Solaris 10 sshd + GSSAPI = where's my cred cache?

Douglas E. Engert deengert at anl.gov
Fri Nov 9 14:15:17 EST 2007



Danny Mayer wrote:
> Simon Wilkinson wrote:
>> On 9 Nov 2007, at 04:04, Danny Mayer wrote:
>>
>>>> The manpage (ssh_config(4)) says:
>>>>
>>>>      GSSAPIDelegateCredentials
>>>>
>>>>          Enables/disables  GSS-API  credential  forwarding.   The
>>>>          default is no.
>>>>          ^^^^^^^^^^^^^
>>> That makes no sense. The default is no? The default should be "Enabled"
>>> or "Disabled". "No" has no meaning here.
>> All boolean options to both Sun and OpenSSH only take yes/no arguments.
>> So, the meaning of "GSSAPIDelegateCredentials no" would seem pretty clear.
>>
>> Simon.
>>
>>
> 
> So what this should be saying is the default *value* of
> GSSAPIDelagateCredentials is No. It's worded really badly.

And the default should be no. You only want to delegate to systems you trust
with your tickets. You as a user can use the ~/.ssh/ssh_config
to set it to yes for selected hosts.

> 
> Danny
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the Kerberos mailing list