I've got SSSD 0.7.1 installed on a laptop here for my wife. She authenticates with kerberos on that laptop via sssd.
So, when she first logs in, sssd manages to get her a tgt and everything is good. However when gnome-screensaver locks her screen and she uses her (kerberos of course) password to unlock it, there does not seem to be any tgt renewal happening like it did with pam_krb5.so. Have I configured something incorrectly? The domain I created for kerberos looks like: [domain/KRB] auth_provider = krb5 cache_credentials = true enumerate = true id_provider = ldap chpass_provider = krb5 ldap_uri = ldap://ldap ldap_user_search_base = ou=People,dc=interlinx,dc=bc,dc=ca ldap_group_search_base = ou=Group,dc=interlinx,dc=bc,dc=ca tls_reqcert = demand ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt krb5_kdcip = 10.75.22.3 krb5_realm = ILINX krb5_changepw_principle = kadmin/changepw krb5_ccachedir = /tmp krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX krb5_auth_timeout = 15 Have I done something incorrectly? Cheers, b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel