Re: ssh GSSAPI authentication issue

[Joe Sapp]

On Sun, Apr 9, 2017 at 1:14 PM, Ole Tange <ole@tange.dk> wrote:
> On Sun, Apr 9, 2017 at 2:20 AM, Joe Sapp <sappj@ieee.org> wrote:
>> On Sat, Apr 8, 2017 at 7:57 PM, Ole Tange <ole@tange.dk> wrote:
>>> On Sat, Apr 8, 2017 at 9:56 PM, Joe Sapp <sappj@ieee.org> wrote:
>>> :
>>>> I haven't been able to reproduce in a VirtualBox yet, but I did some
>>>> more testing.  It appears that an environment variable is not being
>>>> passed on completely.
>>>>
>>>> This will now work:
>>>>   seq 10 | parallel --ssh "env KRB5CCNAME=${KRB5CCNAME} ssh -vvv"
>>>> --sshlogin :,$SERVER --load 75% echo
>>>
>>> Is KRB5CCNAME exported?
>>>
>>> Try:
>>>
>>> parallel echo '${}' ::: KRB5CCNAME
>>> export KRB5CCNAME
>>> parallel echo '${}' ::: KRB5CCNAME
>>> seq 10 | parallel --sshlogin :,$SERVER --load 75% echo
>>>
>>> If KRB5CCNAME is needed for ssh, then if it is not exported that would
>>> explain all you see.
>>>
>>> Variables transferred using env_parallel are not set when ssh starts.
>>> They are being set on the remote system after ssh has logged in, so if
>>> ssh needs some variables they will have to be exported.
>>
>> KRB5CCNAME does appear to be exported.
>> I tried those commands on a fresh login:
>>
>> $ parallel echo '${}' ::: KRB5CCNAME
>> FILE:/tmp/krb5cc_1340800210_gCtHh22946
>> $ export KRB5CCNAME
>> $ parallel echo '${}' ::: KRB5CCNAME
>> FILE:/tmp/krb5cc_1340800210_gCtHh22946
>>
>> And the last one still prompts for authentication, just as it does
>> when I `unset KRB5CCNAME`.  If I insert my --ssh "..." hack, the last
>> line you suggested works as expected.
>
> Try adding KRB5CCNAME in this line:
>
>     my @keep = qw(PATH SSH_AUTH_SOCK SSH_AGENT_PID);
>
> Like this:
>
>     my @keep = qw(PATH SSH_AUTH_SOCK SSH_AGENT_PID KRB5CCNAME);
>

Thank you!  I forgot to report back that this worked and I have no
auth issues now.

-- 
Joe