On 27 Dec 2015, at 19:50, Peter Tulpen <ptulpen(a)emailn.de>
wrote:
Sorry for the late response, the mail was stuck in the moderation queue during the
Christmas break.
Hello,
Since we were forced to use Kerberos on our isilon nfsshare, we see several issues and
have several use cases, which might all becovered by sssd, but this is toconfusing for me
to cope
What I already understood is, that I have to forget aboutpublic/private key, because of
this issue:
https://fedorahosted.org/freeipa/ticket/4000
Also we have the home directories on the kerberized server,so we get an infinite loop
I'm not sure I understand, is the homedir mounted before the user authenticates?
The 3 use cases:
- Login in linux directly with username andpassword (ticket creation needed) and
login to other servers via sshpassswordless with this ticket (this works already)
- Login into windows with a smartcard (withgetting a valid TGT) and loggin into
the servers via putty (or somethingsimilar). Also from here, logon to other servers (works
only when there isalready a ticket)
- Services with a default user, which tickets getrefreshed infinitely (I think I
have to use keytabs, but the refreshing doesnot work)
So can I achieve, that in every case sssd refreshes the tickets. Or do I have to combine
sssd with something like krenew?
Please take a look at options like krb5_renew_interval, do these help?
Do I have to switch Kerberos on or of in the ssh config (Ifind
different opinions about that online)
I attached the ssh krb and sssd configs
Best regards ,
Peter
Versendet mit Emailn.de - Freemail
* Unbegrenzt Speicherplatz
* Eigenes Online-Büro
* 24h besten Mailempfang
* Spamschutz, Adressbuch
_______________________________________________
sssd-users mailing list
sssd-users(a)lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-users@lists.fedorahosted.org