What will happen if laptop haven't turn on for a long time and ticket expired with cache and store password enabled? Does user unable to login after expired?
On Thu, Nov 20, 2014 at 5:10 PM, Jakub Hrozek <[email protected]> wrote: > On Thu, Nov 20, 2014 at 05:04:02PM +0800, Thomas Lau wrote: > > Does anyone know what's the behavior look like if a mobile user (laptop) > > being disconnected from Kerberos for too long even cache is enabled by > > default in our environment? > > SSSD caches the user data and if cache_credentials is enabled, then also > a salted password hash to enable offline logins. > > Your TGT will eventually expire, but that hardly matters since you're > offline. When you reconnect to the network, you can either run kinit > manually, or for better user experience enable > krb5_store_password_if_offline > to keep your password in the kernel keyring and let sssd kinit on your > behalf when it detects you've gone online again. > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
