Sounds like the same issue I had, i created a bugzilla ticket for it: https://bugzilla.redhat.com/show_bug.cgi?id=1712875
It hasnt been confirmed as a bug yet though, but it sure feels like it. For us KCM does not bring anything extra to the table as it does not manage ticket renewals yet, so we switched back to kernel keyring for kerberos tickets. ________________________________________ From: James Ralston [[email protected]] Sent: 03 June 2019 23:06 To: End-user discussions about the System Security Services Daemon Subject: [SSSD-users] KCM credential forwarding behavior broken? I filed this issue a week or so ago: https://pagure.io/SSSD/sssd/issue/4017 In essence, it would seem that if KCM already has credentials in the cache, then KCM will never discard those credentials in favor of new credentials being forwarded via sshd, even if the credentials in the cache are expired. This is a showstopper bug for using KCM in any type of enterprise environment, where remote connections are frequent. Have I misunderstood what is actually happening? Or am I correct in that this a bug with KCM? _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
