Issue with ssh+gssapi and des-cbc-md5 tickets
Neulinger, Nathan
nneul at umr.edu
Wed Feb 5 10:28:57 EST 2003
We're trying to get PuTTY on windows to connect to ssh with gssapi on
unix, and it is using des-cbc-md5 tickets only. Our unix hosts don't
have des-cbc-md5 keys in their keytabs, only des-cbc-crc.
The unix build of ssh+gssapi-patch uses des-cbc-crc tickets and works
just fine. The windows client however can authenticate, but does not
forward the tgt. Since we're using aklog+AFS, that makes it
non-functional.
Our unix hosts have default_tgs_enctypes = des-cbc-crc, and
default_tkt_enctypes=des-cbc-crc. We generate the keytabs with ktutil
addent ... -e des-cbc-crc. KDC is MS-ADS.
Short of changing and recompiling PuTTY to use des-cbc-crc tickets
instead of md5, is there some straightforward way of getting this to
work right?
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul at umr.edu
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
More information about the krbdev
mailing list