I think it would be better to start from scratch:
Please answer to following question: Is your local password the same as kerberos password?
And much simpler would be to test without gdm.
Please open one console as *root* and run following command sh# journalctl -f > my_journal_output.log
Open another console as *ordinary user* and run following commands just with you user:
sh$ date Sat Aug 19 10:41:36 CEST 2017
sh$ kdestroy -A
# use kerberos password for test_user sh$ su - test_user Password:
sh$ klist Ticket cache: FILE:/tmp/ccache_gjwisq Default principal: test_user@EXAMPLE.COM
Valid starting Expires Service principal 08/19/2017 10:42:17 08/19/2017 20:42:17 krbtgt/EXAMPLE.COM@EXAMPLE.COM
sh$ date Sat Aug 19 10:42:21 CEST 2017
Then jump to the 1st terminal and stop command (ctrl-c). + run following command sh# ps aux | grep ss[s] root 29712 0.0 0.0 277304 9672 ? Ss Aug18 0:00 /usr/sbin/sssd -i -f root 29715 0.0 0.0 296268 13240 ? S Aug18 0:00 /usr/libexec/sssd/sssd_be --domain files.example --uid 0 --gid 0 --debug-to-files root 29717 0.0 0.2 282388 33156 ? S Aug18 0:00 /usr/libexec/sssd/sssd_nss --uid 0 --gid 0 --debug-to-files root 29718 0.0 0.0 262040 8624 ? S Aug18 0:00 /usr/libexec/sssd/sssd_pam --uid 0 --gid 0 --debug-to-files
And then attach sssd.conf, my_journal_output.log and sssd log files.
If you are not subscribed to sssd-users then write mail directly to me and add sssd-users to cc. I will get mail even though it will be blocked in sssd-users moderation queue.
LS