Kinit: Unknown credential cache type while getting default ccache

NolteG · November 11, 2024, 9:44am

Good day,

I just completed a migration of our company to FreeIPA and I found some users get an error stating the following: kinit: Unknown credential cache type while getting default ccache

I found a fix for it on Stackoverflow Kerberos kinit: Unknown credential cache type while getting default ccache - Stack Overflow and this works.

I just wanted to confirm what the implications of commenting out the default_ccache_name attribute may have.

If anyone knows if this is a good solution, please let me know.

Best regards,
Greg

nazunalika · November 11, 2024, 3:56pm

In what scenarios is this happening? On what systems? What distribution/version? Are these systems fully up to date? In normal circumstances with current Rocky Linux 8 and 9 versions, this message shouldn’t appear.

NolteG · November 11, 2024, 4:10pm

This literally only happens from MacOS systems that connect to Ubuntu 22.04 systems connected to FreeIPA. The MacOS systems are not domain joined only the Ubuntu systems are. The MacOS systems are Sonoma and Sequoia.

dali · November 11, 2024, 6:38pm

Commenting default_ccache_name in /etc/krb5.conf (and possibly also in files in /etc/krb5.conf.d) means that the default value will be used, in RHEL you would end up with a FILE:/tmp/krb5cc_%{uid} cache. Running “klist” should show what the cache type is, “Ticket cache: …”.

So unless you have an issue with using a FILE cache it should work fine.

NolteG · November 11, 2024, 6:51pm

That’s the behaviour I noticed. The default type was keyring instead of file and simply commenting keyring out didn’t seem to change the functionality. Thank you for the feedback!