GSSAPI Issue

Will Fiveash will.fiveash at oracle.com
Mon Nov 29 19:49:20 EST 2010


On Wed, Nov 24, 2010 at 10:55:33AM -0800, Russ Allbery wrote:
> Greg Hudson <ghudson at MIT.EDU> writes:
> 
> > It is possible to forward credentials from the client to the server.
> > For this to work, the following must be true:
> 
> > * You must have obtained forwardable tickets on the client.  You can do
> > this with kinit -f, or by setting "forwardable = true" in the
> > [libdefaults] section of krb5.conf.
> 
> > * "GSSAPIDelegateCredentials yes" must be set in ssh_config, or
> > specified on the command line with ssh -o GSSAPIDelegateCredentials=yes.
> 
> ssh -K is a shortcut for the latter and lets you choose for each ssh
> command whether you want to forward tickets.  I usually only use the ssh
> setting for specific hosts I use a lot and explicitly add the -K when I
> want to forward tickets to other hosts.

I don't see -K in Solaris ssh.

-- 
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app <http://www.mutt.org/>



More information about the Kerberos mailing list