[28701] in Kerberos
Re: Solaris 10 sshd + GSSAPI = where's my cred cache?
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Fri Nov 9 11:25:14 2007
Message-ID: <473489D1.3030107@anl.gov>
Date: Fri, 09 Nov 2007 10:24:49 -0600
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: mayer@ntp.isc.org
In-Reply-To: <4733DC3B.5090105@ntp.isc.org>
Cc: Jeff Blaine <jblaine@kickflop.net>, kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Danny Mayer wrote:
> Nicolas Williams wrote:
>> On Mon, Nov 05, 2007 at 12:06:14PM -0500, Jeff Blaine wrote:
>>> Solved.
>>>
>>> Had to force client-side "-o GSSAPIStoreDelegatedCredentials yes"
Note previous e-mail says this should have read:
-o "GSSAPIDelegateCredentials yes"
>>> even though it was not defined anywhere as "no" (although probably
>>> a default for some reason).
>> The manpage (ssh_config(4)) says:
>>
>> GSSAPIDelegateCredentials
>>
>> Enables/disables GSS-API credential forwarding. The
>> default is no.
>> ^^^^^^^^^^^^^
That is right from the man page.
> That makes no sense. The default is no? The default should be "Enabled"
> or "Disabled". "No" has no meaning here.
Yes it does. The value value is either yes or no.
>
> Danny
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
