On Nov 4, 2019, at 11:48 AM, Sumit Bose
<sbose@redhat.com<mailto:sbose@redhat.com>> wrote:
Is my assumption that one should be able to ssh to a server and have that server refresh
tickets (like on a workstation) a valid one? If so, where should I concentrate my
efforts to get this working?
Hi,
please have a look at the krb5_renew_interval option explained in the
sssd-krb5 man page.
To my knowledge, when SSSD renews tickets, it does so forever, even after the user has
logged out. It’s worth making sure people know about that, since it can create an
unexpected exposure.