We are trying to set sssd on CentOS 8 computers to cache the user credentials with Kerberos authentication. The issue that it works fine until we restart the sssd service, after that login with cached credentials stops working. It looks like restarting the service clears out the cache so the credentials are not there (or not used) anymore and we need to reconnect to the kerberos server to login again. This is a big problem since rebooting the computer actually restarts sssd so every time someone brings his laptop at home he cannot login anymore (unless he doesn't turn it off during the trip).

I am pretty sure my sssd.conf includes everything I need for the caching:

id_provider = files
auth_provider = krb5
cache_credential = True
krb5_store_password_if_offline = True

For the krb5.conf I tried to not define any default_ccache_name, tried with FILE:/tmp/krb5cc_%{uid} and with keyring as well but none of them seem to have any effect (I think sssd caches the credentials in it's own database so Kerberos caching configuration doesn't matter but maybe I am wrong).

Also if I set any values different than 0 for offline_credentials_expiration in the pam section of the sssd.conf, for example:

[pam]
offline_credentials_expiration = 60

the caching stops working completely (no need to restart or reboot it just doesn't work at all). Maybe this is a separated problem but it may also be related so I mention it just in case. But for the moment my priority is to solve the restarting problem.

Any idea why sssd cannot keep the cached credentials when it restarts?

Thank you!