Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-1883: Unable to receive a Kerberos ticket upon login when using public key method

Auditing and Monitoring Service ,   Authentication Service ,   Mac & PC Management Service ,  

12 April,16 at 11:02 AM

Applies to: Centrify DirectControl-Enabled OpenSSH.

When a user uses ssh and public/private key pair method to access a system running Centrify, the user does not receive a kerberos ticket on login.  Is their a recommended configuration for Centrify and SSH that will solve this problem?  For this particular case, the customer does not want to use a kerberos key for passwordless connection instead use the public-key authentication.

1) Centrify does NOT and cannot change any default behavior of OpenSSH source code as per GPL hence whatever functionality it offers is how it works in Centrify OpenSSH too.
2) Centrify compiles OpenSSH with Kerberos support.
3) Centrify understands that "Public Key authentication method cannot get Kerberos tickets for users" and  we do NOT have any special configuration parameters to achieve this. To get Kerberos tickets as part of login either please use "interactive login using username/password" or Kerberos authentication.

Additional notes:
The below link shows that even stock SSH does not support this method. This link was provided as a courtesy. Centrify does not take any responsibility for the authenticity or if the link itself becomes unavailable over a period of time.

Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy.  Customers should contact the vendor if there are any further questions