similar to: kerberos default_ccache_name with sssd

Just to show what i mean when i ssh into my vms, 2 vms save the cache in /tmp and the other 2 in /home. See what happens when i run the loop below: > for i in rocky8client rocky9client rocky9server rocky8server; do /usr/bin/sshpass -p password /usr/bin/ssh -l jdoe $i "hostname; klist"; done rocky8client.domain.net Ticket cache: FILE:/tmp/krb5cc_2000_WP04h8h0sa Default

I have not looked at Kerberos is years. But it looks like KRB5CCNAME comes from: https://github.com/openssh/openssh-portable/blob/master/gss-serv-krb5.c#L134-L197 But it depends on which version of Kerberos you have, and if you are also use PAM. Google for: heimdal kerberos cache name It looks like there is now a SSSD Kerberos Cache Manager rather then storing in individual file. On 6/11/2024

Thank you both for the replies and explanation! @douglas Can i set?KRB5CCNAME somewhere so that it uses /home? Where? But even if i could set the env variable i have this odd behavior: I now have 4 vms running. 2 are rocky8 and 2 are rocky9, with same settings and versions I stated on my first post. From the 4 vms, when I ssh into them, 2 of them set a cache file in the users home and the

On 6/6/2024 8:26 AM, Dave Macias wrote: > *I wanted to see if I could make the cache file user-specific, instead of > the default location (/tmp/krb5cc-blabla).* SSH is creating a separate ticket cache file for each login session and owned by the user. This has been the preferred way to do this for decades. https://kerberos.mit.narkive.com/YJB4Hshz/krb5ccname-and-sshd Your: "Ticket

https://bugzilla.mindrot.org/show_bug.cgi?id=3203 Bug ID: 3203 Summary: Could default_ccache_name from krb5.conf be used for GSSAPI connections? Product: Portable OpenSSH Version: 8.3p1 Hardware: ix86 OS: Linux Status: NEW Severity: enhancement Priority: P5

Hello Is it possible to take advantage of copy-on-write implemented in btrfs if all bricks are stored on it? If not is there any other mechanism (in glusterfs) which supports CoW? regards -- Maciej Ga?kiewicz Shelly Cloud Sp. z o. o., Sysadmin http://shellycloud.com/, macias at shellycloud.com KRS: 0000440358 REGON: 101504426 -------------- next part -------------- An HTML attachment was

i'm running doveadm search: >doveadm search -A mailbox sent savedbefore 365d > and it's returning no results. a similar command does return some results: >doveadm search -A mailbox sent savedbefore 120d | grep -iF 'jdoe' jdoe 7b9a8b0b7d37504fe72c000055e4fe9a 65 jdoe 7b9a8b0b7d37504fe72c000055e4fe9a 66 jdoe 7b9a8b0b7d37504fe72c000055e4fe9a 67 jdoe

On 2020-05-02 16:42, Rowland penny via samba wrote: > On 02/05/2020 15:07, Jelle de Jong via samba wrote: >> Am I wrong to expect that id user and getent group should list me the >> groups the user is part of. >> >> For example wbinfo --group-info=office shows me that user jdoe and >> lgaga are part of the group, but then when doing id jdoe or id lgaga >>

Hi folks, I have a handful of iOS 10.2.1 Mail app IMAP clients that intermittently break into this unexplained authenticate-then-immediately-disconnect behavior when connecting to a RHEL7 Dovecot (dovecot-2.2.10-7.el7) proxy, providing proxied connections to a backend Panda/UW-IMAP server. From talking to the users, the activity would appear to be spontaneous (ie: not caused by user

On 2020-05-02 20:20, Rowland penny via samba wrote: > On 02/05/2020 18:59, Jelle de Jong via samba wrote: >> On 2020-05-02 16:42, Rowland penny via samba wrote: >>> On 02/05/2020 15:07, Jelle de Jong via samba wrote: >>>> Am I wrong to expect that id user and getent group should list me >>>> the groups the user is part of. >>>>

On 02/05/2020 18:59, Jelle de Jong via samba wrote: > On 2020-05-02 16:42, Rowland penny via samba wrote: >> On 02/05/2020 15:07, Jelle de Jong via samba wrote: >>> Am I wrong to expect that id user and getent group should list me >>> the groups the user is part of. >>> >>> For example wbinfo --group-info=office shows me that user jdoe and

Am I wrong to expect that id user and getent group should list me the groups the user is part of. For example wbinfo --group-info=office shows me that user jdoe and lgaga are part of the group, but then when doing id jdoe or id lgaga the office group is not shown, neither in getent group. What should I change in my config to have full group information working? root at samba01:~# wbinfo

Hi On april 17th, I upgraded from dovecot 2.1.13 to 2.2.0. Since that time, I had two different users that reported received three incident of messages that disapeared from their mailboxes. The mailbox format is mbox on local FFS filesystem (no NFS), and I use filesystem quotas (but both users are far from filling their quotas). When the message disapeared, it was always a whole rand of dates.

Hi I understand the crash below is caused by filesystem quota. I just report it because perhaps it could have a more graceful failure. Apr 29 09:39:17 danceny dovecot: dsync-local(jdoe): Error: Mailbox Sent: Saving failed: Not enough disk space Apr 29 09:39:17 danceny syslogd[165]: last message repeated 4 times Apr 29 09:39:17 danceny dovecot: doveadm: Error: dsync-remote(jdoe): Error: Cached

On 02/05/2020 15:07, Jelle de Jong via samba wrote: > Am I wrong to expect that id user and getent group should list me the > groups the user is part of. > > For example wbinfo --group-info=office shows me that user jdoe and > lgaga are part of the group, but then when doing id jdoe or id lgaga > the office group is not shown, neither in getent group. > > What should I

hi- i'm setting up an imap proxy in front of a novell groupwise server. it seems to so far be partially working, but dovecot is having trouble in certain cases. i expect that it's ultimately due to what i believe is a very poor implementation of imap provided by groupwise [at least based on other experiences in the past] - but that's a big part of why i'd like to have

On 2020-05-02 20:42, Rowland penny via samba wrote: > On 02/05/2020 19:28, Jelle de Jong via samba wrote: >> root at s4ad01:~# samba-tool user show jdoe > > There is no apparent reason why the groups do not work with chgrp, the > only reason I can think of is that the group was created and when you > tried to 'chgrp' the file, winbind read from its cache and it

CentOS 6.4 (amd64) client desktop with SSSD installed+configured to do LDAP AUTH from an openLDAP DS. Groups in LDAP DS -- dsusers (for all users), project1, project2, .... The objective is to give group permissions to directory trees with users belonging to various groups; users thereby inheriting the ACL given to respective groups. Test case -- uid: jdoe, gid: dsusers (primary) On LDAP

SLES 10 clients keeps removing and re-adding accounts to groups. Can''t use this product in production as a result, I''d like to use it though. Using clients 25.1 with master 25.1 This keeps re-occuring with every single puppet client run: Nov 24 09:57:09 puppetd[26915]: (//unixuser/User[jdoe]/groups) groups changed ''wheel'' to ''unixadm,wheel''

On Mon, Apr 18, 2016 at 06:56:48PM +0100, Rowland penny wrote: > >nslcd is running, in fact. However, the AD server does not have uidNumber > >and gidNumber attributes for the users in question. Maybe this is part > >of the problem? > nslcd relies on uidNumber & gidNumber attributes, so if they don't exist, as > far as Unix is concerned the user or group