SSSD and Kerberos tickets
Stephen Gallagher
sgallagh at redhat.com
Tue Aug 17 13:45:25 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/17/2010 04:51 AM, Christoph Höger wrote:
> Hi all,
>
> I'd like to get a kerberos ticket everytime I login to my f13 box, and
> run aklog afterwards automagically. The second part can be handled with
> kstart, but how do I get the first part with the new authconfig/sssd
> tools done? To make things a little bit more difficult: I have a local
> username that's different from my kerberos user name.
>
> Any ideas?
>
> Christoph
The easiest way is to not use a separate local username. With SSSD, it
can cache the credentials so you can still log on with your kerberos
password when you're not connected to the network.
So if you set up your user account to log in with SSSD's kerberos, it
will automatically get you a TGT during login (or, if you log in
offline, it can be configured to automatically get the TGT once you go
online, such as connecting to a VPN).
Of course, the catch here is that your kerberos user needs to be linked
to a user account on a centrally-managed database, ideally LDAP.
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkxqknUACgkQeiVVYja6o6OWjACfQJPWpoJO4AUsydY0Bs/D2ecg
Sm4AnjBjlqBHWk0qWl97UhpI3I+jz6Jm
=Li1F
-----END PGP SIGNATURE-----
More information about the users
mailing list