I can understand the first unlock from waking up from sleep.  For the second, bump your debug_level in sssd.conf up to 7 and then check to see if you have any "Got request" lines in /var/log/sssd/sssd_domain.log for the second login attempt from the lock screen.  You should be able to see if it is using cached creds or actively trying to parse the domain server.

Can you paste your sssd.conf also?

Sequence:

login into MATE or Plasma
suspend to ram
wait until krbtgt expires
wakeup computer
unlock screen
klist will show the old expired ticket.

lock/unlock screen again(well after networking is up)
klist still shows the old ticket.

No SSO/NFS possible until manually doing a kinit to get a fresh ticket

Anyone else see this?

 Jocke 
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org