Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 21/22 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Thread Tools Search this Thread Display Modes
Old 23rd August 2011, 10:51 PM
CowTux Offline
Registered User
Join Date: Feb 2010
Posts: 32
Forwarding kerberos ticket

I can't forward my kerberos credentials to a computing resource before connecting to the resource for which I have kerberos credentials. In other words, from my machine at work I obtain my ticket with kinit -f to a computing facility off in some lab somewhere. Then, I want to ssh to another machine in another department (I don't have control over the krb5.conf file or this would have been easy) where I work. It is on this machine I want to be able to ssh,scp, etc to this far off lab.

I've tried several options around this barrier, but I'm a total failure thus far.
I checked that GSSAPIAuthentication is set to yes.

work$ ssh -v -A -o "GSSAPIDelegateCredentials yes"  me@otherdept.net
doesn't forward my credential. But, it does remind me the server is not found in the kerberos database.

I've also tried ssh port forwarding (only locally) from the other dept (after I have a valid ticket of course on my work machine).

dept$ ssh -L 9999:somelab:22 me@work.net
Permission denied (gssapi-keyex,gssapi-with-mic,keyboard-interactive).

Does anyone have any suggestions?

Thanks in advance.

Reply With Quote
Old 1st September 2011, 03:30 PM
Redagadir Offline
Registered User
Join Date: Aug 2011
Posts: 95
Re: Forwarding kerberos ticket

you have 2 issues to take care of:
1. is your remote server added to the kdc server? <- if not, there is nothing to delegate...
2. is your remote sshd server allowing GSSAPIDelegateCredentials on setting? <- if not, ssh options won't be able to change its value.

servlet jsp

Last edited by Redagadir; 21st December 2011 at 08:53 AM.
Reply With Quote
Old 8th September 2011, 04:47 PM
CowTux Offline
Registered User
Join Date: Feb 2010
Posts: 32
Re: Forwarding kerberos ticket

Thanks for the reply.

I'm still a little confused, to which servers were you referring?

This looks like there isn't anything I can do about it if you are referring to the servers I think you are referring.

Reply With Quote

forwarding, kerberos, ticket

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
USB Ticket printer cperal Hardware & Laptops 7 4th June 2007 08:01 AM
trouble ticket system mnisay Using Fedora 3 6th May 2006 12:45 AM

Current GMT-time: 09:02 (Friday, 09-10-2015)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat