On Thu, 2012-02-16 at 15:31 +0100, Ondrej Valousek wrote: > Hi List, > > Is it planned for sssd to allow it to renew user's Kerberos cache > in /tmp/krb5cc_XXXXXX automatically (i.e. much like what the lsass.exe > service does in Windows)? > For this to happen, we would need to cache user's plaintext password > in memory I know, but could be handy in some situations....
We already do that. See sssd-krb5(5), there is an option named krb5_store_password_if_offline, it is not enabled by default. The password is stored in the keyring in pinned memory, and it is removed as soon as we are able to obtain a TGT. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
