OpenSSH and KerbV

Simon Wilkinson sxw at
Fri May 16 17:47:22 EST 2003

On Thu, 15 May 2003, Phil Dibowitz wrote:
> I hate to reply to my own post... but it occurs to me its probably
> required to have kerb authentication in order to have kerb ticket
> forwarding.

To do it securely, yes.

> Given that, kerb authentication IS working just fine if I
> use ssh1... (my kinit hadn't worked before and I didn't realize it).
> HOWEVER, ticket forwarding still fails:
> debug1: Kerberos v5 authentication accepted.
> debug1: Kerberos v5 TGT forwarding failed: KDC can't fulfill requested
> option

You've either not requested forwardable tickets, or the servers host key
is configured not to accept them. Use 'kinit -f' to acquire forwardable



More information about the openssh-unix-dev mailing list