2015-04-24 17:47 GMT+02:00 Rob Crittenden <rcrit...@redhat.com>:

> John Obaterspok wrote:
> > Hello,
> >
> > I'm on F21 and if I login to my workstation I can then sso using ssh to
> > host X. But then I'm also able to sso from x -> y.
> >
> > If I'm on x and issue klist I see this:
> > klist: No credentials cache found (ticket cache FILE:/tmp/krb5
> >
> > Should I really be able to do this?
> >
> > --- john
> >
> >
>
> Did you add your ssh pubkey? ssh -vv will show you the auth method that
> it is using.
>

Of course, I just forgot about it :)
For the record, gssapi-with-mic was the auth method.


> FILE:/tmp/krb5 is a rather odd place to store the ccache too. On F21 it
> should be using KEYRING:persistent:<uid>:<gid>


The host that I ssh'ed into had F20.

Thanks Rob!

-- john
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to