On Wed, 2015-04-15 at 11:18 +0200, Jakub Hrozek wrote:
On Wed, Apr 15, 2015 at 10:40:48AM +0200, Ola Nystrom wrote:
> Ok, so I have to really remove all files. Not just use sss_cache as I do
> when I am lazy.
> It works now.
> [root@galaxy ~]# rm -f /var/lib/sss/mc/*
> [root@galaxy ~]# rm -f /var/lib/sss/db/*
> Then sssd use the config.
> sss_cache -E did not do the trick.
Yes, sss_cache doesn't remove any entries, just invalidates existing
entries so that they are available should you go offline.
> Question now is, if kerberos supports KEYRING and sssd supports KEYRING why
> does it not work with when sssd saved my ticket to the KEYRING on CentOS6.6
I'm not sure if the 6.6 support for KEYRING, especially on the kernel
side and maybe on the libkrb5 side as well is complete. We only tested
the feature on 7.0 and newer.
6.6 does support the KEYRING ccache type, but it is not a Cache
Collection enabled type. Most importantly there is no user keyring
available in that kernel so the keyring is tied to the session creating
it. Basically as soon as it is created it will get orpahned and visible
only to SSSD.
Please do not use the KEYRING type with Centos/RHEL 6 it wont work the
way you expect.
Simo Sorce * Red Hat, Inc * New York