add another Kerberos use case to care about

This commit is contained in:
2023-04-21 08:53:55 +02:00
parent 29e7f1e16c
commit 200a58bf56
+2 -1
View File
@@ -65,6 +65,7 @@ also the tickets therein.
- ssh TGT (ticket granting ticket) delegation (with `GSSAPIDelegateCredentials yes`)
- AFS authentication (`aklog`)
- AFS administrative operations where the user switches to a separate admin principal (e.g. `buchel_k-adm`)
- long running sessions with `nohup`, `tmux` and `screen`
- local desktop: get new TGT on login
- local desktop: TGT renewal after reauthentication on lock screen
- remote desktop with NoMachine NX: get new TGT on login
@@ -329,4 +330,4 @@ At the end we have a well known shared credential cache between Gnome and `syste
With NoMachine NX this is configured similarly.
## PS
There is an advanage in the broken `sssd-kcm` default cache selection: it forces us to make our stuff robust against KCM glitches, which might also occur with a better manager, just way less often and then it would be more harder to explain and to track down.
There is an advantage in the broken `sssd-kcm` default cache selection: it forces us to make our stuff robust against KCM glitches, which might also occur with a better manager, just way less often and then it would be more harder to explain and to track down.