On 7/14/16, 17:32, "[email protected] on behalf of Mauro Cazzari"
<[email protected] on behalf of [email protected]> wrote:
# Kerberos options
KerberosAuthentication yes
KerberosOrLocalPasswd yes
KerberosTicketCleanup yes
#KerberosGetAFSToken no
#KerberosUseKuserok yes
I would turn these off; they refer to an older Kerberos API in ssh and may
interfere with GSSAPI.
The others look correct. Note that if it is using public key authentication to
get to the next server, it will not use the Kerberos code and therefore won’t
forward (delegate) credentials to the next server. (Also note that if there are
other matching Host blocks, the “Host *” block in ssh_config won’t be used.
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
