[Freeipa-users] SSSD Cache and Service Tickets
Ronald Wimmer
ronaldw at ronzo.at
Mon May 15 13:54:22 UTC 2017
Hi,
I am confronted with a behaviour for which I do not have an explanation for.
I am using NFS4 Kerberos automounted homeshares and and recently I got a
permission denied (reproducible when I restart autofs on the server I
want to connect to) from the Windows Domain. So here's what I tried:
1) Connected via PuTTY from a Windows Machine in the windows domain
Kerberos-based login works but I get a "Permission Denied" on my
home directory; klist shows no tickets
2) I try to connect form a Linux machine belonging to the IPA domain
Kerberos-based login works, I can also access my home directory;
klist shows nfs/ipanfs.ipadomain.at at IPADOMAIN.AT and the krbtgt for
the windows domain
3) Now - of course - using the homeshares works from both domains
windows and ipa
4) When I do a kdestroy on the machine, using the homeshare when logged
in from windows still works -
My question is WHY? Does SSSD cache the NFS ticket?
(and why don't I get an nfs ticket when coming from the windows
domain?)
Regards
Ronald
More information about the Freeipa-users
mailing list