Bug 1287119 - RFE: please add support for TGT lifetime notifications
RFE: please add support for TGT lifetime notifications
Status: NEW
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: krb5-auth-dialog (Show other bugs)
x86_64 Linux
unspecified Severity medium
: rc
: ---
Assigned To: Alexander Larsson
BaseOS QE Security Team
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2015-12-01 09:34 EST by Ondrej
Modified: 2017-09-14 07:38 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Ondrej 2015-12-01 09:34:05 EST
Description of problem:
Currently, krb5-auth-dialog only supports notifications based on expiring TGTs. In our case TGT never expires as it is being automatically renewed by the SSSD daemon - until it hits the lifetime period.

It would be therefore more beneficial if we could configure krb5-auth-dialog the way that it warns user that the Kerberos ticket lifetime is approaching.

Also in cases where user has obtained a renewable TGT, this dialog should not prompt for password - instead it should perhaps offer a possibility to perform renewal on user behalf automatically.
Comment 2 Jakub Hrozek 2015-12-01 11:03:14 EST
This would be best served by the InfoPipe API of SSSD and overall the desktop integration Alexander is working on.
Comment 3 Ondrej 2015-12-01 13:51:20 EST
That would, indeed. But that seems to be quite a long run project which will hardly make it into RHEL-7. What I am looking for here is something quick and relatively easy fix for RHEL-6 and/or 7 which can serve in the mean time.

Note You need to log in before you can comment on or make changes to this bug.