On 04/03/2014 12:53 AM, Russ Allbery wrote:
> The rule, rather, is that the first match takes precedence. You want to
> write this as ... and then it should work as you expect.
Sorry. The real buggy combination is:
/etc/ssh/ssh_config:
host *
GSSAPIDelegateCredentials no
~/.ssh/config:
host *
CanonicalizeHostname yes
CanonicalDomains mydomain.com
host foo.mydomain.com
GSSAPIKeyExchange yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPIRenewalForcesRekey yes
% ssh foo klist
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_UID)
If I comment out GSSAPIDelegateCredentials in /etc/ssh/ssh_config or do
ssh foo.mydomain.com I get forwarded credentials.
--
sergio.
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
