Stephen Gallagher <sgallagh@xxxxxxxxxx> writes:
>> There is actually a Kerberos mechanism for storing credentials even if
>> it somewhat defeats the object, particularly on a shared system. It
>> would be better if you could forward the GSS identities over ssh, but I
^^^
>> don't see that you can.
>
> Of course you can: `ssh -K`. From the manpage:
>
> -K Enables GSSAPI-based authentication and forwarding (delegation) of
> GSSAPI credentials to the server.
As far as I could tell, that can only be a single identity (possibly per
host), so no use if you need to use a local realm too. I've been doing
this stuff longer than most and am doubtless not up-to-date, but I did
check the doc on my (non-Fedora) desktop.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
