Versions Compared

Old Version 5

changes.mady.by.user Simon Guest

Saved on

compared with

New Version Current

changes.mady.by.user Matt Bixley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following is required in /etc/krb5.conf inside your WSL distro for ssh to work with Kerberos:

Code Block
[libdefaults]
  default_realm = AGRESEARCH.CO.NZ

 dns_canonicalizelookup_hostnamerealm = false
true
 dns_lookup_kdc = true
  dns_lookup_realmforwardable = true

[realms]
 IAM.FLEXI.NESI.ORG.NZ = true{
  forwardabledns_canonicalize_hostname = truefalse
  rdns = false
 }

[domain_realm]
  .agresearch.co.nz = AGRESEARCH.CO.NZ
  .eri.agresearch.co.nz = IAMAGRESEARCH.FLEXI.NESICO.ORG.NZ
  .eri.agresearch.co.nz = AGRESEARCH.COIAM.FLEXI.NESI.ORG.NZ
  eri.agresearch.co.nz = IAM.FLEXI.NESI.ORG.NZ

[appdefaults]
  pam = {
    debug = false
    krb4ticket_convertlifetime = false
36000
   renew_lifetime = 36000
    ticketkrb4_lifetimeconvert = 36000
false
 }

ssh configuration

The following in ~/.ssh/config means less has to be specified on the command line:

Code Block
Host login-0 login-0.eri.agresearch.co.nz
     HostName login-0.eri.agresearch.co.nz
     User guestsi@agresearch<USERID>@agresearch.co.nz          # really, use your own hereeg blogsj@agresearch.co.nz
     GSSAPIAuthentication yes

Get a Kerberos ticket

...