On Thu, Jul 7, 2022 at 6:21 AM Alexey Tikhonov <atikh...@redhat.com> wrote:
> On Thu, Jul 7, 2022 at 12:14 PM Fisher, Philip <phil.fis...@dxc.com> wrote: > > > In particular, if the provider is offline/not available (in this > > case an AD server/servers) then login should fail. > > Sounds like `cache_credentials = false`? (see `man sssd.conf`) Moreover, `cache_credentials = false` is the default, so unless this is overridden, attempts to login will fail if the AD KDCs are not available. We can confirm that this is the case: we don’t override cache_credentials, and if something breaks network connectivity for a host, we can only login on the console with an account with a local password (e.g. root); attempting to login with an account that requires AD/Kerberos authentication fails. _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure