On Fri, 2018-09-07 at 11:49 -0400, Ranbir via FreeIPA-users wrote:
On Thu, 2018-09-06 at 16:24 -0400, Simo Sorce via FreeIPA-users
wrote:
> I need to ask, if you really mean "delegation" or if you mean
> "single-
> sign-on" here.
I definitely am. I've been using the -K switch for ssh to ensure GSSAPI
credentials are used and forwarded.
> Delegation is completely unrelated to whatever server name is used,
> so
> a short name won't break delegation per se. However SSO will be
> broken
> if a ticket cannot be found.
I've also been double checking that I have a ticket each time I've
tested.
So you are able to SSH into the other server without any password
prompt, but when you klist there your ccache is empty, is this what you
are experiencing ?
Simo.
--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc