© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Stephen,
That explanation makes perfect sense, however, it does create some problems.
I discovered this behavior when testing Kerberized NFSv4 shares for users' home directories.
When a user logs in and attempts to access their home directory which is hosted on a Kerberized NFS share, the user is unable to login, often because the login process hangs while rpc.gssd throws some errors about having a corrupted or expired ticket. Therefore, a user doesn't even get a chance to execute kinit because they can't login (I admit that the hanging of the login process is more of an NFS/gssd bug as opposed to SSSD). I feel that, even if the login didn't freeze, having a user execute a command and type their password again before getting access to their home data is messy and frustrating.
Also, storing the plaintext password in the kernel keyring in a multi-user environment seems sub-optimal for security.
Would disabling offline mode solve my problem as a workaround?