Forwarding Kerberos Credentials - SSH

Henry B. Hotz hotz at
Fri Jun 20 14:34:53 EDT 2003

At 4:52 AM -0400 6/20/03, kerberos-request at wrote:
>Date: Thu, 19 Jun 2003 20:21:18 -0700
>From: Frank Cusack <fcusack at>
>To: kerberos at MIT.EDU
>Subject: Re: Forwarding Kerberos Credentials - SSH
>  > Secondly I think the term "forwarding" doesn't apply to the scenarios
>>  I'm reading about here.  If you log in to sshd with your Kerberos
>>  password, the remote credentials acquired in the process are actually
>>  local in this sense - they reside on the host that acquired them, as
>Right.  That's not what the poster wants.  That's not kerberos
>authentication, that's password authentication.
>>  sshd did that.  When used to authenticate to some service from there,
>>  that's just simple basic Kerberos authentication, no forwarding needed.
>The original poster wants to login LOCALLY with krb5, ssh to a remote
>machine with KERBEROS authentication; the forwarding is needed so that
>on the remote machine he can subsequently obtain tickets for xyz service
>(say, afs).

"Me Too" (TM)

So, is that possible?

Ideally, is it possible in an application that only talks generic 
SSL, so that it could in turn call a module that made use of the tgt? 
(The thread is sshd, but I'm thinking maybe 
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at, or hbhotz at

More information about the Kerberos mailing list