Hello again, my offline authentication works, however, if I reboot while offline it no longer works and the cached password is removed from the cache db. I mean that ldbsearch no longer reveals a cached password for my user.
--I use the passwd file as the ID provider and krb5 as the auth provider.[pam]offline_credential_expiration = 0[domain/EXAMPLE.COM]cache_credentials=trueid_provider=filesauth_provider=krb5krb5_server=srva.example.com#krb5_kpasswd=srva.example.comkrb5_realm=EXAMPLE.COMdns_discovery_domain=EXAMPLE.COMNot sure why the cached entry for my user is removed from /var/lib/sss/db/cache_EXAMPLE.COM.ldbI've been fighting with this for a while so any help would be appreciated.Thank youOn Sun, Sep 17, 2023, 12:01 PM Techie <techchavez@gmail.com> wrote:HiTrying to use cached creds with local users in the passwd file authenticating via kerberos.I have id_provider set to files and auth_provider set to krb5(AD DC). Online authentication works fine however when I disconnect the network authentication fails. The computer is not joined to a domain, I am only leveraging the domain/realm for authentication purposesRelevant entries[pam]offline_credentials_expiration = 7[domain]cache_credentials=trueaccount_cache_expiration=8id_provider=filesauth_provider=krb5krb5_server=srva.example.comkrb5_kpasswd=srva.example.comkrb5_realm=EXAMPLE.COMdns_discovery_domain=EXAMPLE.COMkrb5_store_password_if_offline=trueIs this a supported configuration for offline logins with cached credentials?Thanks
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue