What will happen if laptop haven't turn on for a long time and ticket
expired with cache and store password enabled? Does user unable to login
On Thu, Nov 20, 2014 at 5:10 PM, Jakub Hrozek <jhro...@redhat.com> wrote:
> On Thu, Nov 20, 2014 at 05:04:02PM +0800, Thomas Lau wrote:
> > Does anyone know what's the behavior look like if a mobile user (laptop)
> > being disconnected from Kerberos for too long even cache is enabled by
> > default in our environment?
> SSSD caches the user data and if cache_credentials is enabled, then also
> a salted password hash to enable offline logins.
> Your TGT will eventually expire, but that hardly matters since you're
> offline. When you reconnect to the network, you can either run kinit
> manually, or for better user experience enable
> to keep your password in the kernel keyring and let sssd kinit on your
> behalf when it detects you've gone online again.
> Manage your subscription for the Freeipa-users mailing list:
> Go To http://freeipa.org for more info on the project
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project