Hi folks,
I've got a few colleagues running Debian 10 or 11 on a laptop. Their account
is managed by FreeIPA in the office. On first-time login their laptop is
wired to the office lan.
When they are in home office they have a VPN connection (IPsec, wireguard
or openvpn) to the office, but since both wlan and VPN are usually activated
by Network Manager *after* login time I wonder what needs to be done to
update the login information cached by sssd, esp if the user has changed his
login password in the FreeIPA web interface?
By now I tried
kinit username
sss_cache -E
service restart sssd
This did not help. kinit accepts the new password, of course, but it doesn't
update the cache, nor do the others.
Important point is that the user doesn't lose his cached entry, anyway.
Coming to the office just to register his new password is not an optiom.
Every helpful hint is highly appreciated
Harri