Using PuTTY from a domain-joined Windows 7 machine, with that machine's PuTTY stack configured to allow credential delegation and connecting to a RHEL7 server, also joined to AD but *not* configured in AD to be trusted for delegation, I do not get a TGT added to my cache when I connect.
However, if I use MIT Kerberos on the Windows side to obtain the ticket and then configure PuTTY to prefer MIT over MS SPI, and connect to the same RHEL7 machine, I *do* get a forwarded TGT (klist -f: Flags: FfPRA) PuTTY w/ MS SSPI works *if* I go into AD and set the target server up to be configured for delegation trust. Can someone explain the difference in behavior? Almost feels like the ticket the MIT stack is providing to PuTTY is different than the MS stack's ticket. I also see this alluded to elsewhere[1]. Thanks, Ray [1] http://serverfault.com/questions/646854/putty-kerberos-gssapi-authentication/705889#705889 ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos