Hide Forgot
Description of problem: When performing an offline login with no existing credential cache (first login after boot or after a kdestroy), the SSSD does not generate a pre-expired placeholder cache. Version-Release number of selected component (if applicable): sssd-krb5-1.11.1-2.fc20.x86_64 How reproducible: Every time Steps to Reproduce: 1. kdestroy 2. sudo killall -USR1 sssd (to force offline auth) 3. su - <username> 4. klist Actual results: The login succeeds with cached credentials, but the output of klist shows no credential cache. Expected results: The login succeeds with cached credentials and the output of klist shows a credential cache that expired long ago (actually the dawn of the epoch). Additional info: The primary reason for the placeholder cache is so that applications like krb5-auth-dialog can monitor the cache and notify the user when it is updated or expired. Also, this appears to be related to the KEYRING:persistent cache only. When I switched to 'krb5_ccname_template = FILE:/tmp/krb5cc_%U_XXXXXX" and followed the above steps, the placeholder cache was properly created.
Upstream ticket: https://fedorahosted.org/sssd/ticket/2115
Why do you need that with a kernel keyring ?
Upstream ticket was closed as wontfix. (https://fedorahosted.org/sssd/ticket/2115)