On Wed, Mar 31, 2021 at 9:38 AM Calvin Chiang <calvin.chi...@gmail.com> wrote: > > Ex-windows admin wrapping my head around PAM/SSSD has been quite tough! > > I have successfully managed to to get pam_sss working with > > login for specific appliction rstudio server (/etc/pam.d/rstudio) > containerized ubuntu > ldap/krb5 auth > against Microsoft Active Directory > without domain join realmd. (so all hand-configured. ouch) > > the problem is with reuse of the ticket. i cant work out how it works.. > > I would like to configure pam_mount and ODBC to use the same kerberos ticket > that was generated by the pam_sss modules > > so > > pam_sss creates a ticket with the follwoing naming which cannot be used by > the "mount" command: > > /tmp/krb5cc_uid_xxxx > > however if i manually use kinit, it creates a ticket with the naming below, > which can be easily reuse from the "mount" command: > > /tmp/krb5cc_uid > > the naming that pam_sss uses seems to be standard but again i just cant work > out how that should be "discoverable" by any other services looking for a > ticket, when it has the wrong naming..
Hi, if the only thing you need is to change a template, then please see `man sssd-krb5 : krb5_ccname_template` option. (I'm sorry I'm not fluent in kerberos enough to comment on other parts of your email) > > some links..: > > this seems to be where the pam_sss naming is defined - by a build flag > --with-default-ccname-template > > https://github.com/SSSD/sssd/blob/master/src/conf_macros.m4#L337 > > i want to integrate it into pam_mount to mount a cifs drive, which (i think) > is SMB so will be able to use the cifs.upcall library. > > And the way cifs.upcall resolves tickets is somehwere here in > get_cachename_from_process_env > > https://github.com/aaptel/cifs-utils/blob/master/cifs.upcall.c#L260 > > i also want to get MSSQL ODBC driver to use the ticket as well... > > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
