OpenSSH and KerbV

Frank Cusack fcusack at
Fri May 16 17:24:16 EST 2003

On Thu, May 15, 2003 at 10:58:12PM -0700, Phil Dibowitz wrote:
> Phil Dibowitz wrote:
> > Hrm, really? I loose my tickets when I SSH from one host to the next.
> > Is this also only an ssh1 thing?
> > 
> I hate to reply to my own post... but it occurs to me its probably 
> required to have kerb authentication in order to have kerb ticket 
> forwarding. Given that, kerb authentication IS working just fine if I 
> use ssh1... (my kinit hadn't worked before and I didn't realize it).
> HOWEVER, ticket forwarding still fails:
> debug1: Kerberos v5 authentication accepted.
> debug1: Kerberos v5 TGT forwarding failed: KDC can't fulfill requested 
> option
> Unfortunately my kerberos-fu is weak, so, I'm not sure if its a kerb 
> thing or an ssh thing...

Looks like your kdc is configured to not allow forwardable tickets.

More information about the openssh-unix-dev mailing list