On Tue, Nov 10, 2009 at 11:36:45PM -0500, Brian J. Murrell wrote: > On Mon, 2009-11-09 at 21:19 +0100, Sumit Bose wrote: > > > > Does this mean you are still seeing [Credentials cache I/O operation > > failed XXX] in krb5_child.log? > > No. I am seeing nothing new at all in the krb5_child.log when > authentications happen. > > > this indicates that everything is ok, please send krb5_child.log, if > > possible with debug level 10. > > Even with debug level 10, there is nothing new in the krb5_child.log: > > $ ls -ltar /var/log/sssd/ > total 420 > -rw------- 1 root root 438 2009-11-09 09:23 krb5_child.log > drwxr-xr-x 15 root root 4096 2009-11-10 07:41 .. > drwxr-xr-x 2 root root 4096 2009-11-10 23:32 . > -rw------- 1 root root 152408 2009-11-10 23:32 sssd_pam.log > -rw------- 1 root root 238167 2009-11-10 23:32 sssd_KRB.log > > I have "debug_level = 10" in my [domain/KRB] as well as the [pam] > section. > > Also, I asked previously why I would want per-login unique ccache files > with: > > krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX > > but nobody answered. Do I really want this or is a single ccache file > per user (i.e. drop the _XXXXXX in the template) not more ideal? > > b. >
ah, sorry, I misinterpreted your original post. I thought a ccache file wasn't created at all when using gnome-screensaver. You are right, if you use 'krb5_ccname_template = FILE:%d/krb5cc_%U_XXXXXX' with the current version every authentication will create a new ccache file. If you want to renew the TGT with every authentication you have to use a per-user unique ccache file, e.g. FILE:%d/krb5cc_%U. We are currently discussing how to handle renewals in a more general way so that it would be possible to renew FILE:%d/krb5cc_%U_XXXXXX-style files too. HTH. bye, Sumit > _______________________________________________ > sssd-devel mailing list > sssd-devel@lists.fedorahosted.org > https://fedorahosted.org/mailman/listinfo/sssd-devel _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel