URL:
https://github.com/SSSD/sssd/pull/5450
Author: justin-stephenson
Title: #5450: kcm: add support for kerberos tgt renewals
Action: opened
PR body:
"""
This allows configuration of KCM to attempt renewals for renew-applicable kerberos tickets
stored in kcm, such as a TGT retrieved with `kinit` on the command-line.
krb5* renewal and lifetime options are configurable in the [kcm] section, if they do not
exist in the [kcm] section then we check and fallback to using the first
`auth_provider=krb5` domain in sssd.conf.
This support is only added to the secdb ccache backend. The overall high-level logic used
here is similar to the existing pam_sss krb5 renewal code, adding necessary changes to
unmarshal and retrieve ticket information from KCM secrets db.
Renewal is only attempted after half of the tgt lifetime has been reached.
"""
To pull the PR as Git branch:
git remote add ghsssd
https://github.com/SSSD/sssd
git fetch ghsssd pull/5450/head:pr5450
git checkout pr5450