On Mon, Dec 12, 2016 at 10:03 AM Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote:
On 12/12/2016 04:53 AM, Vít Ondruch wrote:
> So several questions:
>
> 1) When I have 2 domains I login to with kerberos, how to really make it
> work. I don't want to kswitch all the time. I am using Kerberos to
> authenticate my email client, so I want to keep it working all the time.
>
There are patches still coming that will switch the fedora packaging tools to
use GSSAPI rather than Kerberos directly, which will handle auto-selecting the
right TGT. I'm not sure what the status is on this, but Patrick Uiterwijk (CCed)
was looking into it.
> 2) I needed to update a certificate every 6 months, now I need to kinit
> every day. This is regression. How to make it work without kinit at all.
> I am using SSSD for company kerberos and I don't need to kinit at all,
> how to make this work for Fedora?
>
If you're using GNOME, it will be possible to have it save your TGT password in
GNOME Keyring and use GNOME Online Accounts to sign you in automatically when
you log into your main account. However, there is currently a bug in it:
https://bugzilla.redhat.com/show_bug.cgi?id=1401605
I'm running with the patch proposed in that ticket and it has fixed the issue
for me, so I know it works.
Another (not recommended) option would be to put:
echo "<password>" | kinit username@xxxxxxxxxxxxxxxxx
Better yet, save your password in gnome-keyring:
keyring set login fedora
keyring set login fedora
And retrieve it for kinit:
keyring get login fedora | kinit username@xxxxxxxxxxxxxxxxx
(requires python-keyring and python-SecretStorage)
somewhere into your session-start scripts (but of course, this would require
your password in plaintext somewhere).
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
--
Christopher
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx