I am aware that sssd by design issues an invalid tgt upon login when it is operating in offline mode. The tgt has a expire date of the epoch. There is a configuration option for storing the login passwd within sssd to enable it to issue a correct ticket once it enters online mode again.
Now, we are using yubikey-based PKINIT as our login and cannot use this configuration option. The problematic scenario runs like this: - Notebook is offline. - user logs in with yubikey - user starts a user program that establishes a vpn connection This results in a tgt expired at epoch. Two questions: 1. Is there a way to avoid this behaviour? 2. Is issuing a kinit after setting up the vpn connection to obtain a valid tgt a valid workaround? Thanks in advance _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected]
