On 12/12/2016 04:53 AM, Vít Ondruch wrote: > So several questions: > > 1) When I have 2 domains I login to with kerberos, how to really make it > work. I don't want to kswitch all the time. I am using Kerberos to > authenticate my email client, so I want to keep it working all the time. > There are patches still coming that will switch the fedora packaging tools to use GSSAPI rather than Kerberos directly, which will handle auto-selecting the right TGT. I'm not sure what the status is on this, but Patrick Uiterwijk (CCed) was looking into it. > 2) I needed to update a certificate every 6 months, now I need to kinit > every day. This is regression. How to make it work without kinit at all. > I am using SSSD for company kerberos and I don't need to kinit at all, > how to make this work for Fedora? > If you're using GNOME, it will be possible to have it save your TGT password in GNOME Keyring and use GNOME Online Accounts to sign you in automatically when you log into your main account. However, there is currently a bug in it: https://bugzilla.redhat.com/show_bug.cgi?id=1401605 I'm running with the patch proposed in that ticket and it has fixed the issue for me, so I know it works. Another (not recommended) option would be to put: echo "<password>" | kinit username@xxxxxxxxxxxxxxxxx somewhere into your session-start scripts (but of course, this would require your password in plaintext somewhere).
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
