Hi everyone In a small business solution, I'd like to setup a road warrior solution like so: Step #1: User logs in to their ubuntu laptop. SSSD is configured to authenticate the user against LDAP but is not yet connected to the VPN. Works with cached credentials. Password cache is set to 10 days. Step #2: User starts VPN client and they then have access to company resources such as LDAP. Works. Step #3: SSSD updates the cached password as soon as LDAP is available. Cache timeout shall reset to the full 10 days once the user (and their laptop) is on the VPN.
With this setup, it should be enforced that the user needs to login to the VPN at least every 10 days. I've got a problem with step #3: How can I force SSSD to renew the cached password of the user as soon as the LDAP server becomes available? (As mentioned, the VPN connection is activated *after* the user logs in.) Thanks for every hint or stories war stories on how to treat workstations with temporary connection to the auth backend. Client OS: Ubuntu 20.04 (soon 22.04) sssd: 2.4.1 _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
