If you have a UiO-configured Linux laptop, you log in with your normal UiO password. If you happen to be disconnected from your office cabled network, you will see a message like this:
Authenticated with cached credentials, your cached password will expire at: date
Where date is at the most 180 days in the future. This happens because the laptop is unable to contact the UiO authentication server, ldap.uio.no.
You can keep using the laptop, but you need to reconnect to the UiO network and authenticate with your password for the expiry date to be postponed. If you stay "off the grid" for more than 180 days, you will be unable to log in. If you are abroad, there is very little we in IT can do for you!
If you are connected to some external network (say, your home network), it is possible to "trick" the login procedure to authenticate against ldap.uio.no, either by using VPN, or through a proxy. This guide explains how, and we'll start with sshuttle.
First, do a local authentication
sudo -k pwd
You should see the "cached password will expire" warning. Note the date!
Using sshuttle
Install sshuttle, if it's not installed already:
sudo apt install sshuttle # Ubuntu, Debian sudo dnf install sshuttle # Fedora, RHEL
Run sshuttle to set up a proxy for ldap.uio.no:
sshuttle -r username@login.uio.no ldap.uio.no
You will possibly need to (again) provide your sudo password, and to log in to login.uio.no with your password (or keys) and 2FA, read more about that here.
For some reason, the output from sshuttle could be a bit messy, but you should see eventually Connected to server. sshuttle will then just hang.
Now, create a new terminal window or tab (usually Ctrl-Shift-T), and authenticate:
sudo -k pwd
Your laptop will query ldap.uio.no through the sshuttle proxy, and you should not see the "cached password will expire" output.
That's it! The laptop will now have refreshed your password cache. But try it out! Go back and kill sshuttle (Ctrl-C), and try to authenticate again:
sudo -k pwd
This time, you should see the "your cached password will expire" output, and the date should be shifted compared to what you saw earlier.
Using VPN
The idea here is the same, to allow your machine to contact ldap.uio.no, but with a different mechanism.
If you prefer VPN, download and install Cisco VPN, if you haven't already done so.
Fire up the Cisco Anywhere VPN client in the GUI, and connect to vpn.uio.no. You will be taken through a browser login procedure, with 2FA and the full monty. Wait a few seconds for the VPN to establish.
Do a new authentication. You should not see the "your cached password will expire" output line, as the connection to ldap.uio.no goes through the virtual network.
Disconnect VPN. You may need to restart your network (or reboot), but try the sudo -k command again. You should now see the expiry date being shifted.
Obviously, if you plan to stay away from Campus for longer than the new expiry date, you will need to repeat this procedure now and then.