...
The following is required in /etc/krb5.conf inside your WSL distro for ssh to work with Kerberos:
| Code Block |
|---|
[libdefaults] default_realm = AGRESEARCH.CO.NZ dns_canonicalize_hostname = false dns_lookup_kdcrealm = true dns_lookup_realmkdc = true forwardable = true rdns = false [realms] AGRESEARCH.COIAM.FLEXI.NESI.ORG.NZ = { admin_serverdns_canonicalize_hostname = c-adc-pv01.agresearch.co.nz:749false rdns admin_server = c-adc-pv02.agresearch.co.nz:749false } [domain_realm] kdc = c-adc-pv01.agresearch.co.nz:88 kdc = c-adc-pv02.agresearch.co.nz:88 } [domain_realm] AGRESEARCH.CO.NZ .agresearch.co.nz = AGRESEARCH.CO.NZ .eri.agresearch.co.nz = IAM.FLEXI.NESI.ORG.NZ agresearch.co.nz = AGRESEARCH.CO.NZ eri.agresearch.co.nz = IAM.FLEXI.NESI.ORG.NZ [appdefaults] pam = { debug = false krb4ticket_convertlifetime = false36000 renew_lifetime = 36000 ticketkrb4_lifetimeconvert = 36000false } |
ssh configuration
The following in ~/.ssh/config means less has to be specified on the command line:
| Code Block |
|---|
Host login-0 login-0.eri.agresearch.co.nz
HostName login-0.eri.agresearch.co.nz
User guestsi@agresearch<USERID>@agresearch.co.nz # really, use your own hereeg blogsj@agresearch.co.nz
GSSAPIAuthentication yes |
Get a Kerberos ticket
...