On Thu, Apr 14, 2005 at 03:47:21PM +0200, Ian Delahorne wrote: > Thimo Neubauer wrote: > >On Thu, Apr 14, 2005 at 03:05:29PM +0200, Simon Lyngshede wrote: > > > >>The "KerberosTgtPassing yes" won't work on Sarge, as the Debian > >>package doesn't support that, so you'll need to compile OpenSSH > >>yourself. > > > > > >... or install "ssh-krb5" ;-) Then you can forward your > >Kerberos-tickets either by using -K or setting > >"GSSAPIDelegateCredentials yes" which is unfortunately undocumented > >(see http://bugs.debian.org/144291). > > > > GSSAPIDelegateCredentials gives you a new KRB5CC for each ssh login, so > it's not really useable.
What's not useable about that? It correctly sets KRB5CCNAME which aklog can then use. Each ssh login gets a seperate PAG anyway, so why not have seperate KRB5CCs? This way, at least cleaning up the tokens on logout is clearly defined. Cheers Thimo _______________________________________________ OpenAFS-info mailing list OpenAFS-info@openafs.org https://lists.openafs.org/mailman/listinfo/openafs-info