A way to automatically get a ticket through ssh for a local user
Brandon Allbery
ballbery at sinenomine.net
Fri Jul 15 20:26:15 EDT 2016
Last time I looked at the openssh source code, turning them on could interfere with the GSSAPI code: notably, it could cause the “old style” ticket forwarding hack to be attempted instead of GSSAPI credential delegation, which will fail with GSSAPI credentials.
On 7/15/16, 01:39, "kerberos-bounces at MIT.EDU on behalf of Benjamin Kaduk" <kerberos-bounces at MIT.EDU on behalf of kaduk at MIT.EDU> wrote:
>KerberosAuthentication yes
>KerberosOrLocalPasswd yes
>KerberosTicketCleanup yes
>#KerberosGetAFSToken no
>#KerberosUseKuserok yes
As Brandon said, these are old/deprecated and it is unusual for them to be
the desired configuration. But I don't know enough about what you want in
order to be able to say that for sure.
More information about the Kerberos
mailing list