Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-2009: Putty takes too long to obtain a host ticket

Authentication Service ,  

12 April,16 at 11:24 AM

Question:

If there are multiple trusted domains, Centrify-Enabled Putty takes a long time to obtain a host ticket. How do I optimize this issue?

Answer:

By default, Centrify-Enabled Putty tries to get the host ticket on the logon domain (Realm) only.

If the host is not in the same realm as the user, the user can go to Putty's Kerberos tab and select "Find machine from trusted domains". Putty will try to get the host ticket from other trusted domains when this checkbox is selected. 

This function is a requirement when the host is from another forest or from an external trusted domain.

To speed up the process, specify the service principal name in the Kerberos tab.  This will instruct Centrify-Enabled PuTTY to talk to the specified KDC only.  

The SPN should be like this:

host/yourmachine.yourdomain.com@YOURREALM

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

 articleKB-8267: Basic Steps for Getting and Using a Host Ticket For Single Sign On article[How to] Force Kerberos SSH Authentication, and Disable SSH Public Key Authentication articleKB-6044: How to configure users for automatic Kerberos Credentials for infinite renewal even after users have logged out? articleCentrify's Privileged Identity Management Solution for Big Data articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleKB-6050: How to configure a group for automatic Kerberos Credentials for infinite renewal? articleKB-6041: How to show current license type in use by adclient articleCentrify 17.4 and 17.4 Hotfix Release Notes articleKB-6040: How to change the license type in use after adclient successful joined to the AD?