Hello,
Since we were forced to use Kerberos on our isilon nfs
share, we see several issues and have several use cases, which might all be
covered by sssd, but this is to
confusing for me to cope
What I already understood is, that I have to forget about
public/private key, because of this issue: https://fedorahosted.org/freeipa/ticket/4000
Also we have the home directories on the kerberized server,
so we get an infinite loop
The 3 use cases:
-
Login in linux directly with username and
password (ticket creation needed) and login to other servers via ssh
passswordless with this ticket (this works already)
-
Login into windows with a smartcard (with
getting a valid TGT) and loggin into the servers via putty (or something
similar). Also from here, logon to other servers (works only when there is
already a ticket)
-
Services with a default user, which tickets get
refreshed infinitely (I think I have to use keytabs, but the refreshing does
not work)
So can I achieve, that in every case sssd refreshes the tickets
. Or do I have to combine sssd with something like krenew?
Do I have to switch Kerberos on or of in the ssh config (I
find different opinions about that online)
I attached the ssh krb and sssd configs
Best regards and happy holidays,
Peter