On to, 06 syys 2018, Ranbir via FreeIPA-users wrote:
On Thu, 2018-09-06 at 19:04 +0300, Alexander Bokovoy via
> Do you have
> GSSAPIDelegateCredentials yes
> on all your servers in /etc/ssh/ssh_config?
Ah crap, I didn't explain it fully: from some servers, GSSAPI
delegation only works when I use the FQDN for the server I'm trying to
ssh to. On others, I can use just the hostname for the next leg (i.e.
Hmm...maybe there's a configuration parameter set on some that I overlooked.
default FreeIPA deals with fully qualified host names. Unless you
added non-FQDN names as aliases to your host records in IPA (I suspect
you don't), doing non-FQDN ssh access will not work if they aren't
resolved by the ssh client to FQDN ones like others in the thread
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland