I have tried to set KRB5CCNAME to something predicable, both in sssd.conf(krb5_ccname_template = FILE:/tmp/krb5cc_:%U) and krb5.conf(default_ccache_name = FILE:/tmp/krb5cc_%{uid})
but what ever I do KRB5CCNAME reads: KRB5CCNAME=FILE:/tmp/krb5cc_<UID>_ryxWRPDHZD
Is the name hardcoded nowadays(in sssd 1.15.2)?
Jocke
On Wed, Mar 29, 2017 at 01:48:07PM +0000, Joakim Tjernlund wrote:
I have tried to set KRB5CCNAME to something predicable, both in sssd.conf(krb5_ccname_template = FILE:/tmp/krb5cc_:%U) and krb5.conf(default_ccache_name = FILE:/tmp/krb5cc_%{uid})
but what ever I do KRB5CCNAME reads: KRB5CCNAME=FILE:/tmp/krb5cc_<UID>_ryxWRPDHZD
Is the name hardcoded nowadays(in sssd 1.15.2)?
no, using krb5_ccname_template should just work.
Please note that SSSD tries to reuse an existing and active ccache. This means that as long as a process of the user is running SSSD will use the existing ccache and will also set KRB5CCNAME to the existing one for new logins.
HTH
bye, Sumit
Jocke _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On Wed, 2017-03-29 at 16:10 +0200, Sumit Bose wrote:
On Wed, Mar 29, 2017 at 01:48:07PM +0000, Joakim Tjernlund wrote:
I have tried to set KRB5CCNAME to something predicable, both in sssd.conf(krb5_ccname_template = FILE:/tmp/krb5cc_:%U) and krb5.conf(default_ccache_name = FILE:/tmp/krb5cc_%{uid})
but what ever I do KRB5CCNAME reads: KRB5CCNAME=FILE:/tmp/krb5cc_<UID>_ryxWRPDHZD
Is the name hardcoded nowadays(in sssd 1.15.2)?
no, using krb5_ccname_template should just work.
Please note that SSSD tries to reuse an existing and active ccache. This means that as long as a process of the user is running SSSD will use the existing ccache and will also set KRB5CCNAME to the existing one for new logins.
Right, but stopping sssd, rm /var/lib/sss/db/* and rebooting does not help. Do I need to use any of sssd'd plugins in krb.conf? Currently I don't use any plugin
Jocke
On Wed, Mar 29, 2017 at 04:16:47PM +0000, Joakim Tjernlund wrote:
On Wed, 2017-03-29 at 16:10 +0200, Sumit Bose wrote:
On Wed, Mar 29, 2017 at 01:48:07PM +0000, Joakim Tjernlund wrote:
I have tried to set KRB5CCNAME to something predicable, both in sssd.conf(krb5_ccname_template = FILE:/tmp/krb5cc_:%U) and krb5.conf(default_ccache_name = FILE:/tmp/krb5cc_%{uid})
but what ever I do KRB5CCNAME reads: KRB5CCNAME=FILE:/tmp/krb5cc_<UID>_ryxWRPDHZD
Is the name hardcoded nowadays(in sssd 1.15.2)?
no, using krb5_ccname_template should just work.
Please note that SSSD tries to reuse an existing and active ccache. This means that as long as a process of the user is running SSSD will use the existing ccache and will also set KRB5CCNAME to the existing one for new logins.
Right, but stopping sssd, rm /var/lib/sss/db/* and rebooting does not help.
This should be more than sufficient.
