Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#72557 - [sssd] add adcli to the community repository and as optional dependency to sssd
Attached to Project:
Community Packages
Opened by Arne Fahrenwalde (macgeneral) - Wednesday, 27 October 2021, 09:36 GMT
Last edited by Toolybird (Toolybird) - Saturday, 03 June 2023, 23:21 GMT
Opened by Arne Fahrenwalde (macgeneral) - Wednesday, 27 October 2021, 09:36 GMT
Last edited by Toolybird (Toolybird) - Saturday, 03 June 2023, 23:21 GMT
|
DetailsDescription:
ActiveDirectory setups can hand out a machine credential called the "kerberos keytab" to connected machines. This can be set to expire forcing machines to regularly renew it. While that renewal is supported by sssd, the feature can only be used if adcli is installed. adcli currently is only available in the AUR and unlike sssd not in the official repositories. https://github.com/SSSD/sssd/blob/7313efba2cd668ce622c4bf54b94a725e7209617/src/providers/ad/ad_machine_pw_renewal.c#L30 Additional info: * adcli version 0.9.1 * https://aur.archlinux.org/packages/adcli * https://github.com/gentoo/gentoo/pull/20624 Steps to reproduce: * hard to reproduce because you need a fully working Kerberos/AD setup which hands out a krb5.keytab file which has to be regularly renewed. |
This task depends upon