On 12/13/2016 09:36 AM, Dave Love wrote:
> Simo Sorce <simo@xxxxxxxxxx> writes:
>
>> If you really need to automate it because typing a password is too hard:
>> cat ~/.mykrbpassword | kinit myusername
>
> It needs to be automated principally because the password is not
> memorable. I assume infrastructure people would rather we don't use the
> least secure credentials we can.
>
> There is actually a Kerberos mechanism for storing credentials even if
> it somewhat defeats the object, particularly on a shared system. It
> would be better if you could forward the GSS identities over ssh, but I
> don't see that you can.
Of course you can: `ssh -K`. From the manpage:
-K Enables GSSAPI-based authentication and forwarding (delegation) of
GSSAPI credentials to the server.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
