On Thu, 2012-02-16 at 16:20 +0100, Ondrej Valousek wrote:
>
> > Also FWIW Windows also does not store the password for renewals, as
> > renewals do not need a password. Windows will simply obtain a new ticket
> > every time you unlock the screen (just like we do), and has default
> > renewal times
Also FWIW Windows also does not store the password for renewals, as
renewals do not need a password. Windows will simply obtain a new ticket
every time you unlock the screen (just like we do), and has default
renewal times of a week or so (defaults depend on AD version and/or
domain policies).
(
On Thu, 2012-02-16 at 09:45 -0500, Simo Sorce wrote:
> On Thu, 2012-02-16 at 15:31 +0100, Ondrej Valousek wrote:
> > Hi List,
> >
> > Is it planned for sssd to allow it to renew user's Kerberos cache
> > in /tmp/krb5cc_XX automatically (i.e. much like what the lsass.exe
> > service does in Win
On Thu, 2012-02-16 at 15:52 +0100, Ondrej Valousek wrote:
> Hi Stephen,
>
> Alright then - so if I understand correctly, I can have a situation
> where TGTs are generated with a short lifetime (say 7 days) but long
> renewable periods (say 6 months).
>
> I can then configure sssd to renew Kerbero
Hi Stephen,
Alright then - so if I understand correctly, I can have a situation where TGTs are generated with a short lifetime (say 7 days) but long
renewable periods (say 6 months).
I can then configure sssd to renew Kerberos cache on the user's behalf every 7 days. It will work nicely for 6
On Thu, 2012-02-16 at 15:31 +0100, Ondrej Valousek wrote:
> Hi List,
>
> Is it planned for sssd to allow it to renew user's Kerberos cache
> in /tmp/krb5cc_XX automatically (i.e. much like what the lsass.exe
> service does in Windows)?
> For this to happen, we would need to cache user's plaint
On Thu, 2012-02-16 at 15:31 +0100, Ondrej Valousek wrote:
> Hi List,
>
> Is it planned for sssd to allow it to renew user's Kerberos cache
> in /tmp/krb5cc_XX automatically (i.e. much like what the lsass.exe
> service does in Windows)?
> For this to happen, we would need to cache user's plaint
On Thu, 2012-02-16 at 15:31 +0100, Ondrej Valousek wrote:
> Hi List,
>
> Is it planned for sssd to allow it to renew user's Kerberos cache
> in /tmp/krb5cc_XX automatically (i.e. much like what the lsass.exe
> service does in Windows)?
> For this to happen, we would need to cache user's plaint
Hi List,
Is it planned for sssd to allow it to renew user's Kerberos cache in /tmp/krb5cc_XX automatically (i.e. much like what the lsass.exe
service does in Windows)?
For this to happen, we would need to cache user's plaintext password in memory
I know, but could be handy in some situatio
Instead of failing the group lookup, just skip them. This was
impacting some users of ActiveDirectory where not all users had
the appropriate attributes.
Fixes https://fedorahosted.org/sssd/ticket/1169
From 1ef67dec13388b16b6615e355eab5078261a4eb6 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Fixes https://fedorahosted.org/sssd/ticket/1160
I tested this against a case-sensitive LDAP server and proxy->files, but
I don't have access to a case-insensitive LDAP server at the moment.
From 41409f5ef049a5a8acc1ab50c59f539634de5095 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Thu, 1
On Thu, Feb 09, 2012 at 06:05:30PM +0100, Jan Zelený wrote:
> > > On Thu, 2012-02-09 at 13:46 +0100, Jakub Hrozek wrote:
> > > > On Tue, Feb 07, 2012 at 01:40:39PM +0100, Jan Zelený wrote:
> > > > > With all these changes happening in last two weeks, the IPA hosts
> > > > > code was messy at best.
On Thu, Feb 16, 2012 at 11:28:00AM +0100, Pavel Březina wrote:
> Dne 16.2.2012 10:55, Jakub Hrozek napsal(a):
> >On Mon, Feb 13, 2012 at 06:18:57PM +0100, Pavel Březina wrote:
> >>Dne 13.2.2012 17:32, Jakub Hrozek napsal(a):
> >>>On Fri, Feb 10, 2012 at 02:32:06PM +0100, Pavel Březina wrote:
>
Dne 16.2.2012 10:55, Jakub Hrozek napsal(a):
On Mon, Feb 13, 2012 at 06:18:57PM +0100, Pavel Březina wrote:
Dne 13.2.2012 17:32, Jakub Hrozek napsal(a):
On Fri, Feb 10, 2012 at 02:32:06PM +0100, Pavel Březina wrote:
https://fedorahosted.org/sssd/ticket/1173
sysdb_sudo_build_sudouser(): Are t
On Mon, Feb 13, 2012 at 06:18:57PM +0100, Pavel Březina wrote:
> Dne 13.2.2012 17:32, Jakub Hrozek napsal(a):
> >On Fri, Feb 10, 2012 at 02:32:06PM +0100, Pavel Březina wrote:
> >>https://fedorahosted.org/sssd/ticket/1173
> >
> >sysdb_sudo_build_sudouser(): Are there any cases where username would
15 matches
Mail list logo