Le 1 juil. 2012 à 17:14, Dominic Gross a écrit :
>> The Kernel posted by Chris allows, (with console login), the user to unlock
>> the
>> screensaver
>
> Well, this seems to fix the original bug reported here. Which is that
> nobody can log in using LDAP / Kerberos once a ticket of one signed in
> user expired.
yes it is.
>
>> but applications, such like web browser, remains stuck and the session has to
>> be restarted in order to work properly.
>
> This looks like the intended behavior to me. The user's Kerberos Ticket
> expires some time after log in. At that point the applications can no
> longer access the user's NFS home directory and the applications get
> stuck or crash. Once a user enters his / her password again a new ticket
> is granted and the user can log into the session /access the home
> directory again. However, in my experience few applications fully
> recover from not being able to access the home directory for a longer
> time.
It wasn't the behaviour before rpc.gssd returns EKEYEXPIRED. Ce
filesystem was fully accessible to the users apps even if they got stuck
for days … It seems correct to me that the filesystem remains
unaccessible until the user unlock the screensaver … for obvious
security purpose (implementing an auto refresh, just like you said,
seems to me like a security breach). However, it would be nice to have a
way to get the former behaviour which allows user to get back his
session without relogging and ,at the same time, don't give system
access to the user FS even when the user is gone away.
>
> So, it seems to me, that in order to fix this remaining issue one needs
> to set up something to automatically renew Kerberos Tickets. This can be
> implemented either via a cronjob or packages like kstart or sssd.
>
Christophe Ségui
Responsable
informatique
Institut de Mathématiques de Toulouse
Université de Toulouse - CNRS
118 Route de Narbonne
31062 Toulouse Cedex 09
Tel : (+33) 5 61 55 63 78
christophe.se...@math.univ-toulouse.fr
http://www.math.univ-toulouse.fr
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/794112
Title:
Kerberos + LDAP + NFSv4 on Natty - Unable to recover unattended client
To manage notifications about this bug go to:
https://bugs.launchpad.net/kerberos/+bug/794112/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
