[28704] in Kerberos
Re: Solaris 10 sshd + GSSAPI = where's my cred cache?
daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Fri Nov 9 14:15:39 2007
Message-ID: <4734B1C5.2030002@anl.gov>
Date: Fri, 09 Nov 2007 13:15:17 -0600
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: mayer@ntp.isc.org
In-Reply-To: <4734AB98.8060902@ntp.isc.org>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Danny Mayer wrote:
> Simon Wilkinson wrote:
>> On 9 Nov 2007, at 04:04, Danny Mayer wrote:
>>
>>>> The manpage (ssh_config(4)) says:
>>>>
>>>> GSSAPIDelegateCredentials
>>>>
>>>> Enables/disables GSS-API credential forwarding. The
>>>> default is no.
>>>> ^^^^^^^^^^^^^
>>> That makes no sense. The default is no? The default should be "Enabled"
>>> or "Disabled". "No" has no meaning here.
>> All boolean options to both Sun and OpenSSH only take yes/no arguments.
>> So, the meaning of "GSSAPIDelegateCredentials no" would seem pretty clear.
>>
>> Simon.
>>
>>
>
> So what this should be saying is the default *value* of
> GSSAPIDelagateCredentials is No. It's worded really badly.
And the default should be no. You only want to delegate to systems you trust
with your tickets. You as a user can use the ~/.ssh/ssh_config
to set it to yes for selected hosts.
>
> Danny
> ________________________________________________
> Kerberos mailing list Kerberos@mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
