![]() ![]() Normally, you must use ssh -K to delegate your tickets on a per-connection basis. Most ssh client configurations (such as those on MacOS X and Ubuntu) do not delegate (forward) Kerberos tickets by default, to avoid inadvertently exposing your Kerberos tickets to a malicious machine. If you don’t have nano installed (it’s a text editor), run this command: sudo apt-get install nano -y. Rather than let you end up logged in without access to your files, requires that you delegate tickets, use traditional password-based authentication, or explicitly opt-in to public-key authentication. First, open up the ssh configuration file by running the following command: sudo nano /etc/ssh/sshdconfig. The reason for this is that without delegation, cannot obtain Kerberos tickets for you to use once logged in, and cannot obtain AFS tokens necessary to access your files. ![]() While some workstations may let you log in without delegation, does not. When using Kerberos over SSH, you can choose to merely use Kerberos to authenticate yourself, or you can choose to use Kerberos to delegate your tickets in addition to authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |