Kerberos Ticket forwarding

Advertisement

Christopher
Guest

Kerberos Ticket forwarding

Hi,

Kerberos authentication works really well, thanks a lot. But there is one small feature that lacks: Ticket forwarding. We use Kerberos at our university for nearly everything, even for the network filesystem (AFS, Andrew Filesystem). Without the ticket (TGT) there is no access to the home directory.

Would it be possible to add this small feature? Maybe as a configuration option (forward TGT to remote site)?

Thank you for this excellent program,

Christopher

Reply with quote

Advertisement

Christopher
Guest

Re: Kerberos Ticket forwarding

Hi,

just to mention: Just at the bottom of
<invalid hyperlink removed by admin>
I found the patch to PuTTY which adds GSSAPI support with ticket forwarding. Maybe that helps.

Thanks,
Christopher

Reply with quote

Christopher
Guest

Re: Kerberos Ticket forwarding

The interesting part is in ssh.c:
int deleg_flag = 0;
 
if (deleg_creds) {
        deleg_flag = GSS_C_DELEG_FLAG;
        logevent("GSSAPI: delegating credentials");
}
 
ctx->major = gss_init_sec_context(&ctx->minor,
    GSS_C_NO_CREDENTIAL, &ctx->context, ctx->name, ctx->oid,
    GSS_C_MUTUAL_FLAG | GSS_C_INTEG_FLAG | deleg_flag,
    0, NULL, recv_tok, NULL, send_tok, flags, NULL);
If deleg_creds is set, credentials should be forwarded. This variable is mapped to ssh->cfg.gssapi_fwd_tgt. But: gssapi_fwd_tgt is not mentioned anywhere else in the source. So it seems to me that there is simply no connection between the GUI check box and this variable.

To check if this really is the missing piece, could you just build a test version with deleg_creds hard set to 1? I don't have any Borland compiler around...

Thanks,
Christopher

Reply with quote

Advertisement

Christopher
Guest

Re: Kerberos Ticket forwarding

Hi,

just checked the new beta 4.0. Kerberos Ticket forwarding works just as it should! Thank you a lot!


Regards,

Christopher

Reply with quote

Advertisement

You can post new topics in this forum