[SSSD-users] Re: Ubuntu Bionic - sssd 1.16.1 - kerberos ticket not renewing

On Wed, Oct 31, 2018 at 08:20:55PM +, Jay McCanta wrote: > Yes. Kinit -R renews the ticket (if it hasn't expired). OK, can you attach a snippet of the logs? I thiknk the domain log and the krb5_child.log are the most important. ___ sssd-users

[SSSD-users] Re: Ubuntu Bionic - sssd 1.16.1 - kerberos ticket not renewing

Yes. Kinit -R renews the ticket (if it hasn't expired). -Original Message- From: Jakub Hrozek Sent: Wednesday, October 31, 2018 12:25 PM To: sssd-users@lists.fedorahosted.org Subject: [SSSD-users] Re: Ubuntu Bionic - sssd 1.16.1 - kerberos ticket not renewing EXTERNAL MAIL:

[SSSD-users] Re: Default user quotas with SSSD

On Fri, Oct 19, 2018 at 12:26:28AM -0400, TomK wrote: > Does SSSD allow setting quotas for existing or newly authenticated users? No. We've talked with the systemd developers about the possibility of sssd fetching cgroups limits from LDAP and passing them on to pam_systemd.so to set limits on

[SSSD-users] Re: Ubuntu Bionic - sssd 1.16.1 - kerberos ticket not renewing

On Wed, Oct 31, 2018 at 07:19:44PM +, Jay McCanta wrote: > I have a new server running Ubuntu Bionic (18.04.01) with sssd > 1.16.1-1ubuntu1. The problem is that our Kerberos tickets are not being > renewed while we are logged in. I have tried using FILE and KEYRING > credential caches.

[SSSD-users] Ubuntu Bionic - sssd 1.16.1 - kerberos ticket not renewing

I have a new server running Ubuntu Bionic (18.04.01) with sssd 1.16.1-1ubuntu1. The problem is that our Kerberos tickets are not being renewed while we are logged in. I have tried using FILE and KEYRING credential caches. SSH has Kerberos disabled, GSSAPI disabled, and is configured to use

[SSSD-users] Re: problems with expiring password

You could expire the account, and not the password. Not the most elegant way, but I could not find any other way to implement password expiry. I did try it a while back on a much older version, so I can't  tell if latest code still supports it. All I needed to have in OpenLDAP is shadowExpire

[SSSD-users] Re: problems with expiring password

On 10/31/18 3:26 PM, Bartłomiej Solarz-Niesłuchowski wrote: > On my network we use ldap to "aging" password. > > Every user is definied in ldap server (openldap) with 5 attributes: > > shadowLastChange: 15308 > shadowInactive: 30 > shadowMin: 0 > shadowMax: 120 > shadowWarning: 30 The

[SSSD-users] problems with expiring password

Dear List, On my network we use ldap to "aging" password. Every user is definied in ldap server (openldap) with 5 attributes: shadowLastChange: 15308 shadowInactive: 30 shadowMin: 0 shadowMax: 120 shadowWarning: 30 the sssd uses 6 attributes:     shadowLastChange     shadowMin