[Freeipa-users] authentication with latest putty fails
Han Boetes
hboetes at gmail.com
Mon Jan 7 16:00:09 UTC 2013
I just had a long and fruitfull debugging session with Sumit and this is
what we discovered.
The default settings do run fine for linux machines but for windows hosts
they do not suffice. Sumit is submitting bug reports and hopefully they
will be applied to the next 2.2.x release. This problem does not exist with
version 3.x
The workaround for 2.2.x releases is:
For any target machine you want to enable forwarding tickets which have to
be accessible with putty you will have to add the ok_as_delegate flag. To
do that run the following commands on the ipa-server:
# ipa host-mod --addattr='objectclass=krbTicketPolicyAux'
destinationhost.domain
# kadmin.local -q 'modprinc +ok_as_delegate
host/destinationhost.domain at REALM'
So far I working tickets on the destination machine if I used centrify
putty to log in. This didn't work with the stock version of putty allas.
# Han
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20130107/9bc555d0/attachment.htm>
More information about the Freeipa-users
mailing list