Re: recursive ssh invocation
From: Richard E. Silverman (res_at_qoxp.net)
Date: 05/29/05
- Previous message: Richard E. Silverman: "Re: recursive ssh invocation"
- In reply to: Andrei Alexandrescu (See Website for Email): "Re: recursive ssh invocation"
- Next in thread: Andrei Alexandrescu (See Website For Email): "Re: recursive ssh invocation"
- Reply: Andrei Alexandrescu (See Website For Email): "Re: recursive ssh invocation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 May 2005 01:10:09 -0400
>>>>> "AA" == Andrei Alexandrescu (See Website for Email) <seewebsiteforemail@moderncppdesign.com> writes:
AA> Thanks to all who've answered. Indeed, my net uses Kerberos with
AA> OpenSSH on Linux...
Then the snippet you posted does in fact indicate the problem.
AA> For reasons I don't get, however, the procedure fails on recursive
AA> invocations.
It fails because you have Kerberos credentials on the first machine, but
not on the second: you need ticket forwarding. Set
GSSAPIDelegateCredentials=yes on the client, and make sure you have
forwardable tickets:
syrinx:~% kinit -f
Password for res@OANKALI.NET:
syrinx:~% klist -f
Ticket cache: FILE:/tmp/krb5cc_1000_Ue9268
Default principal: res@OANKALI.NET
Valid starting Expires Service principal
05/29/05 01:07:44 05/29/05 11:07:44 krbtgt/OANKALI.NET@OANKALI.NET
Flags: FPI
Tthe "F" flag indicates "forwardable."
-- Richard Silverman res@qoxp.net
- Previous message: Richard E. Silverman: "Re: recursive ssh invocation"
- In reply to: Andrei Alexandrescu (See Website for Email): "Re: recursive ssh invocation"
- Next in thread: Andrei Alexandrescu (See Website For Email): "Re: recursive ssh invocation"
- Reply: Andrei Alexandrescu (See Website For Email): "Re: recursive ssh invocation"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
