On Sat, 2009-11-07 at 15:32 -0500, Brian J. Murrell wrote: > I've got SSSD 0.7.1 installed on a laptop here for my wife. She > authenticates with kerberos on that laptop via sssd. > > So, when she first logs in, sssd manages to get her a tgt and everything > is good. However when gnome-screensaver locks her screen and she uses > her (kerberos of course) password to unlock it, there does not seem to > be any tgt renewal happening like it did with pam_krb5.so. > > Have I configured something incorrectly? The domain I created for > kerberos looks like: > > [domain/KRB] > auth_provider = krb5 > cache_credentials = true > enumerate = true > id_provider = ldap > chpass_provider = krb5 > > ldap_uri = ldap://ldap > ldap_user_search_base = ou=People,dc=interlinx,dc=bc,dc=ca > ldap_group_search_base = ou=Group,dc=interlinx,dc=bc,dc=ca > tls_reqcert = demand > ldap_tls_cacert = /etc/pki/tls/certs/ca-bundle.crt > > krb5_kdcip = 10.75.22.3 > krb5_realm = ILINX > krb5_changepw_principle = kadmin/changepw > krb5_ccachedir = /tmp > krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX > krb5_auth_timeout = 15 > > Have I done something incorrectly?
It should work, any chance you can check if this fails to work with master as well ? Otherwise just open a bug and we will verify asap. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel