Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-11015: Custom kerberos cache directory

Authentication Service ,  

14 September,18 at 03:02 PM

Question: How to specify an alternative location for the kerberos cache files?

Answer: Beginning in Release 18.8 (CentrifyDC Agent 5.5.1) you can use the following parameter in the /etc/centrifydc/centrifydc.conf file:

      adclient.krb5.user.ccache.dir



This is useful when kerberos applications in docker containers use the kerberos cache files.
This parameter, in conjunction with adclient.krb5.ccache.dir.secure.usable.check
enables volume bind mapping so that kerberos cache files in the host OS are available to the docker containers.

Default is empty string.

If adclient.krb5.ccache.dir is not configured or set to default empty
string, then:
The system default ccache directory is used.

- On AIX: /var/krb5/security/creds
- On others: /tmp



Example:

Suppose you have an application that is only looking for kerberos credentials cache in a directory other than /tmp. You could uncomment and edit this parameter to look like the following:

     adclient.krb5.ccache.dir: /tmp/sample/directory

Then run adreload and try again to see if the kerberos cache files get stored where you specified.
 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 article[DevOps] Creating a Kerberos Keytab to Automate DirectControl Active Directory joins & removals articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal? articleKB-6041: How to show current license type in use by adclient articleKB-6073: How to join the Linux/Unix Centrify Server to Active Directory with specific Computer Role? articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleKB-2265: How is Kerberos used with Centrify? articleKB-6056: How to report the group policy settings that are in effect for the local computer? articleKB-3925: How to add Centrify parameter to a group policy