Hi all,
We run Viya 3.5 in both RHEL 7 and 8. We have always configured KRB5 and SSSD on our systems for file based ticket caches as a matter of routine. Now our security guidelines indicate we should use the kernel keyring as the files can theoretically be stolen.
After reconfiguring krb5.conf and sssd.conf to meet this requirement things worked as before. However we still see file based caches appear whenever someone logs on. These are transient, living only for a few seconds. We also see one for every active CAS session, living for the duration of it.
Consulting tech support and the docs shows that in act there is only support for file based ticket caches. So that would be the end of it.
Keyring is the RHEL default since v7 and we can imagine that many shops have that configured that. Since we see no apparent issue maybe it can work. Such a support statement from SAS often means "we haven't tested it" rather that "it doesn't work". That still leaves the CAS related cache files that Viya itself creates beyond our control but our exposure would still be less.
Does anyone of you have keyring configured and not have any issues? Could we gamble this?
Thanks in advance and kind regards,
- Jan.