OpenSSH and KerbV

Simon Wilkinson sxw at inf.ed.ac.uk
Fri May 16 17:47:22 EST 2003


On Thu, 15 May 2003, Phil Dibowitz wrote:
> I hate to reply to my own post... but it occurs to me its probably
> required to have kerb authentication in order to have kerb ticket
> forwarding.

To do it securely, yes.

> Given that, kerb authentication IS working just fine if I
> use ssh1... (my kinit hadn't worked before and I didn't realize it).
>
> HOWEVER, ticket forwarding still fails:
>
> debug1: Kerberos v5 authentication accepted.
> debug1: Kerberos v5 TGT forwarding failed: KDC can't fulfill requested
> option

You've either not requested forwardable tickets, or the servers host key
is configured not to accept them. Use 'kinit -f' to acquire forwardable
credentials.

Cheers,

Simon.




More information about the openssh-unix-dev mailing list