On pe, 03 maalis 2017, Jason B. Nance wrote:

I have a FreeIPA 4.4.0 setup with Active Directory trusts.  Users connecting to 
Linux servers from their domain-joined workstations are not required to enter a 
password for the first connection.  However, if they attempt to ssh to a second 
Linux machine from the first they are being prompted for a password.

I've tried the following /etc/ssh/ssh_config options:

   GSSAPIDelegateCredentials yes
   GSSAPIKeyExchange yes
   GSSAPIRenewalForcesRekey yes
   GSSAPITrustDns yes

And the following /etc/ssh/sshd_config options:

   GSSAPIAuthentication yes
   GSSAPIKeyExchange yes
   GSSAPIStoreCredentialsOnRekey yes

Am I missing a step/configuration?
They need to allow delegation on the machine where their first hop
starts, not only on your jump server.

/ Alexander Bokovoy

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to