[Freeipa-users] Laptop user
Thomas Lau
tlau at tetrioncapital.com
Thu Nov 20 09:19:57 UTC 2014
What will happen if laptop haven't turn on for a long time and ticket
expired with cache and store password enabled? Does user unable to login
after expired?
On Thu, Nov 20, 2014 at 5:10 PM, Jakub Hrozek <jhrozek at redhat.com> wrote:
> On Thu, Nov 20, 2014 at 05:04:02PM +0800, Thomas Lau wrote:
> > Does anyone know what's the behavior look like if a mobile user (laptop)
> > being disconnected from Kerberos for too long even cache is enabled by
> > default in our environment?
>
> SSSD caches the user data and if cache_credentials is enabled, then also
> a salted password hash to enable offline logins.
>
> Your TGT will eventually expire, but that hardly matters since you're
> offline. When you reconnect to the network, you can either run kinit
> manually, or for better user experience enable
> krb5_store_password_if_offline
> to keep your password in the kernel keyring and let sssd kinit on your
> behalf when it detects you've gone online again.
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141120/5ef74324/attachment.htm>
More information about the Freeipa-users
mailing list