All,

On a RHEL8 server,

an app team got an /etc/krb5.conf.d/ file put in that changed default_ccache_name from the expected:

default_ccache_name = KCM

(as set up by sssd) to:

[libdefaults] default_ccache_name = FILE:/tmp/krb5cc_%{uid}

Far as I can tell, sssd is still functioning. But I seem to recall that some portions of sssd (in RHEL8 and RHEL9) break if it's not set to KCM.

KCM server for SSSD — SSSD documentation (pagure.org) https://docs.pagure.org/sssd.sssd/design_pages/kcm.html

and sssd-kcm man page describe the sssd-kcm service, but not what breaks if you don't use it.

Spike