On Wed, 26 Aug 2009, Troy Dawson wrote:
Hi Eve,
The problem is that a plain SL5 ssh client does not do
GSSAPIDelegateCredentials and this is what is needed for you to get your AFS
credentials on minos06.
https://fermilinux.fnal.gov/documentation/security/ssh-client/
<snip>
I hope no-one minds if I ask a stupid question...
What is to stop a user from adding the relevant section to their own
.ssh/config ? I know that isn't useful for catching all users but it is a
useful test...
According to my understanding of the ssh client the *first* (matching)
value found for each parameter is the one used and it is defined to read
the user config before the system one (and command-line options before
that)...
BTW the web page mentions a clash with GSSAPIDelegateCredentials on
Ubuntu, which probably means that they are setting the value earlier than
the suggested host... fragment (so will be found first).
From man ssh_config (on sl5 in case it matters):
...
Since the first obtained value for each parameter is used, more
host-specific declarations should be given near the beginning of the
file, and general defaults at the end.
...
-- Jon
