If krb5_store_password_if_offline = true the plain text password is saved in the kernel keyring until the user connects to the home network or the system is shut down - which in the days of suspend/resume might mean days or even weeks. It should be possible to configure this storing period.
Idea from comments at https://lwn.net/Articles/457415/.
milestone: NEEDS_TRIAGE => SSSD Deferred
Now with the more strict keyring permissions in place the need for this is not that high any more:
priority: major => minor
type: defect => enhancement
version: 1.6.1 => master
rhbz: => 0
Metadata Update from @myllynen:
- Issue set to the milestone: SSSD Patches welcome
to comment on this ticket.
Copyright © 2014-2017 Red Hat
3.13.2 — Documentation