Beginning in Centrify Infrastructure Services Release 18.8 (CentrifyDC 5.5.1) it is possible to specify an alternative path for the kerberos cache files.
Question: How to specify an alternative location for the kerberos cache files?
Answer: Beginning in Release 18.8 (CentrifyDC Agent 5.5.1) you can use the following parameter in the /etc/centrifydc/centrifydc.conf file:
adclient.krb5.user.ccache.dir
This is useful when kerberos applications in docker containers use the kerberos cache files. This parameter, in conjunction with adclient.krb5.ccache.dir.secure.usable.check enables volume bind mapping so that kerberos cache files in the host OS are available to the docker containers.
Default is empty string.
If adclient.krb5.ccache.dir is not configured or set to default empty string, then: The system default ccache directory is used.
- On AIX: /var/krb5/security/creds - On others: /tmp
Example:
Suppose you have an application that is only looking for kerberos credentials cache in a directory other than /tmp. You could uncomment and edit this parameter to look like the following:
adclient.krb5.ccache.dir: /tmp/sample/directory
Then run adreload and try again to see if the kerberos cache files get stored where you specified.