Based on IRC conversations with sgallagh, we determined that my ignorance led to /etc/pam.d/system-auth being correctly configured, but /etc/pam.d/password-auth left as the defaults. This was causing issues with sssd renewing the incorrect kerb credential cache.
After fixing my password-auth file, I'm still having issues with automatic ticket renewal. It seems that, now, the sssd cache database is not seeing my kerb credential cache. the ccacheFile is missing, even after I log in successfully with kerb. My KRB5CCNAME environment variable is set and matches the cache shown in klist. What would cause sssd to not recognize the cache name? selinux is in permissive mode, I tried blowing away my sssd config (deleted all the ldb databases) and reconfiguring everything from scratch with authconfig. I'm not convinced something is leftover from a previous bad config, but am not sure where else to look. Thanks for all the help, Norman _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
