I enabled AD authentication for my Linux cluster via SSSD service. One side effect is I'm able to do SSO for the cluster now, but it works for some accounts and doesn't for the others. For example, I have two Linux boxes they all registered to the domain. And two accounts are a domain user, and both have been permitted to access the Linux boxes. One can ssh from one box to the other, but the other account doesn't. Default configures the SSSD and SSHD. I don't know what I have to check?
All right, I figure it out, I sudoed from one account to the other, so there are no password in the keytab for the second account, that's why the SSO doesn't work.