Ticket #1592 (new enhancement) — at Version 1
Integrate with the new sssd KCM
Reported by: | slz | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | The Distant Future |
Component: | -- | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description (last modified by slz) (diff)
In Fedora 27, Kerberos now defaults to using sssd's new KCM as its default credentials cache. See the Fedora wiki page: https://fedoraproject.org/wiki/Changes/KerberosKCMCache
as well as the sssd documentation for the KCM implentation:
https://docs.pagure.org/SSSD.sssd/design_pages/kcm.html
If this feature of sssd lands in Ubuntu, we should have a config package that can be installed to switch the default krb5 cache to the sssd KCM. This brings a feature (userspace active management of Kerberos tickets cache, with possible namespace isolation) that has long existed on macOS to Debathena. Among other things, sssd will automatically renew tickets, partially reducing the need for cont-renew-notify.