OpenSSH with latest GSSAPI patch now storing credentials !

[Marc Horowitz]

sxw at dcs.ed.ac.uk (Simon Wilkinson) writes:

>> However, is this overiding something that should be set in a kerberos
>> config file? 

Yes, it is.  The patch you sent forces initial tickets to be
forwardable, regardless of what the kerberos config file requests.
With MIT krb5, you can set the forwardable flag by default in
krb5.conf:

[libdefaults]
        forwardable = true

                Marc