Keytab-based initiator creds design
Russ Allbery
rra at stanford.edu
Thu Jun 7 18:55:45 EDT 2012
Dmitri Pal <dpal at redhat.com> writes:
> We have SSSD for users and will have GSS proxy for automatic ticket
> renewal so this is not a problem in a long run.
No, you'll still have to deal with renewal on the remote system because
the entire world is not running UNIX on the local client. :)
Reforwarding tickets from the local host will only work if the local host
has that capability, and renewal has a limited lifetime.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list