The latest kerberos versions (for instance version 1.2.21) contain some extended features, one of which is the default credentials cache option (default_ccache_name)

Kerberos uses the cache to hold Kerberos credentials while they remain valid and to be able to authenticate to a server several times without having to contact the KDC every time

There are several types of ccache, and the name and type are specified by variable default_ccache_name in /etc/krb5.conf

In particular many modern kerberos implementations contain variable definition

default_ccache_name = KEYRING:persistent:%{uid}

but whenever UNAB is loaded this causes an error

debug1: Unspecified GSS failure.  Minor code may provide more information
No Kerberos credentials available (default cache: KEYRING:persistent:85518)

This document describes what value to set for default_ccache_name to allow seamless working with UNAB

UNAB kerberos implementation is based on version  1.12.4 as of the writing of this document (UNAB version 14.10.60.186) and it is based on the assimption that variables will have their default values. Most modern Kerberos versions, however,  support other add-ons and variables which are not available for the UNAB Kerberos version.

In particular setting them to otherwise legitimate values may not result in the expected behaviour and they may even be ignored or overwritten whenever UNAB is loaded. 

In this particular case the default_ccache_name will be understood provided it points to the same location where credentials are stored, that is /tmp/krb5cc_%{uid}

Set value

default_ccache_name = /tmp/krb5cc_%{uid} in the [libdefaults] section of /etc/krb5.conf