>> I have a FreeIPA 4.4.0 setup with Active Directory trusts.  Users
>> connecting to Linux servers from their domain-joined workstations are
>> not required to enter a password for the first connection.  However,
>> if they attempt to ssh to a second Linux machine from the first they
>> are being prompted for a password.
> 
> What is the output if they klist on the first machine they SSH to?

[jna...@centric.com@sl1aosplmgt0001 ~]$ klist
Ticket cache: KEYRING:persistent:255985:krb_ccache_TuVdBrp
Default principal: jna...@centric.com

Valid starting       Expires              Service principal
03/03/2017 11:55:16  03/03/2017 21:47:34  krbtgt/ipa.gen.z...@centric.com
        renew until 03/04/2017 11:47:33
03/03/2017 11:47:34  03/03/2017 21:47:34  krbtgt/centric....@centric.com
        renew until 03/04/2017 11:47:33

centric.com is the AD domain that ipa.gen.zone trusts.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to