>> I have a FreeIPA 4.4.0 setup with Active Directory trusts. Users >> connecting to Linux servers from their domain-joined workstations are >> not required to enter a password for the first connection. However, >> if they attempt to ssh to a second Linux machine from the first they >> are being prompted for a password. > > What is the output if they klist on the first machine they SSH to?
[[email protected]@sl1aosplmgt0001 ~]$ klist Ticket cache: KEYRING:persistent:255985:krb_ccache_TuVdBrp Default principal: [email protected] Valid starting Expires Service principal 03/03/2017 11:55:16 03/03/2017 21:47:34 krbtgt/[email protected] renew until 03/04/2017 11:47:33 03/03/2017 11:47:34 03/03/2017 21:47:34 krbtgt/[email protected] renew until 03/04/2017 11:47:33 centric.com is the AD domain that ipa.gen.zone trusts. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
