Dear SSSD Users,
I have a question regarding the renewal of Kerberos tickets within a
Samba AD. All servers and clients are running Ubuntu 16.04. We have a
lot of Windows clients too; therefore we're using Samba. First of all,
I'll summarize our setup:
- One server acts as the Samba AD Host (and Kerberos (integrated in
Samba) principal)
- One server acts as a file server; all directories (the users' home
directories as well) are exported via kerberized NFS
- The clients mount the directories; login auth is realized using sssd
(with id_provider = ad, auth_provider = ad and access_provider = ad)
When a user logs in at a client, he gets a Kerberos ticket and is
therefore granted access to his home directory. If he locks the screen
and logs in again, the ticket is renewed. However, if the user keeps the
client locked for a time greater than the ticket lifetime, the ticket
expires and the user is not able to write to his home directory any
more. That's a problem if the user is, for example, running a process
which takes a long time (in our case mostly simulations which are
usually run overnight). The same things happens if a user connects to a
client via ssh. Then, the ticket is never renewed automatically.
Is it somehow possible to configure that sssd renews the krb5 ticket if
the user has active processes running?
Regards
Michael
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
