I'd like to get a Kerberos 5 ticket when ssh-ing to get to a fully-automated login solution.
Typically, you use kinit first and then ssh:
> kinit user@DOMAIN
user@DOMAIN's Password: (enter password)
> ssh user@host
(successful login)
I'd like to simply run ssh user@host and automatically check for a Kerberos ticket. If one isn't there, I'd like it to get a ticket and then log in.
> kdestroy
> ssh user@host
user@DOMAIN's Password: (enter password)
(successful login)
(log off of host)
> klist
(show ticket info)
I'd like this to be configured on a per-host basis, as not every host I log into supports Kerberos.
Best Answer
I'm assuming you're using OpenSSH, in which case it just doesn't work that way. Besides, getting the TGT is considered the job of the primary authentication program, the client would just be involved in using the TGT to get a service ticket for the client, so if the project did add that functionality, it would look very odd and likely lead to constant confusion on a subject people are already pretty confused on.
That said, you can actually just write a script that wraps around ssh and klist/kinit and either use that directly or alias "ssh" to your script. Once you're executing a script you wrote you can go based off whatever criteria you feel like going off of.