Centrify DirectControl, Centrify Identity Service, Mac Edition, Centrify DirectAudit
Unable to receive a Kerberos ticket upon login when using public key method
Applies to: Centrify DirectControl-Enabled OpenSSH.
Question: When a user uses ssh and public/private key pair method to access a system running Centrify, the user does not receive a kerberos ticket on login. Is their a recommended configuration for Centrify and SSH that will solve this problem? For this particular case, the customer does not want to use a kerberos key for passwordless connection instead use the public-key authentication.
Answer: 1) Centrify does NOT and cannot change any default behavior of OpenSSH source code as per GPL hence whatever functionality it offers is how it works in Centrify OpenSSH too.
2) Centrify compiles OpenSSH with Kerberos support.
3) Centrify understands that "Public Key authentication method cannot get Kerberos tickets for users" and we do NOT have any special configuration parameters to achieve this. To get Kerberos tickets as part of login either please use "interactive login using username/password" or Kerberos authentication.
Additional notes: The below link shows that even stock SSH does not support this method. This link was provided as a courtesy. Centrify does not take any responsibility for the authenticity or if the link itself becomes unavailable over a period of time.
Centrify Corporation does not take any responsibility for the content or availability of this link and it was provided as a courtesy. Customers should contact the vendor if there are any further questions