I've recently encountered with this "limitation" when trying to bootstrap
systems to use SSSD+GSSAPI (Kerberos) when they are first provisioned using
ssh-key (e.g. Openstack).
Once you go pubkey, GSSAPI cred forwarding isn't available in this
context.. and that's a bit frustrating, but that's the w
Hi all,
If a user logs into any kerberized Application, using Krb5LoginModule,
there is a function loginFromKeyTab. Client should have the key tab file to
login to application. But I think this is very insecure way of login.
Anyone who cloud access your key tab file then login to application. Is
t
