The Samba-Bugzilla – Attachment 2926 Details for
Bug 4945
Winbind does not refresh Kerberos Tickets
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Documentation patch more fully explaining the need for cached_login
cached_login_docs.patch (text/plain), 2.19 KB, created by
Rick King
on 2007-09-19 13:44:19 UTC
(
hide
)
Description:
Documentation patch more fully explaining the need for cached_login
Filename:
MIME Type:
Creator:
Rick King
Created:
2007-09-19 13:44:19 UTC
Size:
2.19 KB
patch
obsolete
>--- pam_winbind.7.orig 2007-09-19 14:18:36.000000000 -0400 >+++ pam_winbind.7 2007-09-19 14:38:31.000000000 -0400 >@@ -69,7 +69,7 @@ > krb5_auth > .RS 3n > pam_winbind can authenticate using Kerberos when winbindd is talking to an Active Directory domain controller. Kerberos authentication must be enabled with this parameter. When Kerberos authentication can not succeed (e.g. due to clock skew), winbindd will fallback to samlogon authentication over MSRPC. When this parameter is used in conjunction with >-\fIwinbind refresh tickets\fR, winbind will keep your Ticket Granting Ticket (TGT) uptodate by refreshing it whenever necessary. >+\fIwinbind refresh tickets\fR and \fIcached_login\fR, winbind will keep your Ticket Granting Ticket (TGT) uptodate by refreshing it whenever necessary. > .RE > .PP > krb5_ccache_type=[type] >@@ -82,9 +82,9 @@ > .PP > cached_login > .RS 3n >-Winbind allows to logon using cached credentials when >-\fIwinbind offline logon\fR >-is enabled. To use this feature from the PAM module this option must be set. >+When enabled, Winbind will cache the supplied logon credentials in an encrypted cache. This enables the use of the >+\fIwinbind offline logon\fR and \fIwinbind refresh tickets\fR >+features. > .RE > .PP > silent >--- smb.conf.5.orig 2007-09-19 14:18:44.000000000 -0400 >+++ smb.conf.5 2007-09-19 14:27:49.000000000 -0400 >@@ -7329,7 +7329,11 @@ > .RS 3n > This parameter is designed to control whether Winbind should allow to login with the > \fIpam_winbind\fR >-module using Cached Credentials. If enabled, winbindd will store user credentials from successful logins encrypted in a local cache. >+module using Cached Credentials. If enabled, winbindd will store user credentials from successful logins encrypted in a local cache. This option requires the >+\fB\fIcached_login\fR\fR >+option of >+\fIpam_winbind\fR >+to be enabled. > .sp > Default: > \fB\fIwinbind offline logon\fR = false \fR >@@ -7342,7 +7346,11 @@ > .RS 3n > This parameter is designed to control whether Winbind should refresh Kerberos Tickets retrieved using the > \fIpam_winbind\fR >-module. >+module. This option requires the \fB\fIcached_login\fR\fR >+option of >+\fIpam_winbind\fR >+to be enabled. >+ > .sp > Default: > \fB\fIwinbind refresh tickets\fR = false \fR
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=2926">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 4945
:
2918
| 2926