OpenSSH with latest GSSAPI patch now storing credentials !

Someone please at nospam.net
Tue Apr 2 10:15:16 EST 2002


Marc Horowitz wrote:

> sxw at dcs.ed.ac.uk (Simon Wilkinson) writes:
> 
> 
>>>However, is this overiding something that should be set in a kerberos
>>>config file? 
>>>
> 
> Yes, it is.  The patch you sent forces initial tickets to be
> forwardable, regardless of what the kerberos config file requests.
> With MIT krb5, you can set the forwardable flag by default in
> krb5.conf:
> 
> [libdefaults]
>         forwardable = true
> 
>                 Marc
> 

forwardable = true, works fine, I just tryed it thus it isn't documented 
in the MIT Kerberos documentation. They should add it.

Now verything works wonderfull, thanks to all your great help. Now I 
only have to get all this working with an ugly w2k KDC :-(

Cheers,
Marc




More information about the Kerberos mailing list