[15218] in athena10

home help back first fref pref prev next nref lref last post

Re: [Debathena] #1592: Integrate with the new sssd KCM

daemon@ATHENA.MIT.EDU (Debathena Trac)
Sun Nov 19 02:11:06 2017

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: "Debathena Trac" <debathena@mit.edu>
Cc: debathena@mit.edu
To: slz@mit.edu
Date: Sun, 19 Nov 2017 07:10:17 -0000
Reply-To: 
Message-ID: <054.fbd878d9c7c566b3799594be935dbbf9@mit.edu>
In-Reply-To: <039.275779cf3b023334da0daca942f16b72@mit.edu>
Content-Transfer-Encoding: 8bit

#1592: Integrate with the new sssd KCM
----------------------------+---------------------------------------
    Reporter:  slz          |             Owner:
        Type:  enhancement  |            Status:  new
    Priority:  normal       |         Milestone:  The Distant Future
   Component:  --           |        Resolution:
    Keywords:               |  Fixed in version:
Upstream bug:               |
----------------------------+---------------------------------------
Description changed by slz:

Old description:

> In Fedora 27, Kerberos now defaults to using sssd's new KCM as its
> default credentials cache. See the Fedora wiki page:
> https://fedoraproject.org/wiki/Changes/KerberosKCMCache
>
> If this feature of sssd lands in Ubuntu, we should have a config package
> that can be installed to switch the default krb5 cache to the sssd KCM.
> Among other things, sssd will automatically renew tickets, partially
> reducing the need for cont-renew-notify.

New description:

 In Fedora 27, Kerberos now defaults to using sssd's new KCM as its default
 credentials cache. See the Fedora wiki page:
 https://fedoraproject.org/wiki/Changes/KerberosKCMCache
 as well as the sssd documentation for the KCM implentation:
 https://docs.pagure.org/SSSD.sssd/design_pages/kcm.html

 If this feature of sssd lands in Ubuntu, we should have a config package
 that can be installed to switch the default krb5 cache to the sssd KCM.
 This brings a feature (userspace active management of Kerberos tickets
 cache, with possible namespace isolation) that has long existed on macOS
 to Debathena. Among other things, sssd will automatically renew tickets,
 partially reducing the need for cont-renew-notify.

--

-- 
Ticket URL: <http://athena10.mit.edu/trac/ticket/1592#comment:1>
Debathena <http://debathena.mit.edu>
MIT Debathena Project
home help back first fref pref prev next nref lref last post