Do I need to use any of sssd'd plugins in krb.conf? Currently I don't use any plugin
No, no plugins needed here, feel free to forward debug_level=10 logs to me which contain an authentication.
bye, Sumit
Jocke _______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
On Wed, 2017-03-29 at 18:41 +0200, Sumit Bose wrote:
On Wed, Mar 29, 2017 at 04:16:47PM +0000, Joakim Tjernlund wrote:
On Wed, 2017-03-29 at 16:10 +0200, Sumit Bose wrote:
On Wed, Mar 29, 2017 at 01:48:07PM +0000, Joakim Tjernlund wrote:
I have tried to set KRB5CCNAME to something predicable, both in sssd.conf(krb5_ccname_template = FILE:/tmp/krb5cc_:%U) and krb5.conf(default_ccache_name = FILE:/tmp/krb5cc_%{uid})
but what ever I do KRB5CCNAME reads: KRB5CCNAME=FILE:/tmp/krb5cc_<UID>_ryxWRPDHZD
Is the name hardcoded nowadays(in sssd 1.15.2)?
no, using krb5_ccname_template should just work.
Please note that SSSD tries to reuse an existing and active ccache. This means that as long as a process of the user is running SSSD will use the existing ccache and will also set KRB5CCNAME to the existing one for new logins.
Right, but stopping sssd, rm /var/lib/sss/db/* and rebooting does not help.
This should be more than sufficient.
Do I need to use any of sssd'd plugins in krb.conf? Currently I don't use any plugin
No, no plugins needed here, feel free to forward debug_level=10 logs to me which contain an authentication.
bye, Sumit
That is a rather large log .. The only thing I was able to find was: grep -i krb5cc * sssd_infinera.com.log:(Wed Mar 29 19:10:44 2017) [sssd[be[infinera.com]]] [dp_get_options] (0x0400): Option krb5_ccname_template has value FILE:/tmp/krb5cc_:%U sssd_infinera.com.log:(Wed Mar 29 19:10:44 2017) [sssd[be[infinera.com]]] [sss_check_cc_template] (0x0100): ccache file name template [FILE:/tmp/krb5cc_:%U] doesn't contain randomizing characters (XXXXXX), file might not be rewritable
Does it work for you ?
On Wed, 2017-03-29 at 19:21 +0200, Joakim Tjernlund wrote:
On Wed, 2017-03-29 at 18:41 +0200, Sumit Bose wrote:
On Wed, Mar 29, 2017 at 04:16:47PM +0000, Joakim Tjernlund wrote:
On Wed, 2017-03-29 at 16:10 +0200, Sumit Bose wrote:
On Wed, Mar 29, 2017 at 01:48:07PM +0000, Joakim Tjernlund wrote:
I have tried to set KRB5CCNAME to something predicable, both in sssd.conf(krb5_ccname_template = FILE:/tmp/krb5cc_:%U) and krb5.conf(default_ccache_name = FILE:/tmp/krb5cc_%{uid})
but what ever I do KRB5CCNAME reads: KRB5CCNAME=FILE:/tmp/krb5cc_<UID>_ryxWRPDHZD
Is the name hardcoded nowadays(in sssd 1.15.2)?
no, using krb5_ccname_template should just work.
Please note that SSSD tries to reuse an existing and active ccache. This means that as long as a process of the user is running SSSD will use the existing ccache and will also set KRB5CCNAME to the existing one for new logins.
Right, but stopping sssd, rm /var/lib/sss/db/* and rebooting does not help.
This should be more than sufficient.
Do I need to use any of sssd'd plugins in krb.conf? Currently I don't use any plugin
No, no plugins needed here, feel free to forward debug_level=10 logs to me which contain an authentication.
bye, Sumit
That is a rather large log .. The only thing I was able to find was: grep -i krb5cc * sssd_infinera.com.log:(Wed Mar 29 19:10:44 2017) [sssd[be[infinera.com]]] [dp_get_options] (0x0400): Option krb5_ccname_template has value FILE:/tmp/krb5cc_:%U sssd_infinera.com.log:(Wed Mar 29 19:10:44 2017) [sssd[be[infinera.com]]] [sss_check_cc_template] (0x0100): ccache file name template [FILE:/tmp/krb5cc_:%U] doesn't contain randomizing characters (XXXXXX), file might not be rewritable
Does it work for you ?
Ahh, I was testing using ssh to login and that did not set the new cache name but logging in on console/xdm did.
Jocke
sssd-users@lists.fedorahosted.org
-
Joakim Tjernlund -
Sumit Bose