Comment 11 for bug 1037055

I've done some testing on machines with and without the new packages.

Conclusion: I think things have improved with the new packages.

More details:

It is hard to tell for sure as there are various things (eg using sudo, or unlocking the desktop etc) other than winbind that will refresh the Ticket Granting Ticket (TGT) and update/recreate the credentials cache. This can mask the original problem.

I managed to shorten the Active Directory ticket lifetimes (1 hour) and renewal periods (1 day) to the minimum to speed up testing. But after this I noticed that tickets were no longer being renewed at all, and expired tickets would stay in the credentials cache breaking authentication. This was worse than the original problem.

On a machine without the updates installed, the original problem was still happening even with the shorter ticket lifetimes. ie the credentials cache and Ticket Granting Ticket disappearing before the TGT reached it's renewal time limit. This problem never happened with the updated packages though.

Suspecting that the expired ticket problem was caused by the extremely short ticket lifetimes, I extended Active Directory ticket settings to 5hr expiry and 2 day renewal periods. This has slowed down testing a bit, but seems to have made that new expired ticket problem go away. ie tickets are now renewing properly again, and I haven't noticed the cache disappearing before the TGTs renewal period was up.

So - things do seem improved with the new packages (provided stupidly short ticket lifetimes aren't in use). The problem I encountered with very short lifetimes is unrelated to this bug report.

But without a reliable way to reproduce the original problem, I still can't be 100% certain that absence of evidence (not seeing the bug so far) equates to evidence of absence (the bug has been fixed).