[15219] in athena10

home help back first fref pref prev next nref lref last post

Re: [Debathena] #1592: Integrate with the new sssd KCM

daemon@ATHENA.MIT.EDU (Debathena Trac)
Sun Nov 19 02:31:40 2017

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: "Debathena Trac" <debathena@mit.edu>
Cc: debathena@mit.edu
To: slz@mit.edu
Date: Sun, 19 Nov 2017 07:31:25 -0000
Reply-To: 
Message-ID: <054.4775e976e94810e279482419985a47e8@mit.edu>
In-Reply-To: <039.275779cf3b023334da0daca942f16b72@mit.edu>
Content-Transfer-Encoding: 8bit

#1592: Integrate with the new sssd KCM
----------------------------+---------------------------------------
    Reporter:  slz          |             Owner:
        Type:  enhancement  |            Status:  new
    Priority:  normal       |         Milestone:  The Distant Future
   Component:  --           |        Resolution:
    Keywords:               |  Fixed in version:
Upstream bug:               |
----------------------------+---------------------------------------
Description changed by slz:

Old description:

> In Fedora 27, Kerberos now defaults to using sssd's new KCM as its
> default credentials cache. See the Fedora wiki page:
> https://fedoraproject.org/wiki/Changes/KerberosKCMCache
> as well as the sssd documentation for the KCM implentation:
> https://docs.pagure.org/SSSD.sssd/design_pages/kcm.html
>
> If this feature of sssd lands in Ubuntu, we should have a config package
> that can be installed to switch the default krb5 cache to the sssd KCM.
> This brings a feature (userspace active management of Kerberos tickets
> cache, with possible namespace isolation) that has long existed on macOS
> to Debathena. Among other things, sssd will automatically renew tickets,
> partially reducing the need for cont-renew-notify.

New description:

 In Fedora 27, Kerberos now defaults to using sssd's new KCM as its default
 credentials cache. See the Fedora wiki page:
 https://fedoraproject.org/wiki/Changes/KerberosKCMCache
 as well as the sssd documentation for the KCM implentation:
 https://docs.pagure.org/SSSD.sssd/design_pages/kcm.html

 If this feature of sssd lands in Ubuntu, we should have a config package
 that can be installed to switch the default krb5 cache to the sssd KCM.
 This brings a feature (userspace active management of Kerberos tickets
 cache, with possible namespace isolation) that has long existed on macOS
 to Debathena.

--

-- 
Ticket URL: <http://athena10.mit.edu/trac/ticket/1592#comment:2>
Debathena <http://debathena.mit.edu>
MIT Debathena Project
home help back first fref pref prev next nref lref last post