed or newly created > when I unlocked the screen. If that is the case then I never noticed an > expired TGT. > > It's just a wild guess. > > In the mean time I'm going to figure out what the configuration should be > to not run into an expired TGT all the time. Of course we have a FreeIPA > flavor of it all. In my case: Centos7 for the masters, and Ubuntu for the > clients. >
Look at the client's configuration: https://linux.die.net/man/5/sssd-krb5 krb5_store_password_if_offline krb5_renewable_lifetime krb5_renew_interval HTH F. > -- Kees > > On 16-12-2020 09:32, François Cami wrote: > > Hi, > > Please see: > > https://sgallagh.wordpress.com/2011/09/02/sssd-tips-and-tricks-vol-1-kerberos/ > > Disclaimer: I don't know how applicable this is to your system. > > François > > > On Wed, Dec 16, 2020 at 9:04 AM Kees Bakker via FreeIPA-users < > [email protected]> wrote: > >> Hi, >> >> On my Ubuntu 20.04 system, if I login I'm getting a TGT. So far so good. >> Usually I login onto a system and never logout for weeks. >> >> I seem to remember that I didn't have to manually get a new TGT all >> the time. Now it expires after 24h and I have to redo a kinit. >> >> My question: is there (or should there be) a mechanism that renews the >> TGT if you stay logged in? >> -- >> Kees >> _______________________________________________ >> FreeIPA-users mailing list -- [email protected] >> To unsubscribe send an email to >> [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >> > >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
