Darren Tucker wrote:
Jeff Blaine wrote:
First a question whose answer may negate the rest of the
message:
Q: Is it possible to configure OpenSSH to allow a user
coming from host X, with a valid TGT there, to login
without being asked for a password... without using
SSH's public key crypto for that password-less auth?
[...]
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
GSSAPICleanupCredentials yes
Have you enabled GSSAPIAuthentication (and maybe
GSSAPIDelegateCredentals and PreferredAuthentications) in the client?
The former two default to "no" and the latter's default does not have
"gssapi-with-mic".
Thanks, Darren. Do you know if there is any reason why
ssh_config does not list (commented out) all of the
defaults in order to give the installer a list of
toggleable items? (like sshd_config already has,
extensively)
That solved the problem though.
