After you have setup your workstation and server to join your samba4 Active Directory DC, you can setup Kerberos authentication to ssh into the server without needing to retype your password (single sign-in)
Just add these lines to the /etc/ssh/sshd_config on the server
KerberosAuthentication yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
UsePAM no
And add these lines to the /etc/ssh/ssh_config on the client
 GSSAPIAuthentication yes
 GSSAPIDelegateCredentials yes
Credential delegation is the magic that passes your password to the server. Voila!
No comments:
Post a Comment