Re: A way to automatically get a ticket through ssh for a local user

Brandon Allbery Thu, 14 Jul 2016 15:29:54 -0700

On 7/14/16, 17:32, "kerberos-boun...@mit.edu on behalf of Mauro Cazzari" 
<kerberos-boun...@mit.edu on behalf of mymagi...@gmail.com> wrote:


    # Kerberos options
    KerberosAuthentication yes
    KerberosOrLocalPasswd yes
    KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    #KerberosUseKuserok yes
    
    
I would turn these off; they refer to an older Kerberos API in ssh and may 
interfere with GSSAPI.

The others look correct. Note that if it is using public key authentication to 
get to the next server, it will not use the Kerberos code and therefore won’t 
forward (delegate) credentials to the next server. (Also note that if there are 
other matching Host blocks, the “Host *” block in ssh_config won’t be used.


________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Re: A way to automatically get a ticket through ssh for a local user

Reply via email to