On (01/09/17 12:01), Mark London wrote: >On 9/1/2017 10:30 AM, John Hodrien wrote: >> On Fri, 1 Sep 2017, Michal Židek wrote: >> >> > See man sssd-krb5 and option: >> > krb5_renew_interval >> > >> > Is this what you are looking for? Look for other options >> > in that man page too, maybe you will need some of them. >> >> If this is against a typical AD installation, that'll get you automatic >> certificate renewals for up to 7 days. > >But we have people logged into linux workstations for months at a time. >What happens to their connection to their home directory, when their 7 day >period ends? - Mark
krb5 ticket is "renewed" after each authentication. If user does not authenticate very often then krb5_renew_interval will help. But usually, krb5 ticket cannot be renewed to infinity. (equivalent to "kinit -R") due to krb5 server side limits/setting. I do not know details about your deployment so it is difficult to answer. LS _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
