Hi, Thanks for clarification - so SSSD keeps a database of user principals - if only rpc.gssd did the same :( One more question - can SSSD communicate with krb5-auth-dialog (possibly via DBUS) and let it know when is the ticket no longer renewable so user action (i.e. enter password to krb5-auth-dialog GUI) is required? I assume it can not now - but possibly a nice feature for further releases, what do you think? Thanks, Ondrej -----Original Message----- From: sssd-users-bounces(a)lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Sumit Bose Sent: 22 October 2015 11:13 To: End-user discussions about the System Security Services Daemon <sssd-users(a)lists.fedorahosted.org&gt; Subject: Re: [SSSD-users] SSSD & Kerberos renewal On Thu, Oct 22, 2015 at 08:52:13AM +0000, Ondrej Valousek wrote: yes, this is expected because kinit gets the ticket on its own without talking to SSSD and hence SSSD will not know where kinit will store the tickets. Instead of calling kinit you can call 'su - Ondrej' for a second time now as user Ondrej. This will run the full PAM stack including authentication and as a result you should have a valid ticket in a credential cache SSSD knows about and can renew. HTH bye, Sumit _______________________________________________ sssd-users mailing list sssd-users(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users ----- The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.

Wow! Awesome. Only disadvantage is that it probably won't find its way into RHEL 7. Still a way behind Windows ;( -----Original Message----- From: sssd-users-bounces(a)lists.fedorahosted.org [mailto:sssd-users-bounces@lists.fedorahosted.org] On Behalf Of Jakub Hrozek Sent: 05 November 2015 13:55 To: sssd-users(a)lists.fedorahosted.org Subject: Re: [SSSD-users] SSSD & Kerberos renewal On Thu, Nov 05, 2015 at 12:46:25PM +0000, Ondrej Valousek wrote: It's a work-in-progress: https://wiki.gnome.org/Design/Whiteboards/EnterpriseLogin#Tentative_Design Alexander Bokovoy is mostly working on this feature from our team... _______________________________________________ sssd-users mailing list sssd-users(a)lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-users ----- The information contained in this e-mail and in any attachments is confidential and is designated solely for the attention of the intended recipient(s). If you are not an intended recipient, you must not use, disclose, copy, distribute or retain this e-mail or any part thereof. If you have received this e-mail in error, please notify the sender by return e-mail and delete all copies of this e-mail from your computer system(s). Please direct any additional queries to: communications(a)s3group.com. Thank You. Silicon and Software Systems Limited (S3 Group). Registered in Ireland no. 378073. Registered Office: South County Business Park, Leopardstown, Dublin 18.