On Thu, Nov 20, 2014 at 05:04:02PM +0800, Thomas Lau wrote:
> Does anyone know what's the behavior look like if a mobile user (laptop)
> being disconnected from Kerberos for too long even cache is enabled by
> default in our environment?

SSSD caches the user data and if cache_credentials is enabled, then also
a salted password hash to enable offline logins.

Your TGT will eventually expire, but that hardly matters since you're
offline. When you reconnect to the network, you can either run kinit
manually, or for better user experience enable krb5_store_password_if_offline
to keep your password in the kernel keyring and let sssd kinit on your
behalf when it detects you've gone online again.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to