How can I set the default_ccache_name Kerberos attribute on the client without using KRB5CCNAME?

Question

How can I set the default_ccache_name Kerberos attribute on the client without using KRB5CCNAME?

According to the MIT Kerberos documentation, the default credential cache name is defined as follows:

Default ccache filename

The default credential cache name is defined as follows, in descending order of priority:

1. The KRB5CCNAME environment variable. For example, KRB5CCNAME=DIR:/mydir/.
2. The default_ccache_name profile variable in [libdefaults].
3. The hardcoded default, DEFCCNAME.

http://web.mit.edu/kerberos/krb5-devel/doc/basic/ccache_def.html

I'm wondering if there is a way to define the default_ccache_name (# 2) profile variable on the client side? I tried to define it as specified in / etc / krb 5.conf on one of my client machines:

[libdefaults]
        ...
        default_ccache_name = FILE:/var/krb5/security/creds/krb5cc_%{uid}
        ...

But the client binaries (klist / kinit / kdestroy, etc.) seem to completely ignore this:

[~]$ klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_34125)

I am running version 1.9.4:

[~]$ klist -V
Kerberos 5 version 1.9.4

+3

linux unix aix kerberos

Squirrel Apr 20 At 13:09

source to share

1 answer

Squirrel · Accepted Answer · 2015-04-20T13:21:01+0000

Drat, I think I found my own answer - version 1.9.4 does not have this setting:

http://web.mit.edu/kerberos/www/krb5-1.9/krb5-1.9.4/doc/krb5-admin.html

This will help you find the correct documentation ...

How can I set the default_ccache_name Kerberos attribute on the client without using KRB5CCNAME?

More articles: