I'm using Ubuntu 14.04 and 16.04. They're configured to cache kerb tickets in the kernel keyring via this setting in the [libdefaults] section of /etc/krb5.conf:
default_ccache_name = KEYRING:persistent:%{uid}
This works fine if I kinit (tickets do get cached in the keyring). However if I forward a ticket to the box when I ssh to it (using GSSAPIDelegateCredentials), the ticket gets cached in the /tmp directory.
I have tried setting the following in the [domain/company.org] section of /etc/sssd/sssd.conf
krb5_ccname_template = KEYRING:persistent:%U
as suggesting in sssd man page but it has no effect.
How can I get forwarded tickets to be cached in the kernel keyring and not /tmp?
