#4013 Update krb5.conf.template to support KEYRING default_ccache_name
Closed: Fixed None Opened 6 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1026861

Description of problem:

In RHEL7 the default krb5.conf includes:

default_ccache_name = KEYRING:persistent:%{uid}

But, ipa-server does not include that in the template here:


So, KRB5CCNAME on the client is defaulting back to file:/tmp/something:

[root@rhel7-1 ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin@IPA1.EXAMPLE.TEST

Valid starting       Expires              Service principal
11/04/2013 21:59:19  11/05/2013 21:59:19

Should this be fixed to support the newer kernel keyring cache type?

Version-Release number of selected component (if applicable):
[root@rhel7-1 ~]# rpm -qf /usr/share/ipa/krb5.conf.template

How reproducible:

Steps to Reproduce:
1.  install ipa server
2.  kinit admin
3.  klist
4.  grep default_ccache_name /etc/krb5.conf

Actual results:
uses old location in /tmp instead of the new keyring support.

Expected results:
should be: KEYRING:persistent:%{uid}.

Additional info:

Patch freeipa-mkosek-439-allow-kernel-keyring-ccache-when-supported.patch sent for review

Moving to next month iteration.

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 3.3.x - 2013/12 (bug fixing)

3 years ago

Login to comment on this ticket.