Is the NFS kerberized? We are seeing a similar issue but on Ubuntu bionic with sssd
1.16.1 (we suspect similar behavior as far back as 1.12.5 on Ubuntu trusty). When the
Kerberos ticket expires, nfs access is denied. Unable to determine why sssd is not
renewing the ticket. In our case, the ticket is obtained by ssh. If you use kinit, then
sssd won't renew it (because it doesn't know about it). The logs for our
situation have lots of data that I cannot adequately scrub to sent offsite for help.
-----Original Message-----
From: Peter Tulpen <ptulpen(a)emailn.de>
Sent: Friday, August 16, 2019 1:15 AM
To: End-user discussions about the System Security Services Daemon
<sssd-users(a)lists.fedorahosted.org>
Subject: [SSSD-users] Re: issues with renewal of service tickets
EXTERNAL MAIL: sssd-users-bounces(a)lists.fedorahosted.org
The application is a self written python script, but the access is via nfs so I think the
application responsible for this should be the nfsclient
--- Ursprüngliche Nachricht ---
Von: Sumit Bose <sbose(a)redhat.com>
Datum: 15.08.2019 17:26:05
An: sssd-users(a)lists.fedorahosted.org
Betreff: [SSSD-users] Re: issues with renewal of service tickets
On Thu, Aug 15, 2019 at 03:27:27PM +0200, Peter Tulpen wrote:
> Hello,
> we have some issues with long running batch jobs on centos machines
(centos 7,
> sssd 1.16.2 ).
> After the 10 hours the service ticket runs out, we have a access denied
error,
> but the next requests work.
> We broke it down to the issue that the service ticket is not renewed
ahead of
> expiration.
Hi,
what kind of service/application is this? If I understand it correctly
as long as there is a valid TGT the application should just ask for a
new service ticket.
bye,
Sumit
> What I found was options like krb5_renewable_lifetime and krb5_renew_interval,
> but they all seem to refer to TGT, not the service ticket.
> Is there a way to watch and renew service tickets as well?
>
>
> ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
>
> Versendet mit Emailn.de - Freemail
>
> * Unbegrenzt Speicherplatz
> * Eigenes Online-Büro
> * 24h besten Mailempfang
> * Spamschutz, Adressbuch
>
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...