OpenSSH and KerbV
Frank Cusack
fcusack at fcusack.com
Fri May 16 17:24:16 EST 2003
On Thu, May 15, 2003 at 10:58:12PM -0700, Phil Dibowitz wrote:
> Phil Dibowitz wrote:
> > Hrm, really? I loose my tickets when I SSH from one host to the next.
> > Is this also only an ssh1 thing?
> >
>
> I hate to reply to my own post... but it occurs to me its probably
> required to have kerb authentication in order to have kerb ticket
> forwarding. Given that, kerb authentication IS working just fine if I
> use ssh1... (my kinit hadn't worked before and I didn't realize it).
>
> HOWEVER, ticket forwarding still fails:
>
> debug1: Kerberos v5 authentication accepted.
> debug1: Kerberos v5 TGT forwarding failed: KDC can't fulfill requested
> option
>
> Unfortunately my kerberos-fu is weak, so, I'm not sure if its a kerb
> thing or an ssh thing...
Looks like your kdc is configured to not allow forwardable tickets.
/fc
More information about the openssh-unix-dev
mailing list