On Thu, Oct 19, 2017 at 11:40:39AM +0200, Michael Löffler wrote: > Hi, > > > Yes, please check man sssd-krb5 and the option that include 'renew' in > > their name, e.g. "krb5_renewable_lifetime". > After reading the manpage, I thought that this only affects auths via krb5 - > however, our auth_provider is ad. Am I wrong here?
The ad provider is a AD-specific wrapper around the krb5 provider, so it can be tuned with the krb5_* options. > > > But please note that only tickets acquired through SSSD will be renewed > > this way. > Actually, I don't even know which service acquires the ticket. Is it always > SSSD? Or is it pam or ssh? How do you log in to the machine? Via ssh with a password, ssh with GSSAPI, GDM..? Typically, the login methods that include a PAM authentication (GDM, su, ssh with password, ...) would contact sssd through the pam_sss module. _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
