We have a separate daemon that renews all credentials that are in use. This requires a pam module to register credentials for renewal. You’re welcome to use it. It’s part of our kerberos tools at https://github.com/clhedrick/kerberos.
> On Aug 14, 2019, at 10:33 AM, Goetz, Patrick G <[email protected]> wrote: > > We run stock sssd on a number of Ubuntu 18.04 servers, and I have not > seen this problem. Also, I haven't done anything to the out of box DNS > configuration. The issue we run in to regularly is that Kerberos > tickets are not renewed and the machine falls out of the domain, but we > now think this might be due to a hostname capitalization problem. > > On 8/13/19 11:00 AM, Charles Hedrick wrote: >> On our Ubuntu 18.04 servers, sssd won’t start. Logging shows that it can’t >> find any DNS servers. Restarting sssd fixes it. >> >> /etc/resolv.conf is a symlink to ../run/systemd/resolve/stub-resolv.conf >> >> If I replace that with a hardcoded resolv.conf with the right name server, >> sssd comes up. Network Manager replaces the file with a different one >> pointing to nameserver 127.0.0.53, but after another reboot with that file >> it still works. >> >> This happens on 4 identical servers, but not on a VM with the same OS. I >> assume there’s a timing issue of some sort. >> >> _______________________________________________ >> sssd-users mailing list -- [email protected] >> To unsubscribe send an email to [email protected] >> Fedora Code of Conduct: >> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: >> https://lists.fedorahosted.org/archives/list/[email protected] >>>> This message is from an external sender. Learn more about why this << >>>> matters at https://links.utexas.edu/rtyclf. << > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
