On Mon, Oct 28, 2019 at 8:47 PM James M. Pulver <jmp...@cornell.edu> wrote: > > I'm working with trying to use kerberos with our X2Go server from > different OSs. We are running a Server 2016 Active Directory with the > UNIX attributes. All computers are joined to this AD. > > On Windows 10, I can get GSSAPI to authenticate and let me log in > without a password. However, I cannot then ssh to a different linux > computer without doing a kinit.
So klist is not reporting any tickets, right? Please provide the output of klist -f. > If I check "delegatation of GSSAPI Credentials to the server, I get > various cp errors around files with "odd" characters, or unable to find > the keyring. Please provide more details. Do you see these errors on the Linux server or elsewhere? Please try to post them here. > On other Scientific Linux 7 computers, I can't even get the Kerberos 5 > authentication to work, it just gives me an error to login with my > password. This does work with the first remote linux computer via ssh. Well, x2go is using libssh. Maybe the libssh of Scientific Linux is too old. Unfortunately I do no know what version is required for this to work. Can you try with a newer version? > I have tried enabling delegation in AD for the computer account of my > primary jump host, no change I can see. > > So - why is X2Go different on Linux with regard to using Kerberos 5 auth > when straight SSH works, and 2 has anyone figured out the windows > equivalent to kinit -F for a user so they can do 2 hops? As I wrote above X2go is not using openssh but libssh. I would love to have x2go use openssh. Regarding kinit -f (-F is _suppressing_ forwarding!) I have no idea how to do that on windows. AFAIR kinit is not provided at all. Uli _______________________________________________ x2go-user mailing list x2go-user@lists.x2go.org https://lists.x2go.org/listinfo/x2go-user
