Displaying 2 results from an estimated 2 matches for "krb5_ccachedir".
2024 Jun 06
2
kerberos default_ccache_name with sssd
...ssh to my test clients using my kerberos credentials then ssh using
GSSAPI to other hosts as defined in my principals using my ticket,
achieving SSO.
*I wanted to see if I could make the cache file user-specific, instead of
the default location (/tmp/krb5cc-blabla).*
I configured sssd.conf with:
krb5_ccachedir = %h
krb5_ccname_template = FILE:%d/.krb5cc_%U
I configured krb5.conf with:
[libdefaults]
default_ccache_name = FILE:/home/%{username}/.krb5cc_%{uid}
My sshd_config has the following:
KerberosAuthentication yes
KerberosOrLocalPasswd no
KerberosTicketCleanup yes
GSSAPIAuthentication yes
GSSAPI...
2024 Jun 13
1
kerberos default_ccache_name with sssd
I have not looked at Kerberos is years. But it looks like KRB5CCNAME comes from:
https://github.com/openssh/openssh-portable/blob/master/gss-serv-krb5.c#L134-L197
But it depends on which version of Kerberos you have, and if you are also use PAM.
Google for: heimdal kerberos cache name
It looks like there is now a SSSD Kerberos Cache Manager rather then storing in individual file.
On 6/11/2024