-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 2015-09-30 a las 15:46 +0200, Carlos E. R. escribió:
Finalmente creó un bugzilla:
https://bugzilla.novell.com/show_bug.cgi?id=844198 https://bugzilla.opensuse.org/show_bug.cgi?id=844198
¿Tienes acceso ahí?
Los comentarios son largos. Parece que se solucionó finalmente en la 13.2, el 2015-04-09, al menos oficialmente. Otros discrepan.
El último comentario es muy interestante, y se escribió hace sólo unos dias: Comment 19 Joschi Brauchle 2015-09-22 20:53:34 UTC Hello Howard, I'm personally okay with the solution path that was taken. But I simply wonder, why one would continue to use file-based storage of kerberos credentials at all. This whole problem discussed in this thread simply arises from the fact that the system is configured to store user kerberos credential caches in a file, or a directory structure to be more precise. This directory structure must be created, maintained and removed. If this does not happen, old caches will linger around indefinitely, waiting for an administrator to remove them. I.e., manual intervention is required. On the other hand, SSSD and Kerberos libraries used by openSUSE offer the functionality to store kerberos credential caches in the kernel keyring, even in a persistant manner, if needed. In my view, the kernel keyring is not only the natural place to store user credentials (files are simply to insecure!) and also immediately solve all problems discussed here, because there is simply no need to create, maintain and remove any files by anyone - its all done by the kernel for you. No old caches stick around, because the kernel removes them one they expire. So, to cut a long story short: File based credential caching is a thing of the past (in my view). The solution path taken here will sooner or later be changed to kernel keyring. So, why not just do it right now? We are running more than 50 workstations and servers at our institution w/ openSUSE 13.2 and kernel keyring caches without problem. It just takes 2 lines in /etc/sssd/sssd.conf and all is well. It should simply be the default for openSUSE right away. If a user needs file based caches for some reason, it is reverted back to the old (bad) behaviour in no time ... - -- Saludos Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iF4EAREIAAYFAlYL6hcACgkQja8UbcUWM1ztvwD+MGl6A7CLXYPJ5wVhKL4Hb6lr CDGm+3jrXlR9ZjXkYTkA/A0CEAgbtKPT4w1qqVfOycQ1YhnvkPGiAGrT5nPDuTW4 =BL/J -----END PGP SIGNATURE-----