rheaalleen
New Member
I know renewals are possible without kcm but I was looking into it with a test client.
Configs:
krb5c.conf
sssd.conf
During the minute interval it shows
When its time do renew I would understand the logs that they are running the renew
Checking klist after that still shows the old and now invalid ticket.
I´ve checked the KCM socket, path for krb/kcm/ssd (if applicable) all poin towards /var/run/.heim_org.h5l.kcm-socket.
All services running without fault, installed new keytab to client, rebooted. sssctl shows online status
Other, maybe related log entries (not sure):
sssd_domain.home.log
sssd_nss.log
Configs:
krb5c.conf
Code:
[libdefaults]
default_realm = DOMAIN.HOME
dns_lookup_realm = false
rdns = false
dns_canonicalize_hostname = false
dns_lookup_kdc = true
ticket_lifetime = 10m
forwardable = true
udp_preference_limit = 0
default_ccache_name = KCM:%{uid}
kcm_socket = /var/run/.heim_org.h5l.kcm-socket
#krb5_renewable_lifetime = 10m
#krb5_renew_interval = 60s
sssd.conf
Code:
[kcm]
tgt_renewal = true
krb5_renew_interval = 1m
krb5_renewable_lifetime = 10m
debug_level = 10
During the minute interval it shows
Code:
[kcm_renew_all_tgts] (0x0400): Checking ccache [1098600003] for creds to renew
[kcm_creds_check_times] (0x2000): Time not applicable
When its time do renew I would understand the logs that they are running the renew
(2024-02-03 14:41:59): [kcm] [setup_client_idle_timer] (0x4000): Idle timer re-s - Pastebin.com
Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
pastebin.com
Checking klist after that still shows the old and now invalid ticket.
I´ve checked the KCM socket, path for krb/kcm/ssd (if applicable) all poin towards /var/run/.heim_org.h5l.kcm-socket.
All services running without fault, installed new keytab to client, rebooted. sssctl shows online status
Other, maybe related log entries (not sure):
sssd_domain.home.log
Code:
[sssd_async_socket_init_done] (0x0040): [RID#16] sdap_async_sys_connect request failed: [113]: No route to host.
sssd_nss.log
Code:
[nss] [cache_req_common_process_dp_reply] (0x3f7c0): [CID#3] CR #2: Could not get account info [1432158212]: SSSD is offline