[SSSD] krb5 ticket renewal via gnome-screensaver not working

Brian J. Murrell Sat, 07 Nov 2009 12:33:38 -0800

I've got SSSD 0.7.1 installed on a laptop here for my wife.  She
authenticates with kerberos on that laptop via sssd.


So, when she first logs in, sssd manages to get her a tgt and everything
is good.  However when gnome-screensaver locks her screen and she uses
her (kerberos of course) password to unlock it, there does not seem to
be any tgt renewal happening like it did with pam_krb5.so.

Have I configured something incorrectly?  The domain I created for
kerberos looks like:

[domain/KRB]
auth_provider = krb5
cache_credentials = true
enumerate = true
id_provider = ldap
chpass_provider = krb5

ldap_uri = ldap://ldap
ldap_user_search_base = ou=People,dc=interlinx,dc=bc,dc=ca
ldap_group_search_base = ou=Group,dc=interlinx,dc=bc,dc=ca
tls_reqcert = demand
ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt

krb5_kdcip = 10.75.22.3
krb5_realm = ILINX
krb5_changepw_principle = kadmin/changepw
krb5_ccachedir = /tmp
krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX
krb5_auth_timeout = 15

Have I done something incorrectly?

Cheers,
b.

signature.asc
Description: This is a digitally signed message part

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel

[SSSD] krb5 ticket renewal via gnome-screensaver not working

Reply via email to