SSSD-KCM(8) NAME sssd-kcm - Kerberos SSSD Kerberos SSSD (Kerberos Cache Manager KCM). KCM -- , Kerberos, . Heimdal Kerberos, MIT Kerberos ( ) KCM. , Kerberos KCM, Kerberos ( , kinit(1)) " KCM", KCM " KCM". UNIX. KCM UID GID KCM. root . KCM : o , UID, o , , KCM , UNIX o SSSD ccache ( /var/lib/sss/secrets), KCM . , ( ) - . - KCM 5 , , kinit. KCM KCM, krb5.conf(5). "KCM:", - . : [libdefaults] default_ccache_name = KCM: UNIX Kerberos KCM. , /var/run/.heim_org.h5l.kcm-socket. Kerberos, "kcm_socket", krb5.conf(5). , , KCM SSSD . KCM systemd(1) . SSSD, , "kcm" "service". systemctl start sssd-kcm.socket systemctl enable sssd-kcm.socket , . , SSSD. "/var/lib/sss/secrets". sssd-kcm systemd(1). /etc/sssd/sssd.conf, /etc/sssd/conf.d/: [kcm] debug_level = 10 sssd-kcm: systemctl restart sssd-kcm.service , . KCM /var/log/sssd/sssd_kcm.log. , , sssd-kcm . , , /etc/sssd/sssd.conf . sssd-kcm TGT TGT, ccache KCM. , . KCM [kcm]: tgt_renewal = true krb5_renew_interval = 60m SSSD krb5 . tgt_renewal = true tgt_renewal_inherit = domain-name [kcm] krb5 ( ) krb5_renew_interval krb5_renewable_lifetime krb5_lifetime krb5_validate krb5_canonicalize krb5_auth_timeout KCM "kcm" sssd.conf. : KCM , "sssd-kcm" "kcm" sssd.conf: systemctl restart sssd-kcm.service KCM "kcm". " " sssd.conf(5). kcm SSSD, "debug_level" "fd_limit". sssd.conf(5). , KCM . socket_path () , KCM. : /var/run/.heim_org.h5l.kcm-socket : , systemd, , sssd-kcm.socket. max_ccaches ( ) KCM . : 0 ( , UID) max_uid_ccaches ( ) KCM UID. " , kinit". : 64 max_ccache_size ( ) ccache. . : 65536 tgt_renewal ( ) TGT. : False ( ) tgt_renewal_inherit () , krb5_*, TGT. : NULL krb5_auth_timeout ( ) - . , . : 6 krb5_validate ( ) krb5_keytab, TGT . , . , . , , . : false ( IPA AD: true) , -- PAC ( <> sssd.conf(5)). , PAC . krb5_renewable_lifetime () , , : s m h d . , , s. : . , <<90m>>, <<1h30m>>. : , TGT krb5_lifetime () , , : s m h d . , , s. : . , <<90m>>, <<1h30m>>. : , , KDC. krb5_renew_interval () , TGT. TGT , , , : s m h d . , , s. : . , <<90m>>, <<1h30m>>. <<0>>, . : krb5_canonicalize ( ) , - -. MIT Kerberos 1.7 . : false . sssd(8), sssd.conf(5), AUTHORS (<<>>) SSSD -- https://github.com/SSSD/sssd/ SSSD 05/17/2024 SSSD-KCM(8)