[Freeipa-users] GSSAPIDelegateCredentials yes
Rob Verduijn
rob.verduijn at gmail.com
Sat Jul 5 13:01:03 UTC 2014
Hello,
I've set up host that mounts a kerberized nfs4 homedrive.
This all works fine, however when logging in remotely with a user
using ssh the kerberos ticket is not set for that user.
This requires either manually doing kinit or setting the
GSSAPIDelegateCredentials yes in either .ssh config or in the
/etc/ssh.
My issue is that
Host *.some.domain
GSSAPIDelegateCredentials yes
In the user config or even in the global config is not a very clever
thing to do since that would imply that the kerberos credentials would
be provided to every system that the user would ssh to in the
some.domain network.
Is there a clever way to do this in freeipa
like an adition to host based access, ie send the
GSSAPIDelegateCredentials only for these hosts when using ssh?
Cheers
Rob
More information about the Freeipa-users
mailing list