4 Apr
2021
4 Apr
'21
11:34 p.m.
On Apr 4, 2021, at 14:08, Gordon Messmer gordon.messmer@gmail.com wrote:
$ cat /etc/krb5.conf [libdefaults] default_ccache_name = KEYRING:persistent:%{uid}
Specifically, I thought that sssd defaults to KCM storage for kerberos credentials, not the kernel keyring. You might be seeing an SELinux deny due to non-default ccache storage.
Only if sssd-kcm is installed. Otherwise the keyring is default. I normally use the keyring on my systems. No selinux issues there.
-- Jonathan Billings