![]() ![]() You should only forward your credentials to hosts that are trustworthy. ![]() In that case it is applied to the current Mac account only. Editing this file requires sudo privileges, but we will see further down why we want to edit this in any case. In that case it is applied to all accounts on the Mac. In /etc/ssh/ssh_config (not sshd_config!)(was /etc/ssh_config prior to OS 10.12).The necessary configuration can be applied in two places on your Mac: This can be done on the command line, or more conveniently via the ssh configuration. You need to instruct ssh to use (or "forward") your kerberos token to login to lxplus or other services. The new version of the /etc/nf file usesÄefault_etypes = aes256-cts-hmac-sha1-96 aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc ssh Configuration ![]() With that setting you can login to a Centos8 node, but you would not get an afs token. Previous versions of the /etc/nf file usedÄefault_tkt_enctypes = arcfour-hmac-md5 aes256-cts aes128-cts des3-cbc-sha1 des-cbc-md5 des-cbc-crc To create a kerberos token that you can use for your browser, for ssh, the Self-Service login and many other services. Once the config file is created (in /etc/nf), you can run The Mac Self-Service has an action item called "kerberos config file new" in the category 'Configuration'. It is useful to create a kerberos config file. If you have a valid kerberos ticket you can configure ssh to forward your credentials, allowing password-less connections to properly configured linux boxen. Configuring Firefox to use kerberos for SSO ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |