Jeff Blaine wrote:
First a question whose answer may negate the rest of the
message:
Q: Is it possible to configure OpenSSH to allow a user
coming from host X, with a valid TGT there, to login
without being asked for a password... without using
SSH's public key crypto for that password-less auth?
[...]
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
GSSAPICleanupCredentials yes
Have you enabled GSSAPIAuthentication (and maybe
GSSAPIDelegateCredentals and PreferredAuthentications) in the client?
The former two default to "no" and the latter's default does not have
"gssapi-with-mic".
Try running the client with "ssh -vvv yourserver" and and watch to see
if it's attempting "gssapi-with-mic" authentication.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
