search for: krb5_ccachedir

...ssh to my test clients using my kerberos credentials then ssh using GSSAPI to other hosts as defined in my principals using my ticket, achieving SSO. *I wanted to see if I could make the cache file user-specific, instead of the default location (/tmp/krb5cc-blabla).* I configured sssd.conf with: krb5_ccachedir = %h krb5_ccname_template = FILE:%d/.krb5cc_%U I configured krb5.conf with: [libdefaults] default_ccache_name = FILE:/home/%{username}/.krb5cc_%{uid} My sshd_config has the following: KerberosAuthentication yes KerberosOrLocalPasswd no KerberosTicketCleanup yes GSSAPIAuthentication yes GSSAPI...

I have not looked at Kerberos is years. But it looks like KRB5CCNAME comes from: https://github.com/openssh/openssh-portable/blob/master/gss-serv-krb5.c#L134-L197 But it depends on which version of Kerberos you have, and if you are also use PAM. Google for: heimdal kerberos cache name It looks like there is now a SSSD Kerberos Cache Manager rather then storing in individual file. On 6/11/2024