On Thu, Feb 04, 2016 at 09:29:02AM +0100, Lukas Slebodnik wrote: > On (04/02/16 04:46), Jay McCanta wrote: > >I would like to change where sssd creates the krb5 credential cache when > >using AD for authentication. > >It sets KRB5CCNAME as FILE:/tmp/krb5cc_<uid>_<random>. > >We are running sssd v 1.11.5 (packaged with Ubuntu Trusty 14.04). > >I have tried setting 'krb_ccachedir' and 'krb_ccname_template' but that > >didn't change where the cache got create. Below is the sssd.conf file. Is > >this possible with the AD provider? > > > >Jay McCanta > >F5 Networks, Inc. > > > >[sssd] > >config_file_version = 2 > >domains = example.com > >services = nss, pam > >debug_level = 3 > > > >[nss] > > > >[pam] > >debug_level = 3 > > > >[domain/example.com] > >id_provider = ad > >auth_provider = ad > >access_provider = ad > >ldap_id_mapping = False > >krb5_ccachedir=/var/run > >krb5_ccname_template=FILE:%d/krb5cc_%U > > > The configuration looks good to me? > > How did you test it? > ssh? "su", "su -" ...
I'm not 100% sure about all the use-cases (and currently no time to test, sadly), but I remember that sssd stores the ccache in the ldb cache and tries to reuse the existing one. So chances are you might need to clear the cache (and please make sure you're doing this while connected to the network, the cache also contains the cached passwords) _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/admin/lists/[email protected]
