What will happen if laptop haven't turn on for a long time and ticket
expired with cache and store password enabled? Does user unable to login
after expired?

On Thu, Nov 20, 2014 at 5:10 PM, Jakub Hrozek <jhro...@redhat.com> wrote:

> On Thu, Nov 20, 2014 at 05:04:02PM +0800, Thomas Lau wrote:
> > Does anyone know what's the behavior look like if a mobile user (laptop)
> > being disconnected from Kerberos for too long even cache is enabled by
> > default in our environment?
>
> SSSD caches the user data and if cache_credentials is enabled, then also
> a salted password hash to enable offline logins.
>
> Your TGT will eventually expire, but that hardly matters since you're
> offline. When you reconnect to the network, you can either run kinit
> manually, or for better user experience enable
> krb5_store_password_if_offline
> to keep your password in the kernel keyring and let sssd kinit on your
> behalf when it detects you've gone online again.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to