On Thu, 2013-02-28 at 09:43 -0500, Qing Chang wrote: > other than using kinit -r afterwards, how can sssd/pam be configured to > invoke kinit -r > at login? > > Before migrated to IPA, I install kstart for kerberos clients and run krenew > -K 60 to have > krenew checking every 60 minutes in the background to extend ticket when due > to expire. > > It does not work with IPA client because it seems IPA client can not obtain a > renewable > ticket by default at login. Can this be changed? > > Thanks, > Qing >
Look at the sssd-krb5 man page there is a krb5_renewable_lifetime option in there that should do what you asked for. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
