Hi, do you have the env variable KRB5CCNAME set?
On Tue, Mar 3, 2026 at 9:26 AM Christopher Lamb via FreeIPA-users < [email protected]> wrote: > Hi > > Based on the 3 Fedora + FreeIPA Server instances I have setup over the > past few day, it seems that rebooting the system between configuring for > credential cache type FILE and creating the user(s) with ipa user-add is > important. > > As you say, it seems like something is caching the setting. > > If I get time I will create a 4th VM without the reboot to confirm this. > > For the moment I have a Fedora VM with a credential cache of type FILE > that the Java GSS code can access. > > Cheers > > > Chris > > *From: *Alexander Bokovoy <[email protected]> > *Date: *Monday, 2 March 2026 at 16:59 > *To: *Christopher Lamb <[email protected]> > *Cc: *FreeIPA users list <[email protected]> > *Subject: *[EXTERNAL] Re: [Freeipa-users] Re: How to change credential > cache type for FreeIPA user > > On Пан, 02 сак 2026, Christopher Lamb wrote: > >Hi Alexander > > > >I have now setup a second Fedora 43 Virtual Machine, and I now get > credential cache of type FILE, as I did early this afternoon with Fedora 38. > > > >After the ipaserver-install : > > > > > > 1. > >I configured /etc/krbr5.conf with "default_ccache_name = > FILE:/tmp/krb5cc_%{uid}" > > 2. > >In /etc/krb5.conf.d/kcm_default_ccache disabled KCM: > #default_ccache_name = KCM: > > > >So far this was the “same procedure as every year”. > > > >Then unlike my first Fedora 43 install, I rebooted. Only after the reboot > did I create the user “lamb” with "ipa user-add" > > > >When I log on with user lamb, klist shows > > > >Ticket cache: FILE:/tmp/krb5cc_664600003 > >Default principal: [email protected] > > Ok. I wonder if there is something that caches these settings on the > previous system. > > > -- > / Alexander Bokovoy > Sr. Principal Software Engineer > Security / Identity Management Engineering > Red Hat Limited, Finland > > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://forge.fedoraproject.org/infra/tickets/issues/new >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
