Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1835: How do I enable forwardable kerberos tickets in plink

Authentication Service ,  

12 April,16 at 11:45 AM

Question:

How do I enable forwardable kerberos tickets via plink?

 

Answer:

You have to enable “Trust this computer for delegation to any service (Kerberos only)” in property of computer object in domain for the target Unix / Linux host.

Open ADUC --> Right-click the particular computer object and select property --> Go to Delegation tab --> Select “Trust this computer for delegation to any service (Kerberos only)” and then click apply.

 

When you use plink to establish ssh connection, use –option A to enable ticket forwarding, like

plink -ssh -A <Host Name/IP Address>

e.g. plink -ssh -A rhel.lab.local

plink also supports loading Putty profile, means you can establish ssh connection with kerberos forwarding enabled profile.

plink –load <profilename>

e.g. plink –load sshServer1

Related Articles

 articleKB-8814: Non-forwardable Kerberos Ticket is Generated With Trust Delegation Enabled articleKB-4303: How to troubleshoot SSH Single-Sign-On (SSO) and nested SSO? articleKB-2526: Cannot create consistently forwardable Kerberos tickets using Centrify OpenSSH articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS articleKB-3925: How to add Centrify parameter to a group policy articleKB-1876: Cannot create Kerberos tickets using Centrify OpenSSH articleKerberos SSO - Handling Disjointed Active Directory and UNIX DNS namespaces with Centrify articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal?