I am aware that sssd by design issues an invalid tgt upon login when it is operating in
offline mode. The tgt has a expire date of the epoch. There is a configuration option for
storing the login passwd within sssd to enable it to issue a correct ticket once it enters
online mode again.
Now, we are using yubikey-based PKINIT as our login and cannot use this configuration
option. The problematic scenario runs like this:
- Notebook is offline.
- user logs in with yubikey
- user starts a user program that establishes a vpn connection
This results in a tgt expired at epoch.
Two questions:
1. Is there a way to avoid this behaviour?
2. Is issuing a kinit after setting up the vpn connection to obtain a valid tgt a valid
workaround?
Thanks in advance