Need help with GSSAPI authentication

Simon Gales sgales at
Wed May 11 11:38:05 EST 2005

Client: Windows XP pro, in an AD 2003 domain, running SecureCRT 4.1.11. 
I've also got MIT Kerberos for Windows installed on the client, and Leash
shows that my tickets ARE forwardable.

Server: Solaris 8 Sparc server, with MIT Kerberos (krb5-1.4.1), and
OpenSSH 4.0p1.

I've created two AD accounts, and extracted keys mapped to
"host/ at REALM.COM" and
"ssh/ at REALM.COM" and installed them into

I can login to the server just fine - GSSAPI-with-mic authentication works
fine.  But when I "klist" after logging in, I have no tickets.

So... is this supposed to work?  Should my tickets get forwarded?  If not,
is there a patch that would make this work?

Any help would be appreciated...  I can provide server-side debug traces
if it'll help, but I really just need to know if tgt-forwarding is
supposed to work in OpenSSH 4.0...


More information about the openssh-unix-dev mailing list