GSSAPI Issue
Will Fiveash
will.fiveash at oracle.com
Mon Nov 29 19:49:20 EST 2010
On Wed, Nov 24, 2010 at 10:55:33AM -0800, Russ Allbery wrote:
> Greg Hudson <ghudson at MIT.EDU> writes:
>
> > It is possible to forward credentials from the client to the server.
> > For this to work, the following must be true:
>
> > * You must have obtained forwardable tickets on the client. You can do
> > this with kinit -f, or by setting "forwardable = true" in the
> > [libdefaults] section of krb5.conf.
>
> > * "GSSAPIDelegateCredentials yes" must be set in ssh_config, or
> > specified on the command line with ssh -o GSSAPIDelegateCredentials=yes.
>
> ssh -K is a shortcut for the latter and lets you choose for each ssh
> command whether you want to forward tickets. I usually only use the ssh
> setting for specific hosts I use a lot and explicitly add the -K when I
> want to forward tickets to other hosts.
I don't see -K in Solaris ssh.
--
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app <http://www.mutt.org/>
More information about the Kerberos
mailing list