From 1abbc0d823951812637248d86af4a62b2c60bfbc Mon Sep 17 00:00:00 2001
From: Raphael Dannecker <raphael.dannecker@steinbeisschule-reutlingen.de>
Date: Wed, 2 Jul 2025 13:56:32 +0200
Subject: [PATCH] Configure SSSD for hourly ticket lifetime checks and renewal

---
 roles/lmn_sssd/templates/sssd.conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/lmn_sssd/templates/sssd.conf.j2 b/roles/lmn_sssd/templates/sssd.conf.j2
index fc3bf48..fef5d02 100644
--- a/roles/lmn_sssd/templates/sssd.conf.j2
+++ b/roles/lmn_sssd/templates/sssd.conf.j2
@@ -17,6 +17,7 @@ ad_gpo_access_control = disabled
 ad_gpo_ignore_unreadable = True
 ad_maximum_machine_account_password_age = 0
 ignore_group_members = True
+krb5_renew_interval = 1h
 {% if localhome is defined and localhome %}
 override_homedir = /home/%u
 {% endif %}