[Samba] winbind: machine password timeout and keytab
johan at hattne.se
Tue Feb 18 19:14:38 UTC 2020
Is it possible to refresh the machine password in an AD setup while also
using a keytab for verifying secrets? As far as I can see machine
password updates (as controlled by "machine password timeout") are
disabled when a keytab is in use (in particular, when "kerberos method =
secrets and keytab"), but without an up-to-date keytab e.g. single
sign-on with SSH won't work.
Is there any way around this, short of running a cron job to refresh
machine passwords and then update the keytab? I find that the
cron-solution suffers from race conditions in a CTDB setup.
// Best wishes; Johan
More information about the samba