Am 01.04.24 um 15:09 schrieb Stefan Kania:
I normally use Debian for OpenLDAP and Kerberos, but now I have to
uses Alamalinux 9. When I create a Ticket with kinit I'm getting:
---------
u1-prod@ldapserver1 ~]$ kinit
Password for [email protected]:
[u1-prod@ldapserver1 ~]$ klist
Ticket cache: KCM:10001
Default principal: [email protected]
---------
So the ticket cache is the KCM-daemon and not FILE: like in Debian.
When I die an ldapsearch or an ldapwhoami I'm getting
-----------
[u1-prod@ldapserver1 ~]$ ldapwhoami
SASL/GSSAPI authentication started
ldap_sasl_interactive_bind: Local error (-2)
additional info: SASL(-1): generic failure: GSSAPI Error:
Miscellaneous failure (see text) (get-principal lstat(/tmp/krb5cc_10001))
-----------
All the ldap-commands are looking for the credential cache in FILE:
and not in KCM:
I'm using OpenLDAP 2.6 from the repositories.
Is there a way that the ldap-commands are using KCM:?
Weird. For me, ldap tools works without any issue on alma 9 with KCM.
Per default, without any manual configuration. So I don't know how I can
reproduce your issue.
But anyway: If you want back the old behavior with a file based ticket
cache:
/etc/krb5.conf.d/kcm_default_ccache is your friend.
Best regards
Ulf
