On Sat, 2014-07-05 at 15:01 +0200, Rob Verduijn wrote: > Hello, > > I've set up host that mounts a kerberized nfs4 homedrive. > This all works fine, however when logging in remotely with a user > using ssh the kerberos ticket is not set for that user. > This requires either manually doing kinit or setting the > GSSAPIDelegateCredentials yes in either .ssh config or in the > /etc/ssh. > > My issue is that > Host *.some.domain > GSSAPIDelegateCredentials yes > > In the user config or even in the global config is not a very clever > thing to do since that would imply that the kerberos credentials would > be provided to every system that the user would ssh to in the > some.domain network. > > Is there a clever way to do this in freeipa > like an adition to host based access, ie send the > GSSAPIDelegateCredentials only for these hosts when using ssh?
Unfortunately there is not. Simo. -- Simo Sorce * Red Hat, Inc * New York -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
