On Wed, 2017-03-29 at 18:41 +0200, Sumit Bose wrote:
> On Wed, Mar 29, 2017 at 04:16:47PM +0000, Joakim Tjernlund wrote:
> > On Wed, 2017-03-29 at 16:10 +0200, Sumit Bose wrote:
> > > On Wed, Mar 29, 2017 at 01:48:07PM +0000, Joakim Tjernlund wrote:
> > > > I have tried to set KRB5CCNAME to something predicable, both in
> > > > sssd.conf(krb5_ccname_template = FILE:/tmp/krb5cc_:%U)
> > > > and
> > > > krb5.conf(default_ccache_name = FILE:/tmp/krb5cc_%{uid})
> > > >
> > > > but what ever I do KRB5CCNAME reads:
> > > > KRB5CCNAME=FILE:/tmp/krb5cc_<UID>_ryxWRPDHZD
> > > >
> > > > Is the name hardcoded nowadays(in sssd 1.15.2)?
> > >
> > > no, using krb5_ccname_template should just work.
> > >
> > > Please note that SSSD tries to reuse an existing and active ccache. This
> > > means that as long as a process of the user is running SSSD will use
> > > the existing ccache and will also set KRB5CCNAME to the existing one for
> > > new logins.
> >
> > Right, but stopping sssd, rm /var/lib/sss/db/* and rebooting does not help.
>
> This should be more than sufficient.
>
> > Do I need to use any of sssd'd plugins in krb.conf? Currently I don't use
> > any plugin
>
> No, no plugins needed here, feel free to forward debug_level=10 logs to
> me which contain an authentication.
>
> bye,
> Sumit
That is a rather large log ..
The only thing I was able to find was:
grep -i krb5cc *
sssd_infinera.com.log:(Wed Mar 29 19:10:44 2017) [sssd[be[infinera.com]]]
[dp_get_options] (0x0400): Option krb5_ccname_template has value
FILE:/tmp/krb5cc_:%U
sssd_infinera.com.log:(Wed Mar 29 19:10:44 2017) [sssd[be[infinera.com]]]
[sss_check_cc_template] (0x0100): ccache file name template
[FILE:/tmp/krb5cc_:%U] doesn't contain randomizing characters (XXXXXX), file
might not be rewritable
Does it work for you ?
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
