Re: Using enterprise principal name in GSS-API

On Mon, Sep 26, 2016 at 7:09 PM, Greg Hudson wrote: > On 09/25/2016 04:32 PM, Isaac Boukris wrote: >> The more a look at the code and on wire traffic, I think >> enterprise-name and canonicalization are different things (although >> related). >> Here is what my tests against AD

Re: KEYRING:persistent and ssh

On Tue, Sep 27, 2016 at 09:40:45AM +0200, tseegerkrb wrote: > > An other problem is that i can not use user@REALM to ssh to the next box > without a password. If use "kinit user@REALM" i get a ticket, but if i > then "ssh -l user@REALM mybox" it ask for the password again. But if i > just use

Re: KEYRING:persistent and ssh

On 16 September 2016 at 16:02, t Seeger wrote: > Hello, > > i have a little problem with the 'KRB5CCNAME' environment variable. I set > the default_ccache_name to KEYRING:persistent:%{uid} but if i login it is > set to "file:/tmp/krb5cc_${uid}_XX" cause ssh sets the

Re: KEYRING:persistent and ssh

On 21.09.2016 20:03, Russ Allbery wrote: > tseegerkrb writes: > >> Thanks for your help. Is my setup so special (kerberos/OpenLDAP/sssd/sshd) >> nobody using it? I think i will ask debian/ubuntu or the openssh >> maintainer for help. > It's sadly quite unusual to use