I can't forward my kerberos credentials to a computing resource before connecting to the resource for which I have kerberos credentials. In other words, from my machine at work I obtain my ticket with kinit -f to a computing facility off in some lab somewhere. Then, I want to ssh to another machine in another department (I don't have control over the krb5.conf file or this would have been easy) where I work. It is on this machine I want to be able to ssh,scp, etc to this far off lab.
I've tried several options around this barrier, but I'm a total failure thus far.
I checked that GSSAPIAuthentication is set to yes.
work$ ssh -v -A -o "GSSAPIDelegateCredentials yes" email@example.com
doesn't forward my credential. But, it does remind me the server is not found in the kerberos database.
I've also tried ssh port forwarding (only locally) from the other dept (after I have a valid ticket of course on my work machine).
dept$ ssh -L 9999:somelab:22 firstname.lastname@example.org
Permission denied (gssapi-keyex,gssapi-with-mic,keyboard-interactive).
Does anyone have any suggestions?
Thanks in advance.