The only difference i can think of is that the two vms that do use /home, are the actual kdc/ldap servers. The two â??badâ?? vms are clients, only running sssd/sshd. Upon ssh login to each of the 4 vms, a KRB5CCNAME=FILE:/bla environment variable is set; which will be /tmp or /home, depending on the vm. Someone requested a trace, so ill post that tomorrow, hopefully it will be helpful. Appreciate very much you allâ??s input! Best, Dave On Jun 11, 2024 at 2:00â?¯PM -0400, Douglas E Engert <deengert@xxxxxxxxx>, wrote: > > > On 6/6/2024 8:26 AM, Dave Macias wrote: > > *I wanted to see if I could make the cache file user-specific, instead of > > the default location (/tmp/krb5cc-blabla).* > SSH is creating a separate ticket cache file for each login session and owned by the user. > This has been the preferred way to do this for decades. > https://kerberos.mit.narkive.com/YJB4Hshz/krb5ccname-and-sshd > > Your: "Ticket cache: FILE:/tmp/krb5cc_2000_tgiettMBSK" looks like it is set by sshd and your environment should have a KRB5CCNAME with that name. > If you share the ticket cache between multiple login sessions, when the first session ends, > the "GSSAPICleanupCredentials yes" will cause the shared ticket cache to be deleted. Using /tmp means the cache is destroyed upon a shutdown/restart. /tmp is also a local file system. /home may be on > a network disk which has other issues. > > openssh-unix-dev mailing list > > openssh-unix-dev@xxxxxxxxxxx > > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > > -- > > Douglas E. Engert <DEEngert@xxxxxxxxx> > > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
