GSSAPI Tab (Secure Shell Settings)

Getting there

Use the GSSAPI tab of the Secure Shell Settings dialog box to specify settings for GSSAPI authentication. Items on this tab are available only if GSSAPI/Kerberos is selected in the User Authentication list on the General tab.

The options are:



Use the Microsoft Security Services Provider Interface (SSPI), which lets you use your Windows domain login credentials to authenticate to the Secure Shell server. This setting simplifies setup, as there is no need to configure the Reflection Kerberos client.


Reflection Kerberos

Use the Reflection Kerberos client for Kerberos/GSSAPI authentication. Before you can make connections using the Reflection Kerberos client, you must configure Reflection Kerberos on your computer.



Configures the Reflection Kerberos client. This button is available only when Reflection Kerberos is the selected GSSAPI provider.


Delegate credentials

Specifies whether GSSAPI forwards your Kerberos ticket granting ticket (TGT) to the host.


Use default service principal name

Specifies the name Reflection uses when it sends a request for a service ticket to the Kerberos Key Distribution Center (KDC). The host name value is the name of the Secure Shell server to which you are connecting. The realm value depends on which GSSAPI provider you have selected.


Service principal

Specifies a non-default service principal value.