Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1835: How do I enable forwardable kerberos tickets in plink

Authentication Service ,  

12 April,16 at 11:45 AM

Question:

How do I enable forwardable kerberos tickets via plink?

 

Answer:

You have to enable “Trust this computer for delegation to any service (Kerberos only)” in property of computer object in domain for the target Unix / Linux host.

Open ADUC --> Right-click the particular computer object and select property --> Go to Delegation tab --> Select “Trust this computer for delegation to any service (Kerberos only)” and then click apply.

 

When you use plink to establish ssh connection, use –option A to enable ticket forwarding, like

plink -ssh -A <Host Name/IP Address>

e.g. plink -ssh -A rhel.lab.local

plink also supports loading Putty profile, means you can establish ssh connection with kerberos forwarding enabled profile.

plink –load <profilename>

e.g. plink –load sshServer1

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-8814: Non-forwardable Kerberos Ticket is Generated With Trust Delegation Enabled articleKB-4303: How to troubleshoot SSH Single-Sign-On (SSO) and nested SSO? articleKB-2526: Cannot create consistently forwardable Kerberos tickets using Centrify OpenSSH articleKB-3925: How to add Centrify parameter to a group policy articleKB-1876: Cannot create Kerberos tickets using Centrify OpenSSH articleKB-4662: How to refresh an AD user account's Kerberos ticket automatically via group policy articleKerberos SSO - Handling Disjointed Active Directory and UNIX DNS namespaces with Centrify articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleKB-6280: AD Users unable to mount kerberos-enabled NFSv4 shares on RHEL