I have to be missing something simple here. I have a user that is able to SSH into a RHEL7 box without being prompted for a password. They aren't using SSH keys. Only systems with SSSD installed is allowing this. His group is defined in "simple_allow_groups" and the ID_provider method is AD.
Any thoughts?
EDIT: I'm seeing the following line in /var/log/secure
Authorized to username, krb5 principal user@domain (krb5_kuserok)
sshd[5809]: Accepted gssapi-with-mic for user from 1.2.3.4 port 52244 ssh2
sshd[5809]: pam_unix(sshd:session): session opened for user by (uid=0)
EDIT2: So, I generated a new kerberos ticket on my workstation via kinit username. Now I can SSO to some RHEL7 boxes but not others. And so far none of the RHEL6 boxes.
[link] [comments]