Hello, I've set up host that mounts a kerberized nfs4 homedrive. This all works fine, however when logging in remotely with a user using ssh the kerberos ticket is not set for that user. This requires either manually doing kinit or setting the GSSAPIDelegateCredentials yes in either .ssh config or in the /etc/ssh.
My issue is that Host *.some.domain GSSAPIDelegateCredentials yes In the user config or even in the global config is not a very clever thing to do since that would imply that the kerberos credentials would be provided to every system that the user would ssh to in the some.domain network. Is there a clever way to do this in freeipa like an adition to host based access, ie send the GSSAPIDelegateCredentials only for these hosts when using ssh? Cheers Rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project