On Apr 4, 2021, at 14:08, Gordon Messmer <gordon.mess...@gmail.com> wrote:
>> $ cat /etc/krb5.conf
>> [libdefaults]
>> default_ccache_name = KEYRING:persistent:%{uid}
>
> Specifically, I thought that sssd defaults to KCM storage for kerberos
> credentials, not the kernel keyring. You might be seeing an SELinux
> deny due to non-default ccache storage.
Only if sssd-kcm is installed. Otherwise the keyring is default. I normally use
the keyring on my systems. No selinux issues there.
--
Jonathan Billings
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
