ssh kerberos + forwarding ticket
Douglas E. Engert
deengert at anl.gov
Mon Dec 6 16:16:07 EST 2004
Frederic Medery wrote:
> Hello,
>
> openssh version : openssh-3.9p1
> kerberos : krb5-server-1.2.7-28
> on Redhat AS V3
>
>
> I can connect t from station1 to server1 using kerberos auth. But the
> tgt is not forwared (even if kinit -f).
> Server1 have a princ (host/server1) in the krb5 DB and krb5.keytab.
>
> I thought that TGT forwarding was automatic.
The kinit -f indicates the ticket if forwardable.
You also need to tell ssh to forward the TGT.
GSSAPIDelegateCredentials yes
For security reasons you only want to delegate to host you trust.
so you may want to add for selected hosts in your own ssh_config.
>
> Do I need a princ host/station1 ?
No, not if station1 only the client.
>
>
> thanks !
>
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list