OpenSSH and KerbV
Simon Wilkinson
sxw at inf.ed.ac.uk
Fri May 16 17:47:22 EST 2003
On Thu, 15 May 2003, Phil Dibowitz wrote:
> I hate to reply to my own post... but it occurs to me its probably
> required to have kerb authentication in order to have kerb ticket
> forwarding.
To do it securely, yes.
> Given that, kerb authentication IS working just fine if I
> use ssh1... (my kinit hadn't worked before and I didn't realize it).
>
> HOWEVER, ticket forwarding still fails:
>
> debug1: Kerberos v5 authentication accepted.
> debug1: Kerberos v5 TGT forwarding failed: KDC can't fulfill requested
> option
You've either not requested forwardable tickets, or the servers host key
is configured not to accept them. Use 'kinit -f' to acquire forwardable
credentials.
Cheers,
Simon.
More information about the openssh-unix-dev
mailing list