On Thu, Jun 30, 2016 at 06:16:37PM +0200, Lukas Slebodnik wrote: > On (30/06/16 15:38), Sumit Bose wrote: > >On Wed, Jun 29, 2016 at 09:04:47AM +0000, tstorai....@orange.com wrote: > >> Hello, > >> > >> We are using FreeIPAv3 with SSSD with Hortonworks Cluster : > >> > >> - ipa-admintools-3.0.0-47 > >> > >> - ipa-client-3.0.0-47 > >> > >> - sssd-ipa-1.11.6-30 > >> > >> > >> According with the following documentation, our users are automatically > >> authenticated to Kerberos at every login : > >> https://www.freeipa.org/page/Kerberos > >> "When SSSD project is used, the ticket is get for a user automatically as > >> he authenticates to client machine." > >> > >> It's working pretty well but some of our users are using nominative > >> accounts for ssh connection then access to Hadoop with an applicative > >> keytab... > >> We are agreed than we have to perform a kinit at every connection but when > >> theses users work on several sessions they lose the applicative account > >> ticket :( > > > >If you use credential cache collections (type DIR: or KEYTAB:) SSSD > According to versions of sssd, it looks like el6. > And KEYRING collection ccache is not on el6. > I'm not sure about DIR collection ccache.
It is there, but it was never formally tested and there might be bugs. Also, I'm not sure about /run on RHEL-6, you might want to manually specify another directory for the DIR cache (DIR:/tmp?) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
