[32940] in Kerberos
Re: GSSAPI Issue
daemon@ATHENA.MIT.EDU (Will Fiveash)
Mon Nov 29 19:50:20 2010
Date: Mon, 29 Nov 2010 18:49:20 -0600
From: Will Fiveash <will.fiveash@oracle.com>
To: Russ Allbery <rra@stanford.edu>
Message-ID: <20101130004920.GA16615@sun.com>
Mail-Followup-To: Russ Allbery <rra@stanford.edu>,
"kerberos@mit.edu" <kerberos@mit.edu>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <87sjyqy2je.fsf@windlord.stanford.edu>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Wed, Nov 24, 2010 at 10:55:33AM -0800, Russ Allbery wrote:
> Greg Hudson <ghudson@MIT.EDU> writes:
>
> > It is possible to forward credentials from the client to the server.
> > For this to work, the following must be true:
>
> > * You must have obtained forwardable tickets on the client. You can do
> > this with kinit -f, or by setting "forwardable = true" in the
> > [libdefaults] section of krb5.conf.
>
> > * "GSSAPIDelegateCredentials yes" must be set in ssh_config, or
> > specified on the command line with ssh -o GSSAPIDelegateCredentials=yes.
>
> ssh -K is a shortcut for the latter and lets you choose for each ssh
> command whether you want to forward tickets. I usually only use the ssh
> setting for specific hosts I use a lot and explicitly add the -K when I
> want to forward tickets to other hosts.
I don't see -K in Solaris ssh.
--
Will Fiveash
Oracle
http://opensolaris.org/os/project/kerberos/
Sent using mutt, a sweet, text based e-mail app <http://www.mutt.org/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
