In fact, you do not need to do anything at all (at least on RHEL 5) as sshd is configured by default here to honor GSSAPI authentication - so on RedHat, it should work just out-of-the box.
The only problem arises, if you need to forward your TGT to the remote machine (and you might want it if your home is mounted via NFSv4 and Kerberos security - without a valid TGT the remote machine refuse to allow you access your home directory). If you want your TGT forwarded, 2 things are necessary:
- You must have forwardable tickets in your cache (see my previous posts). Also kinit -f will do the job.
- SSH must be configured to delegate GSSAPI credentials, just make sure
GSSAPIDelegateCredentials yes
is present in your ssh_config file
No comments:
Post a Comment