[Freeipa-users] GSSAPI for second hop (SSH)
Jason B. Nance
jason at tresgeek.net
Fri Mar 3 17:57:49 UTC 2017
Hello,
I have a FreeIPA 4.4.0 setup with Active Directory trusts. Users connecting to Linux servers from their domain-joined workstations are not required to enter a password for the first connection. However, if they attempt to ssh to a second Linux machine from the first they are being prompted for a password.
I've tried the following /etc/ssh/ssh_config options:
GSSAPIDelegateCredentials yes
GSSAPIKeyExchange yes
GSSAPIRenewalForcesRekey yes
GSSAPITrustDns yes
And the following /etc/ssh/sshd_config options:
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
GSSAPIStoreCredentialsOnRekey yes
Am I missing a step/configuration?
Thanks,
j
More information about the Freeipa-users
mailing list