LDAP/SASL/GSSAPI
Trever L. Adams
trever.adams at gmail.com
Mon Feb 14 16:20:42 UTC 2011
On 02/10/2011 11:45 AM, Stephen Gallagher wrote:
>
> There's really no such thing as a non-expiring ticket. You always need
> to re-authenticate periodically to get a new ticket. Many deployments
> allow tickets to be "renewable", however. This means you can use your
> existing TGT to authenticate to get the new ticket (during the renewal
> period).
>
> If you are using SSSD 1.5 or later to authenticate users through
> Kerberos, there is a built-in functionality to enable auto-renewal of
> kerberos tickets.
>
> See the options krb5_renewable_lifetime and krb5_renew_interval in
> sssd-krb5(5) (man sssd-krb5)
Thank you. I am using Samba 4. The problem seems to be that I cannot
kinit -k -t /etc/dovecot/krb5.keytab smtp/fqdn_host at REALM. I have the
keytab. IT has that entry. I get kinit: Client 'smtp/fqdn_host at REALM'
not found in Kerberos database while getting initial credentials.
If I could figure this out, I think I would have my entire problem fixed.
Thank you for responding.
Trever
--
"...very few phenomena can pull someone out of Deep Hack Mode, with two
noted exceptions: being struck by lightning, or worse, your *computer*
being struck by lightning." -- Matt Welsh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20110214/3678efe9/attachment.bin
More information about the users
mailing list