kerberos default_ccache_name with sssd
Douglas E Engert
deengert at gmail.com
Wed Jun 12 03:59:40 AEST 2024
On 6/6/2024 8:26 AM, Dave Macias wrote:
> *I wanted to see if I could make the cache file user-specific, instead of
> the default location (/tmp/krb5cc-blabla).*
SSH is creating a separate ticket cache file for each login session and owned by the user.
This has been the preferred way to do this for decades.
https://kerberos.mit.narkive.com/YJB4Hshz/krb5ccname-and-sshd
Your: "Ticket cache: FILE:/tmp/krb5cc_2000_tgiettMBSK" looks like it is set by sshd and your environment should have a KRB5CCNAME with that name.
If you share the ticket cache between multiple login sessions, when the first session ends,
the "GSSAPICleanupCredentials yes" will cause the shared ticket cache to be deleted. Using /tmp means the cache is destroyed upon a shutdown/restart. /tmp is also a local file system. /home may be on
a network disk which has other issues.
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
Douglas E. Engert <DEEngert at gmail.com>
More information about the openssh-unix-dev
mailing list