[Freeipa-users] Ticket delegation
Rob Crittenden
rcritten at redhat.com
Fri Apr 24 15:47:49 UTC 2015
John Obaterspok wrote:
> Hello,
>
> I'm on F21 and if I login to my workstation I can then sso using ssh to
> host X. But then I'm also able to sso from x -> y.
>
> If I'm on x and issue klist I see this:
> klist: No credentials cache found (ticket cache FILE:/tmp/krb5
>
> Should I really be able to do this?
>
> --- john
>
>
Did you add your ssh pubkey? ssh -vv will show you the auth method that
it is using.
FILE:/tmp/krb5 is a rather odd place to store the ccache too. On F21 it
should be using KEYRING:persistent:<uid>:<gid>
rob
More information about the Freeipa-users
mailing list