SSSD and Kerberos tickets

Christoph Höger choeger at
Tue Aug 17 19:25:58 UTC 2010

Hash: SHA1

Am 17.08.2010 15:45, schrieb Stephen Gallagher:
> On 08/17/2010 04:51 AM, Christoph Höger wrote:
>> Hi all,
>> I'd like to get a kerberos ticket everytime I login to my f13 box, and
>> run aklog afterwards automagically. The second part can be handled with
>> kstart, but how do I get the first part with the new authconfig/sssd
>> tools done? To make things a little bit more difficult: I have a local
>> username that's different from my kerberos user name.
>> Any ideas?
>> Christoph
> The easiest way is to not use a separate local username. With SSSD, it
> can cache the credentials so you can still log on with your kerberos
> password when you're not connected to the network.
> So if you set up your user account to log in with SSSD's kerberos, it
> will automatically get you a TGT during login (or, if you log in
> offline, it can be configured to automatically get the TGT once you go
> online, such as connecting to a VPN).
> Of course, the catch here is that your kerberos user needs to be linked
> to a user account on a centrally-managed database, ideally LDAP.

Ok, since my university does not give me any infos about that LDAP (and
I do not want to rely on their IT for logging in locally), is there no
other solution to simply run kstart from pam and querying for the ticket
password at startup with sssd?
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora -


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : 

More information about the users mailing list