Dne 12.12.2016 v 16:02 Stephen Gallagher napsal(a): > On 12/12/2016 04:53 AM, Vít Ondruch wrote: >> So several questions: >> >> 1) When I have 2 domains I login to with kerberos, how to really make it >> work. I don't want to kswitch all the time. I am using Kerberos to >> authenticate my email client, so I want to keep it working all the time. >> > There are patches still coming that will switch the fedora packaging tools to > use GSSAPI rather than Kerberos directly, which will handle auto-selecting the > right TGT. I'm not sure what the status is on this, but Patrick Uiterwijk (CCed) > was looking into it. I am probably missing something, but if I am not mistaken, the primary ticket depends on order of my kinit calls and I am using several apps which needs kerberos authentication, so I can hardly see how fedora packaging tools changes can solve the major issue, i.e. if I do kinit vondruch@xxxxxxxxxxxxxxxxx, this ticket becomes the primary ... > > >> 2) I needed to update a certificate every 6 months, now I need to kinit >> every day. This is regression. How to make it work without kinit at all. >> I am using SSSD for company kerberos and I don't need to kinit at all, >> how to make this work for Fedora? >> > If you're using GNOME, it will be possible to have it save your TGT password in > GNOME Keyring and use GNOME Online Accounts to sign you in automatically when > you log into your main account. However, there is currently a bug in it: > https://bugzilla.redhat.com/show_bug.cgi?id=1401605 Tried that, hit the bug ... And it seems to be stuck for one week already ... > > I'm running with the patch proposed in that ticket and it has fixed the issue > for me, so I know it works. > > > Another (not recommended) option would be to put: > > echo "<password>" | kinit username@xxxxxxxxxxxxxxxxx > > somewhere into your session-start scripts (but of course, this would require > your password in plaintext somewhere). heh :) V.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
