On 21.09.2016 20:03, Russ Allbery wrote: > tseegerkrb <tseeger...@gmail.com> writes: > >> Thanks for your help. Is my setup so special (kerberos/OpenLDAP/sssd/sshd) >> nobody using it? I think i will ask debian/ubuntu or the openssh >> maintainer for help. > It's sadly quite unusual to use non-FILE ticket caches. I wish it > weren't, since KEYRING has nice security properties, but it's relatively > new and the rest of the world has definitely not adapted yet. > Maybe i got an other problem cause if i connect from a client without a ticket i get (after i enter my password) a ticket and it use the KEYRING:persistent cache. KRB5CCNAME is set to the KEYRING:persistent and i can ssh to the next box without entering my password again, but then it use the file based ticket cache...
An other problem is that i can not use user@REALM to ssh to the next box without a password. If use "kinit user@REALM" i get a ticket, but if i then "ssh -l user@REALM mybox" it ask for the password again. But if i just use "ssh -l user mybox" it connects without the password. Any idea where i should search for the failure? ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
