Show Contents / Index / Search

Kerberos Ticket Forwarding in Secure Shell Sessions

By default, Reflection forwards your Kerberos Ticket Granting Ticket (TGT) to the host after authentication.

You can disable ticket forwarding using any of the following techniques.

  • Clear the Delegate credentials setting on the GSSAPI tab of the Secure Shell Settings dialog box. This setting affects only Secure Shell protocol 2 (ssh2) connections.
  • Edit the Secure Shell configuration file to disable ticket forwarding. Use one or both of the following lines, depending on which protocol(s) you use. The first line disables ticket forwarding for protocol 1, the second for protocol 2.

    KerberosTgtPassing no

    GssapiDelegateCredentials no

  • Use the Reflection Kerberos Manager (if it is available on your system) to disable ticket forwarding for realms used by your principal profile. These changes affect Secure Shell sessions that are configured to use Reflection Kerberos, but not sessions configured to use SSPI. Changes you make with the Kerberos Manager are ignored if you have configured ticket forwarding using either of the techniques described above.