Most ssh client configurations (such as those on MacOS X and Ubuntu) do not delegate (forward) Kerberos tickets by default, to avoid inadvertently exposing your Kerberos tickets to a malicious machine. Normally, you must use ssh -K to delegate your tickets on a per-connection basis.
If you wish to delegate your tickets by default, you can add a line like the following to your ~/.ssh/config file:
That will cause ssh to delegate your credentials when connecting to linerva.mit.edu (but not when connecting to other machines). You can specify multiple hosts like so:
You can even specify wildcards, though we do not recommend you do this:
