On 12/02/2014 04:45 PM, Jakub Hrozek wrote:
On Mon, Dec 01, 2014 at 05:43:49PM +0100, Joschi Brauchle wrote:Hello Everyone,there seems to be a problem with the KRB TGT auto-renewal feature of SSSD in version 1.12.2. I have this config in sssd.conf: ----------------------------- krb5_renew_interval = 60 ----------------------------- We are using the AD plugin, the KRB plugin is not installed but krb-common (i.e. krb5_child, ldap_child, libsss_krb5_common.so). #Everything works fine, except auto-renewal! See the following example: ----------------------------- $ kinit -l 10m Password for [email protected]:Does the renewal work if you acquire the ticket via SSSD login instead of kinit? Can you test logging in with some PAM service (gdm, su, ...)
Hello Jakub, thanks for the hint. I can confirm that auto-renew works when 1) using graphical login (i.e. SSSD acquired the ticket) 2) reasonably long lifetime (tested w/ 2h) and renewal time (tested w/ 10m).I did have problems when getting the ticket with kinit and short life-/renewal times, as reported originally.
Let me do some more testing to figure out which of the above points is responsible for the autorenew to fail...
J Brauchle
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
