Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 23rd August 2011, 10:51 PM
CowTux Offline
Registered User
 
Join Date: Feb 2010
Posts: 32
linuxfedorafirefox
Forwarding kerberos ticket

I can't forward my kerberos credentials to a computing resource before connecting to the resource for which I have kerberos credentials. In other words, from my machine at work I obtain my ticket with kinit -f to a computing facility off in some lab somewhere. Then, I want to ssh to another machine in another department (I don't have control over the krb5.conf file or this would have been easy) where I work. It is on this machine I want to be able to ssh,scp, etc to this far off lab.

I've tried several options around this barrier, but I'm a total failure thus far.
I checked that GSSAPIAuthentication is set to yes.

Code:
work$ ssh -v -A -o "GSSAPIDelegateCredentials yes"  me@otherdept.net
doesn't forward my credential. But, it does remind me the server is not found in the kerberos database.

I've also tried ssh port forwarding (only locally) from the other dept (after I have a valid ticket of course on my work machine).

Code:
dept$ ssh -L 9999:somelab:22 me@work.net
returns:
Permission denied (gssapi-keyex,gssapi-with-mic,keyboard-interactive).

Does anyone have any suggestions?

Thanks in advance.

C
Reply With Quote
  #2  
Old 1st September 2011, 03:30 PM
Redagadir Offline
Registered User
 
Join Date: Aug 2011
Posts: 95
linuxubuntufirefox
Re: Forwarding kerberos ticket

you have 2 issues to take care of:
1. is your remote server added to the kdc server? <- if not, there is nothing to delegate...
2. is your remote sshd server allowing GSSAPIDelegateCredentials on setting? <- if not, ssh options won't be able to change its value.

servlet jsp

Last edited by Redagadir; 21st December 2011 at 07:53 AM.
Reply With Quote
  #3  
Old 8th September 2011, 04:47 PM
CowTux Offline
Registered User
 
Join Date: Feb 2010
Posts: 32
linuxfedorafirefox
Re: Forwarding kerberos ticket

Thanks for the reply.

I'm still a little confused, to which servers were you referring?

This looks like there isn't anything I can do about it if you are referring to the servers I think you are referring.

C
Reply With Quote
Reply

Tags
forwarding, kerberos, ticket

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
USB Ticket printer cperal Hardware & Laptops 7 4th June 2007 08:01 AM
trouble ticket system mnisay Using Fedora 3 6th May 2006 12:45 AM


Current GMT-time: 00:12 (Friday, 25-07-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat