Sumit Bose via FreeIPA-users wrote: > On Thu, Sep 17, 2020 at 10:14:37AM +0200, Ronald Wimmer via > FreeIPA-users wrote: >> On 14.09.20 09:07, Ronald Wimmer via FreeIPA-users wrote: >>> I have a script that runs periodically as a CRON job. The user is an >>> IPA user. Everything works perfectly for a while and at some point in >>> time I am getting log entries like: >>> >>> Sep 14 08:56:02 myServer CROND[24516]: (CRON) ERROR chdir failed >>> (/home/mydomain.at/myADUser): Permission denied >>> >>> After logging in manually with that particular user everything works >>> again... >>> >>> What could be the issue here? >> >> It looks like Kerberos ticket expiration. What would be the best way >> to automatically renew it? Do a kinit -R over crond? > > Hi, > > SSSD can renew Kerberos tickets it has requested, see > krb5_renew_interval in man sssd-krb5 for details. > > Please note that the KDC assigns a maximal renewal time to the original > TGT, if this time is passed the ticket cannot be renewed anymore but a > fresh one has to be requested.
Or use a keytab instead. A keytab along with KRB5_CLIENT_KTNAME ensures you don't need to worry about kinit, expiration, etc. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
