I've set up host that mounts a kerberized nfs4 homedrive.
This all works fine, however when logging in remotely with a user
using ssh the kerberos ticket is not set for that user.
This requires either manually doing kinit or setting the
GSSAPIDelegateCredentials yes in either .ssh config or in the

My issue is that
Host  *.some.domain
   GSSAPIDelegateCredentials yes

In the user config or even in the global config is not a very clever
thing to do since that would imply that the kerberos credentials would
be provided to every  system that the user would ssh to in the
some.domain network.

Is there a clever way to do this in freeipa
like an adition to host based access, ie send the
GSSAPIDelegateCredentials only for these hosts when using ssh?


Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to