-
Title
Cannot get the ssh single sign-on working with Active Directory account. -
Description
Cannot get the ssh single sign-on working with Active Directory account
-
Resolution
1. Edit your vas.conf under the [libdefaults] section insert the following:
forwardable = true
2. In Active Directory Users and Computers, go to the computer object, right-click and choose "Properties", and on the "Delegation" tab and allow delegation by selecting one of the available options (dependent on your particular environment).
3. With ssh, add to the command line `-o "GSSAPIAuthentication yes"' whenever you connect via ssh into another machine.As an alternative to Step 3 the following can be set in ~/.ssh/config or /etc/ssh/ssh_config
GSSAPIAuthentication yes -
Additional Information
Allow delegation can be considered a security risk in some situations. Setting this allows the initial ticket from a putty session to a unix box to be transferable to additional unix boxes.