Solaris 10 sshd + GSSAPI = where's my cred cache?
Douglas E. Engert
deengert at anl.gov
Fri Nov 9 14:15:17 EST 2007
Danny Mayer wrote:
> Simon Wilkinson wrote:
>> On 9 Nov 2007, at 04:04, Danny Mayer wrote:
>>
>>>> The manpage (ssh_config(4)) says:
>>>>
>>>> GSSAPIDelegateCredentials
>>>>
>>>> Enables/disables GSS-API credential forwarding. The
>>>> default is no.
>>>> ^^^^^^^^^^^^^
>>> That makes no sense. The default is no? The default should be "Enabled"
>>> or "Disabled". "No" has no meaning here.
>> All boolean options to both Sun and OpenSSH only take yes/no arguments.
>> So, the meaning of "GSSAPIDelegateCredentials no" would seem pretty clear.
>>
>> Simon.
>>
>>
>
> So what this should be saying is the default *value* of
> GSSAPIDelagateCredentials is No. It's worded really badly.
And the default should be no. You only want to delegate to systems you trust
with your tickets. You as a user can use the ~/.ssh/ssh_config
to set it to yes for selected hosts.
>
> Danny
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list