Sure, I have that envirnment variable defined.

[ola@galaxy ~]$ export | grep KRB5CCNAME
declare -x KRB5CCNAME="KEYRING:persistent:11103"

[ola@galaxy ~]$ klist
klist: No credentials cache found while retrieving principal name

[ola@galaxy ~]$ kinit
Password for ola@ENSKEDE.LOCAL: 

[ola@galaxy ~]$ klist
Ticket cache: KEYRING:persistent:11103
Default principal: ola@ENSKEDE.LOCAL

Valid starting     Expires            Service principal
04/14/15 23:08:55  04/15/15 09:08:58  krbtgt/ENSKEDE.LOCAL@ENSKEDE.LOCAL
        renew until 04/21/15 23:08:55

[ola@galaxy ~]$ grep ola /etc/passwd

[ola@galaxy ~]$ getent passwd ola
ola:*:11103:11116:Ola Nystrom:/home/ola:/bin/bash

On Tue, Apr 14, 2015 at 11:02 PM, Lukas Slebodnik <> wrote:
On (14/04/15 22:27), Ola Nystrom wrote:
>I was a bit unsure of the KEYRING-support myself.
>But I have CentOS 6.6 and use KEYRING.
>[ola@galaxy ~]$ kinit
>Password for ola@ENSKEDE.LOCAL:
>[ola@galaxy ~]$ klist
>*Ticket cache: KEYRING:persistent:11103*
>Default principal: ola@ENSKEDE.LOCAL
>Valid starting     Expires            Service principal
>04/14/15 22:27:09  04/15/15 08:27:13  krbtgt/ENSKEDE.LOCAL@ENSKEDE.LOCAL
>        renew until 04/21/15 22:27:09
>[ola@galaxy ~]$ cat /etc/redhat-release
>CentOS release 6.6 (Final)
Intresting :-)

I though problem is with keyring ccache due to following lines in log.
[sss_get_ccache_name_for_principal] (0x4000): Location: [KEYRING:persistent:11103]
[sss_get_ccache_name_for_principal] (0x2000): krb5_cc_cache_match failed: [-1765328243][Can't find client principal ola@ENSKEDE.LOCAL in cache collection]

bu there is also line:
[krb5_mod_ccname] (0x4000): Save ccname [KEYRING:persistent:11103] for user [ola]

Do you have set enviroment variable KRB5CCNAME?

Could you try to export KRB5CCNAME=KEYRING:persistent:11103 after login?
It would help us to find whether ticket was created.
Please check time of creation.

sssd-users mailing list

Ola Nyström

“OSI model jokes work on so many levels”
— jorge_rbs