On Mon, Dec 12, 2016 at 10:03 AM Stephen Gallagher <sgall...@redhat.com> wrote:
> On 12/12/2016 04:53 AM, Vít Ondruch wrote: > > So several questions: > > > > 1) When I have 2 domains I login to with kerberos, how to really make it > > work. I don't want to kswitch all the time. I am using Kerberos to > > authenticate my email client, so I want to keep it working all the time. > > > > There are patches still coming that will switch the fedora packaging tools > to > use GSSAPI rather than Kerberos directly, which will handle auto-selecting > the > right TGT. I'm not sure what the status is on this, but Patrick Uiterwijk > (CCed) > was looking into it. > > > > 2) I needed to update a certificate every 6 months, now I need to kinit > > every day. This is regression. How to make it work without kinit at all. > > I am using SSSD for company kerberos and I don't need to kinit at all, > > how to make this work for Fedora? > > > > If you're using GNOME, it will be possible to have it save your TGT > password in > GNOME Keyring and use GNOME Online Accounts to sign you in automatically > when > you log into your main account. However, there is currently a bug in it: > https://bugzilla.redhat.com/show_bug.cgi?id=1401605 > > I'm running with the patch proposed in that ticket and it has fixed the > issue > for me, so I know it works. > > > Another (not recommended) option would be to put: > > echo "<password>" | kinit usern...@fedoraproject.org > > Better yet, save your password in gnome-keyring: keyring set login fedora And retrieve it for kinit: keyring get login fedora | kinit usern...@fedoraproject.org (requires python-keyring and python-SecretStorage) somewhere into your session-start scripts (but of course, this would require > your password in plaintext somewhere). > > _______________________________________________ > devel mailing list -- devel@lists.fedoraproject.org > To unsubscribe send an email to devel-le...@lists.fedoraproject.org > -- Christopher
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org