Frederic Medery wrote:
Hello,
openssh version : openssh-3.9p1 kerberos : krb5-server-1.2.7-28 on Redhat AS V3
I can connect t from station1 to server1 using kerberos auth. But the tgt is not forwared (even if kinit -f).
Server1 have a princ (host/server1) in the krb5 DB and krb5.keytab.
I thought that TGT forwarding was automatic.
The kinit -f indicates the ticket if forwardable. You also need to tell ssh to forward the TGT.
GSSAPIDelegateCredentials yes
For security reasons you only want to delegate to host you trust. so you may want to add for selected hosts in your own ssh_config.
Do I need a princ host/station1 ?
No, not if station1 only the client.
thanks !
________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
--
Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [EMAIL PROTECTED] https://mailman.mit.edu/mailman/listinfo/kerberos
