Hi, On Tue, May 21, 2024 at 6:41 AM Techie <techcha...@gmail.com> wrote:
> Hello, this did the trick, thank you. > I am grateful for your help and so if desired I can contribute to the doc. > Please let me know how to proceed. > If you are familiar with github / git / PR workflow, then the best would be to open a PR against https://github.com/SSSD/sssd.io/blob/master/src/docs/files-provider-deprecation.rst > > Thank you again > > > On Fri, May 17, 2024, 11:40 AM Techie <techcha...@gmail.com> wrote: > >> This is very encouraging, thank you so much. I will try this and report >> back. >> >> Thank you >> >> On Fri, May 17, 2024, 1:10 AM Alexey Tikhonov <atikh...@redhat.com> >> wrote: >> >>> Hi, >>> >>> On Fri, May 17, 2024 at 9:33 AM Techie <techcha...@gmail.com> wrote: >>> >>>> Hello again, my offline authentication works, however, if I reboot >>>> while offline it no longer works and the cached password is removed from >>>> the cache db. I mean that ldbsearch no longer reveals a cached password for >>>> my user. >>>> >>> >>> Try to `touch /etc/passwd` without reboot - I guess it will have the >>> same effect. >>> >>> I can't find ticket right now, but there was a bug reported that 'files >>> provider' loses cached password hash while rebuilding cache (and it >>> rebuilds entire cache at every startup and every /etc/passwd&group file >>> event) >>> >>> This bug won't be fixed. Files provider is deprecated and planned for >>> eventual removal. >>> >>> 'proxy provider' with 'lib = files' is a substitute for your use case. >>> >>> https://sssd.io/docs/files-provider-deprecation.html doesn't describe >>> your case directly, but hopefully still can help. >>> >>> If you could try this and then contribute a new section to this doc - it >>> would be great. >>> >>> >>> >>> >>>> >>>> I use the passwd file as the ID provider and krb5 as the auth provider. >>>> >>>> [pam] >>>> >>>> offline_credential_expiration = 0 >>>> >>>> [domain/EXAMPLE.COM] >>>> cache_credentials=true >>>> id_provider=files >>>> auth_provider=krb5 >>>> krb5_server=srva.example.com >>>> #krb5_kpasswd=srva.example.com >>>> krb5_realm=EXAMPLE.COM <http://example.com/> >>>> dns_discovery_domain=EXAMPLE.COM <http://example.com/> >>>> >>>> Not sure why the cached entry for my user is removed from >>>> /var/lib/sss/db/cache_EXAMPLE.COM.ldb >>>> >>>> I've been fighting with this for a while so any help would be >>>> appreciated. >>>> >>>> Thank you >>>> >>>> >>>> On Sun, Sep 17, 2023, 12:01 PM Techie <techcha...@gmail.com> wrote: >>>> >>>>> Hi >>>>> >>>>> Trying to use cached creds with local users in the passwd file >>>>> authenticating via kerberos. >>>>> I have id_provider set to files and auth_provider set to krb5(AD DC). >>>>> Online authentication works fine however when I disconnect the network >>>>> authentication fails. The computer is not joined to a domain, I am only >>>>> leveraging the domain/realm for authentication purposes >>>>> >>>>> Relevant entries >>>>> [pam] >>>>> offline_credentials_expiration = 7 >>>>> >>>>> [domain] >>>>> cache_credentials=true >>>>> account_cache_expiration=8 >>>>> id_provider=files >>>>> auth_provider=krb5 >>>>> krb5_server=srva.example.com >>>>> krb5_kpasswd=srva.example.com >>>>> krb5_realm=EXAMPLE.COM >>>>> dns_discovery_domain=EXAMPLE.COM >>>>> krb5_store_password_if_offline=true >>>>> >>>>> Is this a supported configuration for offline logins with cached >>>>> credentials? >>>>> >>>>> Thanks >>>>> >>>> -- >>>> _______________________________________________ >>>> sssd-users mailing list -- sssd-users@lists.fedorahosted.org >>>> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org >>>> Fedora Code of Conduct: >>>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>>> List Archives: >>>> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org >>>> Do not reply to spam, report it: >>>> https://pagure.io/fedora-infrastructure/new_issue >>>> >>> -- >>> _______________________________________________ >>> sssd-users mailing list -- sssd-users@lists.fedorahosted.org >>> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org >>> Fedora Code of Conduct: >>> https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >>> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >>> List Archives: >>> https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org >>> Do not reply to spam, report it: >>> https://pagure.io/fedora-infrastructure/new_issue >>> >> -- > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
