Ubuntu: Forwarded kerberos tickets cached in /tmp instead of keyring


I'm using Ubuntu 14.04 and 16.04. They're configured to cache kerb tickets in the kernel keyring via this setting in the [libdefaults] section of /etc/krb5.conf:

default_ccache_name = KEYRING:persistent:%{uid}  

This works fine if I kinit (tickets do get cached in the keyring). However if I forward a ticket to the box when I ssh to it (using GSSAPIDelegateCredentials), the ticket gets cached in the /tmp directory.

I have tried setting the following in the [domain/company.org] section of /etc/sssd/sssd.conf

krb5_ccname_template = KEYRING:persistent:%U  

as suggesting in sssd man page but it has no effect.

How can I get forwarded tickets to be cached in the kernel keyring and not /tmp?

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »