A common use case is when a user logs in while offline, then goes online (e.g., after establishing a VPN connection) and then tries to access IPA hosts/services. This fails currently because no Kerberos ticket is available after an offline login. It would be nice if ipa-client-install would configure (at least optionally) SSSD to store password if offline (i.e., set krb5_store_password_if_offline in sssd.conf for the domain).
Metadata Update from @rcritten:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 2.1 - 2011/07
to comment on this ticket.