Ticket #1592 (new enhancement) — at Version 1

Opened 5 years ago

Last modified 5 years ago

Integrate with the new sssd KCM

Reported by: slz Owned by:
Priority: normal Milestone: The Distant Future
Component: -- Keywords:
Cc: Fixed in version:
Upstream bug:

Description (last modified by slz) (diff)

In Fedora 27, Kerberos now defaults to using sssd's new KCM as its default credentials cache. See the Fedora wiki page:  https://fedoraproject.org/wiki/Changes/KerberosKCMCache
as well as the sssd documentation for the KCM implentation:
 https://docs.pagure.org/SSSD.sssd/design_pages/kcm.html

If this feature of sssd lands in Ubuntu, we should have a config package that can be installed to switch the default krb5 cache to the sssd KCM. This brings a feature (userspace active management of Kerberos tickets cache, with possible namespace isolation) that has long existed on macOS to Debathena. Among other things, sssd will automatically renew tickets, partially reducing the need for cont-renew-notify.

Change History

comment:1 Changed 5 years ago by slz

  • Description modified (diff)
Note: See TracTickets for help on using tickets.