Provide a way to dynamically renew user tickets. It is a convenience utility and daemon. More details: http://www.freeipa.org/page/Automatic_Ticket_Renewal
milestone: NEEDS_TRIAGE => SSSD 1.1
milestone: SSSD 1.1 => SSSD 1.2
milestone: SSSD 1.2 => SSSD 1.3
Per discussion during an SSSD team status meeting, we propose the following solution:
On kinit, store the ticket expiration time in the LDB.
Create a new process (ticketmonger?). At startup, it will query the LDB for users with tickets not yet expired. It will create a tevent_timer event for halfway before ticket expiration (or immediately, if more than half the time has passed)
When this event fires, ticketmonger will spawn the kerberos child and perform a ticket renewal using their previous ticket, if the backend is online.
If the backend is not online when the event fires, we will queue it for action when the backend becomes online. At that time, the expiration time will be rechecked, in case it has passed in the meantime.
We will add an SBUS method call for ticketmonger to notify the running process that a new ticket should be monitored.
owner: sbose => sgallagh
owner: sgallagh => jhrozek
Lowering the priority since we need to scope this issue once more taking Eugene's patches into account.
priority: major => minor
has this been implemented in the meanwhile? As expired tickets will break mounted cifs homes, too.
No, we have not yet implemented this feature. It is currently scheduled for inclusion in SSSD 1.5.0, which at the time of this writing is targeted at January of 2011.
We are aware that this is a highly-anticipated feature.
owner: jhrozek => sbose
status: new => assigned
resolution: => fixed
status: assigned => closed
tests: 0 => 1
rhbz: => 0
Metadata Update from @sgallagh:
- Issue assigned to sbose
- Issue set to the milestone: SSSD 1.5.0
to comment on this ticket.
Copyright © 2014-2017 Red Hat
3.10.1 — Documentation