12 April,16 at 11:45 AM
Question:
How do I enable forwardable kerberos tickets via plink?
Answer:
You have to enable “Trust this computer for delegation to any service (Kerberos only)” in property of computer object in domain for the target Unix / Linux host.
Open ADUC --> Right-click the particular computer object and select property --> Go to Delegation tab --> Select “Trust this computer for delegation to any service (Kerberos only)” and then click apply.
When you use plink to establish ssh connection, use –option A to enable ticket forwarding, like
plink -ssh -A <Host Name/IP Address>
e.g. plink -ssh -A rhel.lab.local
plink also supports loading Putty profile, means you can establish ssh connection with kerberos forwarding enabled profile.
plink –load <profilename>
e.g. plink –load sshServer1