Sounds like the same issue I had, i created a bugzilla ticket for it:
https://bugzilla.redhat.com/show_bug.cgi?id=1712875
It hasnt been confirmed as a bug yet though, but it sure feels like it.
For us KCM does not bring anything extra to the table as it does not manage ticket
renewals yet, so we switched back to kernel keyring for kerberos tickets.
________________________________________
From: James Ralston [ralston(a)pobox.com]
Sent: 03 June 2019 23:06
To: End-user discussions about the System Security Services Daemon
Subject: [SSSD-users] KCM credential forwarding behavior broken?
I filed this issue a week or so ago:
https://pagure.io/SSSD/sssd/issue/4017
In essence, it would seem that if KCM already has credentials in the
cache, then KCM will never discard those credentials in favor of new
credentials being forwarded via sshd, even if the credentials in the
cache are expired.
This is a showstopper bug for using KCM in any type of enterprise
environment, where remote connections are frequent.
Have I misunderstood what is actually happening? Or am I correct in
that this a bug with KCM?
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...