thanks Alexey! i ddint realize it coudl be configured in the config file thought it was just a build option. I'll give it a try and post back.
KRB5CCNAME doesnt seem to be configured anyway so i'll assume it'll default to /tmp/krb5cc_UID On Wed, 31 Mar 2021 at 10:06, Alexey Tikhonov <atikh...@redhat.com> wrote: > On Wed, Mar 31, 2021 at 9:58 AM Alexey Tikhonov <atikh...@redhat.com> > wrote: > > > > On Wed, Mar 31, 2021 at 9:38 AM Calvin Chiang <calvin.chi...@gmail.com> > wrote: > > > > > > Ex-windows admin wrapping my head around PAM/SSSD has been quite tough! > > > > > > I have successfully managed to to get pam_sss working with > > > > > > login for specific appliction rstudio server (/etc/pam.d/rstudio) > > > containerized ubuntu > > > ldap/krb5 auth > > > against Microsoft Active Directory > > > without domain join realmd. (so all hand-configured. ouch) > > > > > > the problem is with reuse of the ticket. i cant work out how it works.. > > > > > > I would like to configure pam_mount and ODBC to use the same kerberos > ticket that was generated by the pam_sss modules > > > > > > so > > > > > > pam_sss creates a ticket with the follwoing naming which cannot be > used by the "mount" command: > > > > > > /tmp/krb5cc_uid_xxxx > > > > > > however if i manually use kinit, it creates a ticket with the naming > below, which can be easily reuse from the "mount" command: > > > > > > /tmp/krb5cc_uid > > > > > > the naming that pam_sss uses seems to be standard but again i just > cant work out how that should be "discoverable" by any other services > looking for a ticket, when it has the wrong naming.. > > > > Hi, > > > > if the only thing you need is to change a template, then please see > > `man sssd-krb5 : krb5_ccname_template` option. > > > > (I'm sorry I'm not fluent in kerberos enough to comment on other parts > > of your email) > > and about discoverability - it exports standard `KRB5CCNAME` env variable > > > > > > > > > > > > > > some links..: > > > > > > this seems to be where the pam_sss naming is defined - by a build flag > --with-default-ccname-template > > > > > > https://github.com/SSSD/sssd/blob/master/src/conf_macros.m4#L337 > > > > > > i want to integrate it into pam_mount to mount a cifs drive, which (i > think) is SMB so will be able to use the cifs.upcall library. > > > > > > And the way cifs.upcall resolves tickets is somehwere here in > get_cachename_from_process_env > > > > > > https://github.com/aaptel/cifs-utils/blob/master/cifs.upcall.c#L260 > > > > > > i also want to get MSSQL ODBC driver to use the ticket as well... > > > > > > _______________________________________________ > > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > > To unsubscribe send an email to > sssd-users-le...@lists.fedorahosted.org > > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > > > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure >
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
