How do I enable forwardable kerberos tickets via plink?
You have to enable “Trust this computer for delegation to any service (Kerberos only)” in property of computer object in domain for the target Unix / Linux host.
Open ADUC --> Right-click the particular computer object and select property --> Go to Delegation tab --> Select “Trust this computer for delegation to any service (Kerberos only)” and then click apply.
When you use plink to establish ssh connection, use –option A to enable ticket forwarding, like
plink -ssh -A <Host Name/IP Address>
e.g. plink -ssh -A rhel.lab.local
plink also supports loading Putty profile, means you can establish ssh connection with kerberos forwarding enabled profile.
plink –load <profilename>
e.g. plink –load sshServer1