Sure thing. I’ve completely reconfigured the krb stack with sshd/sssd/pcscd optimizations for AD bound systems.
Because long ago with the death of PAGs (process authentication groups), and the dawn of user systemd, there’s no day to day technical need for a user to have unique credential caches for each logged in method/session to the same realm and same user account. I’ve consolidated this down to one krb ccache in /run/user/uid/krb5cc which is now managed and renewed by user systemd and user services. Benefits here are krb creds don’t live on disk storage, and destroyed with the user slice. My dream would be to get this built into the stock/upstream. It may take me some time, but I will document it here and share for those looking at improving network credentials (with PKINIT support), making it usable and efficient at login (Fast logins) improving the user experience. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2072581 Title: sssd 2.9.4-1 fails to populate krb creds when set to FILE:/run/user/uid/krb5cc To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/2072581/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
