Single sign-on with ssh (only unix)

Nathan Ollerenshaw nathan at valuecommerce.co.jp
Fri Jun 3 01:53:31 EDT 2005


On Jun 3, 2005, at 2:30 PM, Sam Hartman wrote:

> I would not expect you to lose ticket forwarding.  Are some of your
> machines set up to forward tickets (gssapidelegatecredentials yes) and
> some not?

Oh, I see:

serenity:~ chrome$ ssh -o "gssapidelegatecredentials yes" nuts.sys.intra
Last login: Fri Jun  3 14:42:02 2005 from 10.0.13.24
[chrome at nuts.sys.intra ~]$ ssh -o "gssapidelegatecredentials yes"  
monster.sys.intra
Last login: Fri Jun  3 13:31:02 2005 from 10.0.13.24
[chrome at monster.sys.intra ~]$ ssh -o "gssapidelegatecredentials yes"  
nuts.sys.intra
Last login: Fri Jun  3 14:50:50 2005 from 10.0.13.24
[chrome at nuts.sys.intra ~]$ ssh -o "gssapidelegatecredentials yes"  
monster.sys.intra
Last login: Fri Jun  3 14:50:54 2005 from nuts.sys.intra
[chrome at monster.sys.intra ~]$ ssh -o "gssapidelegatecredentials yes"  
nuts.sys.intra
Last login: Fri Jun  3 14:51:03 2005 from monster.sys.intra
[chrome at nuts.sys.intra ~]$ ssh -o "gssapidelegatecredentials yes"  
monster.sys.intra
Last login: Fri Jun  3 14:51:03 2005 from nuts.sys.intra
[chrome at monster.sys.intra ~]$

Yeah, that works. Thanks!

I think I will write a howto and post it online for people working  
with FC2/3/Macs/Solaris machines :)

Regards,

Nathan.

-- 
Nathan Ollerenshaw / Systems Engineer
Systems Engineering
ValueCommerce Co., Ltd.

Tokyo Bldg 4F 3-32-7 Hongo Bunkyo-ku Tokyo 113-0033 Japan
Tel. +81.3.3817.8995   Fax. +81.3.3812.4051
mailto:nathan at valuecommerce.co.jp

  "It must be remembered that there is nothing more difficult
  to plan, more doubtful of success nor more dangerous to
  manage than the creation of a new system. For the initiator
  has the enmity of all who profit by the preservation of the
  old institution and merely lukewarm defenders in those who
  would gain by the new one." - Nicolo Machiavelli



More information about the Kerberos mailing list