LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-15-2010, 09:49 AM   #1
0ddba11
Member
 
Registered: Nov 2004
Location: Derby - UK
Distribution: Ubuntu at Home, RedHat Enterprise at Work
Posts: 46

Rep: Reputation: 15
Kerberos credentials aren't forwarded after SSH


Hi all,

I have configured 'passwordless' SSH between our machines using GSSAPI authentication which is all working beautifully (Active Directory KDC).

I now want to make sure that the user's kerberos crednetials are forwarded as well using the 'GSSAPIDelegateCredentials yes' on the SSH client.

However, it seems as though the openssh server on Red Hat 4.8 has not been compiled to support this, because if I run sshd in debug mode, I see the client 'delegating credentials' but nothing appears in the debug log on the server to suggest the the credentials have been received, and sure enough a quick 'klist' shows that the user does not have any tickets.

So two questions:

1. Am I right about openssh-server on Red Hat Enterprise 4.8 not supporting delegated credentials?

2. What flag would I need to recompile the src.rpm so that it will work?

Thanks in advance!
 
Old 02-15-2010, 10:50 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,396

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
No, it forwards them OK, just that the GSSAPI forwarding is not enabled by default in sshd_config.
 
Old 02-15-2010, 02:55 PM   #3
0ddba11
Member
 
Registered: Nov 2004
Location: Derby - UK
Distribution: Ubuntu at Home, RedHat Enterprise at Work
Posts: 46

Original Poster
Rep: Reputation: 15
The SSH client doesn't forward by default hence the need for 'GSSAPIDelegateCredentials yes' in ssh_config, but what option is needed in sshd_config in order for it to accept them?

The man pages for sshd_config do not seem to contain anything pertaining to accepting delegated credentials. I tried 'GSSAPIStoreDelegatedCredentials yes' which is what I would do on a Solaris box but Linux doesn't like this.

Any further help much appreciated.
 
Old 02-18-2010, 04:11 AM   #4
0ddba11
Member
 
Registered: Nov 2004
Location: Derby - UK
Distribution: Ubuntu at Home, RedHat Enterprise at Work
Posts: 46

Original Poster
Rep: Reputation: 15
I feel stupid.

I hadn't specified forwardable tickets in krb5.conf!!!

Ooops.
 
Old 02-18-2010, 09:09 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,396

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
Sorry for not replying, but I couldn't find anything worht saying. I could see on Solaris sshd manpages that there were options about storing the forwarded credentials, but didn't seem to find the same option on a clearly Linux version. I knew i'd done it as part of my RH442 exam study though, but that wouldn't exactly help you!
 
  


Reply

Tags
credentials, forward, kerberos, openssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] SSH forwarded IP investor_me Linux - Networking 9 12-14-2009 04:50 PM
Finding out where ssh X11 sessions are forwarded to jgombos Linux - Networking 0 06-10-2009 01:58 AM
Can sound be forwarded through a SSH tunnel? greenhornet Linux - Networking 1 10-06-2004 09:14 AM
Desktop size forwarded via SSH too big debian_dummy Debian 2 07-27-2004 09:33 AM
pptp forwarded through ssh not working l33thaxors Linux - Networking 0 02-18-2002 02:30 PM


All times are GMT -5. The time now is 05:15 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration