Ken Hornstein: >> Anyway, I checked the krb5 sources, and it is defined in >> lib/krb5/ccache/cc_keyring.c: >> >> /* >> * Keyring name prefix and length of random name part >> */ >> #define KRCC_NAME_PREFIX "krb_ccache_" >> #define KRCC_NAME_RAND_CHARS 8 > My reading of the code is that random cache name is only used _if_ you > call the function krb5_cc_gen_new(), which suggests to me that pam_sss > or something pam_sss is calling is explicitly doing that (most Kerberos > programs simply call krb5_cc_default() which should result in it taking > a compiled-in default or whatever you specify in krb5.conf).
Switched from sssd to winbind and got it to work using the standard FILE cache type. With KEYRING, something(TM) added the ":${UID}" suffix twice... Bye... Dirk -- Dirk Heinrichs <dirk.heinri...@altum.de> Matrix-Adresse: @heini:chat.altum.de GPG Public Key: 80F1540E03A3968F3D79C382853C32C427B48049 Privacy Handbuch: https://www.privacy-handbuch.de
OpenPGP_signature
Description: OpenPGP digital signature