On Wed, Jun 06, 2018 at 05:08:19PM -0400, Jason Edgecombe wrote:
>
> Running "klist" when logged on to Windows 10 with my domain account shows
> the following flags for my krbtgt/DOMAIN entry:
>
> Ticket Flags 0x60a1 -> forwardable forwarded renewable pre_authent
> name_canonicalize
That's t
Hi Jeffrey,
All of the Windows 10 and RHEL7/CentOS7 machines are domain joined. All
user accounts are domain accounts. The ssh client on windows is putty 0.70.
GSSAPI authantication and credential delegation are enabled in the putty
settings and the GSSAPI library order preference is MIT, Microsof
On 5/31/2018 4:50 PM, Jason Edgecombe wrote:
> Hi everyone,
>
> We're noticing some odd behavior on our Windows clients where the Windows
> clients are not forwarding the TGT to our Linux servers. People can login
> to the Linux servers from windows clients, but "klist" shows no tickets
> after lo
On Thu, May 31, 2018 at 04:50:36PM -0400, Jason Edgecombe wrote:
[...]
> I have a disagreement with our AD guru on whether or not TGTs are expected
> to be forwarded and if that is a security risk. Everything worked fine a
> few weeks ago.
Windows' own Kerberos client code will only send a delegat
On Thu, May 31, 2018 at 04:50:36PM -0400, Jason Edgecombe wrote:
> Hi everyone,
>
> We're noticing some odd behaviour on our Windows clients where the Windows
> clients are not forwarding the TGT to our Linux servers. People can login
> to the Linux servers from windows clients, but "klist" shows
Hi everyone,
We're noticing some odd behaviour on our Windows clients where the Windows
clients are not forwarding the TGT to our Linux servers. People can login
to the Linux servers from windows clients, but "klist" shows no tickets
after login. Linux clients forward the TGT just fine. In case it
