SSSD-KCM(8) NAME sssd-kcm - Kerberos SSSD Kerberos SSSD (Kerberos Cache Manager KCM). KCM , , Kerberos. Heimdal Kerberos, Kerberos MIT KCM ( ). , Kerberos KCM, Kerberos ( , kinit(1)) " KCM", KCM " KCM". UNIX. KCM UID GID KCM. root . KCM : o , UID, o , , KCM , UNIX o SSSD ccache , /var/lib/sss/secrets. ccache KCM '. , '- . KCM 5 , , kinit. KCM KCM krb5.conf(5). "KCM:" - . : [libdefaults] default_ccache_name = KCM: , UNIX Kerberos KCM. , /var/run/.heim_org.h5l.kcm-socket. Kerberos "kcm_socket", krb5.conf(5). , , KCM SSSD '. , KCM systemd(1). SSSD, "kcm" "service". systemctl start sssd-kcm.socket systemctl enable sssd-kcm.socket , , . , SSSD. , "/var/lib/sss/secrets". , sssd-kcm systemd(1). /etc/sssd/sssd.conf, /etc/sssd/conf.d/: [kcm] debug_level = 10 , sssd-kcm: systemctl restart sssd-kcm.service , , . KCM /var/log/sssd/sssd_kcm.log. , , sssd-kcm . , , , /etc/sssd/sssd.conf. sssd-kcm TGT TGT, ccache KCM. . KCM [kcm]: tgt_renewal = true krb5_renew_interval = 60m , SSSD krb5 . tgt_renewal = true tgt_renewal_inherit = domain-name krb5 [kcm] . krb5_renew_interval krb5_renewable_lifetime krb5_lifetime krb5_validate krb5_canonicalize krb5_auth_timeout KCM "kcm" sssd.conf. , , KCM, , , "kcm" sssd.conf "sssd-kcm": systemctl restart sssd-kcm.service KCM "kcm". " " sssd.conf(5). kcm SSSD, "debug_level" "fd_limit" sssd.conf(5). , KCM . socket_path () , ' KCM. : /var/run/.heim_org.h5l.kcm-socket : , systemd, , sssd-kcm.socket. max_ccaches ( ) KCM . : 0 ( , UID) max_uid_ccaches ( ) KCM UID. " , kinit". : 64 max_ccache_size ( ) ccache. . : 65536 tgt_renewal ( ) TGT. : False ( ) tgt_renewal_inherit () , krb5_*, TGT. : NULL krb5_auth_timeout ( ) , . , . : 6 krb5_validate ( ) krb5_keytab, TGT . . . , . ' : . : false ( IPA AD: true) , , PAC (. <> sssd.conf(5), ). , PAC. krb5_renewable_lifetime () , , : s -- m -- h -- d -- . , , s. : . , <<90m>>, <<1h30m>>. : , TGT krb5_lifetime () , , : s -- m -- h -- d -- . , , s. : . , <<90m>>, <<1h30m>>. : , KDC. krb5_renew_interval () , TGT. TGT , : s -- m -- h -- d -- . , , s. : . , <<90m>>, <<1h30m>>. 0, . : not set krb5_canonicalize ( ) , . MIT Kerberos 1.7. : false sssd(8), sssd.conf(5), AUTHORS SSSD -- https://pagure.io/SSSD/sssd/ SSSD 05/17/2024 SSSD-KCM(8)