Alexander Bokovoy <aboko...@redhat.com> writes: >>* sssd has a default kerberos timeout of six seconds. >> Can be changed in /etc/sssd/sssd.conf: krb5_auth_timeout, >> which also seems to work for auth_provider = ipa, but is not >> documented in sssd-ipa(5). > sssd-ipa(5) says: > -------- > The IPA provider accepts the same options used by the > sssd-ldap(5) identity provider and the sssd-krb5(5) > authentication provider with some exceptions described > below. > -------- > > I'm not sure how much we could improve here.
I just scanned the option list and did not read the complete text. > It would be good to write an article on the wiki that covers privacyidea > integration and explains the workflow. Cornelius from Privacyidea already asked me for this, but I first wanted to get something stable and useful running. Now it looks like that is done I'll try to write something up. > Technically, we have most of > Kerberos client (SSS) -> KDC -> IPA-OTPD -> FreeRADIUS covered in > http://www.freeipa.org/page/V4/OTP and > http://www.freeipa.org/page/V4/OTP/Detail, but they lack timeouts > description. Yes, these pages helped my a lot. Jochen -- The only problem with troubleshooting is that the trouble shoots back. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project