Question about TGT forwarding

Jason Edgecombe jwedgeco at uncc.edu
Thu May 31 16:50:36 EDT 2018


Hi everyone,

We're noticing some odd behaviour on our Windows clients where the Windows
clients are not forwarding the TGT to our Linux servers. People can login
to the Linux servers from windows clients, but "klist" shows no tickets
after login. Linux clients forward the TGT just fine. In case it matters,
we just moved our Linux home directories from a NAS with Kerberized SMB to
a Linux NFS server with Kerberized NFS. I've had to disable GSSAPI
authentication in openssh so that windows users can still get tickets on
the remote end.

I have a disagreement with our AD guru on whether or not TGTs are expected
to be forwarded and if that is a security risk. Everything worked fine a
few weeks ago.

Any help is appreciated.

Thanks,
Jason
---------------------------------------------------------------------------
Jason Edgecombe | Linux Administrator
UNC Charlotte | The William States Lee College of Engineering
9201 University City Blvd. | Charlotte, NC 28223-0001
Phone: 704-687-1943
jwedgeco at uncc.edu | http://engr.uncc.edu |  Facebook
---------------------------------------------------------------------------
If you are not the intended recipient of this transmission or a person
responsible for delivering it to the intended recipient, any disclosure,
copying, distribution, or other use of any of the information in this
transmission is strictly prohibited. If you have received this transmission
in error, please notify me immediately by reply e-mail or by telephone at
704-687-1943.  Thank you.


More information about the Kerberos mailing list