[Freeipa-users] GSSAPIDelegateCredentials yes
Simo Sorce
simo at redhat.com
Sat Jul 5 21:12:46 UTC 2014
On Sat, 2014-07-05 at 15:01 +0200, Rob Verduijn wrote:
> Hello,
>
> I've set up host that mounts a kerberized nfs4 homedrive.
> This all works fine, however when logging in remotely with a user
> using ssh the kerberos ticket is not set for that user.
> This requires either manually doing kinit or setting the
> GSSAPIDelegateCredentials yes in either .ssh config or in the
> /etc/ssh.
>
> My issue is that
> Host *.some.domain
> GSSAPIDelegateCredentials yes
>
> In the user config or even in the global config is not a very clever
> thing to do since that would imply that the kerberos credentials would
> be provided to every system that the user would ssh to in the
> some.domain network.
>
> Is there a clever way to do this in freeipa
> like an adition to host based access, ie send the
> GSSAPIDelegateCredentials only for these hosts when using ssh?
Unfortunately there is not.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list