Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1026861
Description of problem: In RHEL7 the default krb5.conf includes: default_ccache_name = KEYRING:persistent:%{uid} But, ipa-server does not include that in the template here: /usr/share/ipa/krb5.conf.template So, KRB5CCNAME on the client is defaulting back to file:/tmp/something: [root@rhel7-1 ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: admin@IPA1.EXAMPLE.TEST Valid starting Expires Service principal 11/04/2013 21:59:19 11/05/2013 21:59:19 krbtgt/IPA1.EXAMPLE.TEST@IPA1.EXAMPLE.TEST Should this be fixed to support the newer kernel keyring cache type? Version-Release number of selected component (if applicable): [root@rhel7-1 ~]# rpm -qf /usr/share/ipa/krb5.conf.template ipa-server-3.3.2-3.el7.x86_64 How reproducible: always Steps to Reproduce: 1. install ipa server 2. kinit admin 3. klist 4. grep default_ccache_name /etc/krb5.conf Actual results: uses old location in /tmp instead of the new keyring support. Expected results: should be: KEYRING:persistent:%{uid}. Additional info:
Working on this one.
attachment freeipa-mkosek-439-allow-kernel-keyring-ccache-when-supported.patch
Patch freeipa-mkosek-439-allow-kernel-keyring-ccache-when-supported.patch sent for review
Moving to next month iteration.
Metadata Update from @mkosek: - Issue assigned to mkosek - Issue set to the milestone: FreeIPA 3.3.x - 2013/12 (bug fixing)
Login to comment on this ticket.