On Wed, 2017-03-29 at 19:21 +0200, Joakim Tjernlund wrote:
> On Wed, 2017-03-29 at 18:41 +0200, Sumit Bose wrote:
> > On Wed, Mar 29, 2017 at 04:16:47PM +0000, Joakim Tjernlund wrote:
> > > On Wed, 2017-03-29 at 16:10 +0200, Sumit Bose wrote:
> > > > On Wed, Mar 29, 2017 at 01:48:07PM +0000, Joakim Tjernlund wrote:
> > > > > I have tried to set KRB5CCNAME to something predicable, both in
> > > > > sssd.conf(krb5_ccname_template = FILE:/tmp/krb5cc_:%U)
> > > > > and
> > > > > krb5.conf(default_ccache_name = FILE:/tmp/krb5cc_%{uid})
> > > > >
> > > > > but what ever I do KRB5CCNAME reads:
> > > > > KRB5CCNAME=FILE:/tmp/krb5cc_<UID>_ryxWRPDHZD
> > > > >
> > > > > Is the name hardcoded nowadays(in sssd 1.15.2)?
> > > >
> > > > no, using krb5_ccname_template should just work.
> > > >
> > > > Please note that SSSD tries to reuse an existing and active ccache. This
> > > > means that as long as a process of the user is running SSSD will use
> > > > the existing ccache and will also set KRB5CCNAME to the existing one for
> > > > new logins.
> > >
> > > Right, but stopping sssd, rm /var/lib/sss/db/* and rebooting does not
> > > help.
> >
> > This should be more than sufficient.
> >
> > > Do I need to use any of sssd'd plugins in krb.conf? Currently I don't use
> > > any plugin
> >
> > No, no plugins needed here, feel free to forward debug_level=10 logs to
> > me which contain an authentication.
> >
> > bye,
> > Sumit
>
> That is a rather large log ..
> The only thing I was able to find was:
> grep -i krb5cc *
> sssd_infinera.com.log:(Wed Mar 29 19:10:44 2017) [sssd[be[infinera.com]]]
> [dp_get_options] (0x0400): Option krb5_ccname_template has value
> FILE:/tmp/krb5cc_:%U
> sssd_infinera.com.log:(Wed Mar 29 19:10:44 2017) [sssd[be[infinera.com]]]
> [sss_check_cc_template] (0x0100): ccache file name template
> [FILE:/tmp/krb5cc_:%U] doesn't contain randomizing characters (XXXXXX), file
> might not be rewritable
>
> Does it work for you ?
Ahh, I was testing using ssh to login and that did not set the new cache name
but logging in on console/xdm did.
Jocke
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
