You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The set_out_ccache method of doing things lets the library scribble information about the realm into the ccache in special "configuration" creds entries. Right now that's only used to track whether or not the KDCs for a given realm support FAST, but I'm guessing that it might contain more important stuff in later versions.
If the library was told to use an in-memory ccache, then all of the entries in the ccache could be copied over to the user's instead of just one containing the creds that the function returns. I'd been wanting to do something like that in pam_krb5 for a while -- it would also be able to cache the credentials used for verifying the TGT using that same ccache, and any that were obtained for AFS, which would simplify things in the cases when that function is available.
summary: Add a Kerberos provider option to set krb5_get_init_creds_opt_set_out_ccache => Modify krb5 child to use krb5_get_init_creds_opt_set_out_ccache when possible
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/1001
Nalin thinks it might be valuable down the road:
The set_out_ccache method of doing things lets the library scribble information about the realm into the ccache in special "configuration" creds entries. Right now that's only used to track whether or not the KDCs for a given realm support FAST, but I'm guessing that it might contain more important stuff in later versions.
If the library was told to use an in-memory ccache, then all of the entries in the ccache could be copied over to the user's instead of just one containing the creds that the function returns. I'd been wanting to do something like that in pam_krb5 for a while -- it would also be able to cache the credentials used for verifying the TGT using that same ccache, and any that were obtained for AFS, which would simplify things in the cases when that function is available.
Comments
Comment from dpal at 2011-09-22 15:26:02
Fields changed
milestone: NEEDS_TRIAGE => SSSD 1.8.0
priority: major => minor
Comment from dpal at 2011-12-10 17:46:58
Fields changed
type: defect => enhancement
Comment from dpal at 2012-01-05 15:35:18
Fields changed
blockedby: =>
blocking: =>
milestone: SSSD 1.8.0 => SSSD 1.9.0
Comment from dpal at 2012-01-05 15:40:59
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=740848
Comment from dpal at 2012-01-16 16:53:12
Fields changed
milestone: SSSD 1.9.0 => SSSD Kerberos improvements
Comment from dpal at 2012-02-10 23:44:15
Fields changed
rhbz: => 0
Comment from dpal at 2012-08-16 23:57:58
Fields changed
feature_milestone: =>
priority: minor => major
proposed_priority: => Core
type: enhancement => task
Comment from nalin at 2012-08-17 00:21:48
Fields changed
summary: Add a Kerberos provider option to set krb5_get_init_creds_opt_set_out_ccache => Modify krb5 child to use krb5_get_init_creds_opt_set_out_ccache when possible
Comment from nalin at 2012-08-17 00:30:44
Fields changed
cc: => nalin
Comment from dpal at 2012-09-04 23:20:13
Moving all the features planned for 1.10 release into 1.10 beta.
milestone: SSSD Kerberos Improvements Feature => SSSD 1.10 beta
Comment from dpal at 2012-09-04 23:46:01
Fields changed
priority: major => critical
Comment from dpal at 2012-12-20 21:51:17
Fields changed
design: =>
design_review: => 0
fedora_test_page: =>
selected: => Not need
Comment from dpal at 2013-01-02 15:32:08
Moving tickets that are not a priority for SSSD 1.10 into the next release.
milestone: SSSD 1.10 beta => SSSD 1.11 beta
Comment from dpal at 2013-07-30 10:17:02
Fields changed
changelog: =>
milestone: SSSD 1.12 beta => SSSD 1.13 beta
priority: critical => major
review: => 0
Comment from jhrozek at 2015-07-28 20:09:03
Fields changed
mark: => 0
priority: major => trivial
sensitive: => 0
Comment from jhrozek at 2016-01-07 13:52:31
I think we should defer this ticket, it wasn't required for 4 years.
Comment from jhrozek at 2016-01-18 21:58:01
Moving to deferred per comment #16.
milestone: SSSD 1.14 beta => SSSD Deferred
Comment from jhrozek at 2017-02-24 14:45:58
Metadata Update from @jhrozek:
Comment from pbrezina at 2020-03-24 14:22:05
Thank you for taking time to submit this request for SSSD. Unfortunately this issue was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfill this request I am closing the issue as wontfix.
If the issue still persist on recent SSSD you can request re-consideration of this decision by reopening this issue. Please provide additional technical details about its importance to you.
Thank you for understanding.
Comment from pbrezina at 2020-03-24 14:22:07
Metadata Update from @pbrezina:
The text was updated successfully, but these errors were encountered: