According to the MIT Kerberos documentation, the default credential cache name is determined as follows:
Default ccache name
The default credential cache name is determined by the following, in descending order of priority:
1. The KRB5CCNAME environment variable. For example, KRB5CCNAME=DIR:/mydir/. 2. The default_ccache_name profile variable in [libdefaults]. 3. The hardcoded default, DEFCCNAME.
http://web.mit.edu/kerberos/krb5-devel/doc/basic/ccache_def.html
I'm wondering if there's a way to define default_ccache_name profile variable (#2) on the client side? I've tried defining it as follows in /etc/krb5.conf on one of my client machines:
[libdefaults]
...
default_ccache_name = FILE:/var/krb5/security/creds/krb5cc_%{uid}
...
But the client binaries (klist / kinit / kdestroy etc.) seem to ignore this completely:
[~]$ klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_34125)
I'm running version 1.9.4:
[~]$ klist -V
Kerberos 5 version 1.9.4
Drat, I think I found my own answer -- version 1.9.4 doesn't have this parameter:
http://web.mit.edu/kerberos/www/krb5-1.9/krb5-1.9.4/doc/krb5-admin.html
It would help to look in the right documentation...