I have a FreeIPA 4.4.0 setup with Active Directory trusts.  Users connecting to 
Linux servers from their domain-joined workstations are not required to enter a 
password for the first connection.  However, if they attempt to ssh to a second 
Linux machine from the first they are being prompted for a password.

I've tried the following /etc/ssh/ssh_config options:

    GSSAPIDelegateCredentials yes
    GSSAPIKeyExchange yes
    GSSAPIRenewalForcesRekey yes
    GSSAPITrustDns yes

And the following /etc/ssh/sshd_config options:

    GSSAPIAuthentication yes
    GSSAPIKeyExchange yes
    GSSAPIStoreCredentialsOnRekey yes

Am I missing a step/configuration?



Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to