Hello,
Since we were forced to use Kerberos on our isilon nfsshare, we see several issues and have several use cases, which might all becovered by sssd,  but this is toconfusing for me to cope
What I already understood is, that I have to forget aboutpublic/private key, because of this issue: https://fedorahosted.org/freeipa/ticket/4000
Also we have the home directories on the kerberized server,so we get an infinite loop
The 3 use cases:
-         Login in linux directly with username andpassword (ticket creation needed) and login to other servers via sshpassswordless with this ticket (this works already)
-         Login into windows with a smartcard (withgetting a valid TGT) and loggin into the servers via putty (or somethingsimilar). Also from here, logon to other servers (works only when there isalready a ticket)
-         Services with a default user, which tickets getrefreshed infinitely (I think I have to use keytabs, but the refreshing doesnot work)
 
So can I achieve, that in every case sssd refreshes the tickets. Or do I have to combine sssd with something like krenew?
Do I have to switch Kerberos on or of in the ssh config (Ifind different opinions about that online)
I attached the ssh krb and sssd configs
Best regards ,
Peter




Versendet mit Emailn.de - Freemail

* Unbegrenzt Speicherplatz
* Eigenes Online-Büro
* 24h besten Mailempfang
* Spamschutz, Adressbuch