Package: kstart Version: 4.3-1 Severity: normal Hi,
I use nslcd with sasl_mech GSSAPI to connect to an LDAP server. nslcd therefore invokes k5start to obtain a kerberos ticket and keep it alive using the command line: | /usr/bin/k5start -b -p /run/nslcd/k5start_nslcd.pid -o nslcd -g nslcd -m 600 -f /etc/krb5.keytab -K 60 -u host/myhost.mydomain.mytld -k /var/run/nslcd/nslcd.tkt which looks fine to me. k5start wakes up every 60 minutes and renews the ticket if necessary. When the machine goes to sleep (suspend to ram and/or disk), the ticket may expire nevertheless. After resume, it takes up to 60 minutes until k5start wakes up, notices that the ticket has expired and obtains a new one. One could now use a smaller value for the "-K" on machines which use the suspend functionality, or restart nslcd on each resume, but I'd consider these are only workarounds. In my opinion kstart is responsible here. It should provide a service that triggers on resume and wakes up all running instances of k5start so they can immediately check their tickets. Thanks, - Dietrich -- System Information: Debian Release: 12.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-16-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages kstart depends on: ii libc6 2.36-9+deb12u3 ii libkeyutils1 1.6.3-2 ii libkrb5-3 1.20.1-2+deb12u1 kstart recommends no packages. kstart suggests no packages. -- no debconf information