Ubuntu Kerberos and Active Directory
Douglas E. Engert
deengert at anl.gov
Tue Sep 12 15:26:36 EDT 2006
Rohit Kumar Mehta wrote:
> Hey guys, I did an "apt-get install libpam-krb5" which removed
> libpam-heimdal, and the problem is now gone. (I reproduced the problem
> in both Debian-etch and Ubuntu-dapper). I am guessing there
> is some problem with the heimdal libs.
> Now I can ssh to the machine using Active Directory credentials.
What do you mean by this? Send you user/password from ssh to sshd,
and use keyboard-interactive? Or do you mean use gssapi-with-mic?
> However, even though klist shows my ticket,
On which machine, the ssh client machine or the sshd server?
I cannot do passwordless authentication.
What do you mean by this?
>
> I am guessing that setup is a little more involved and requires a keytab
> and adding records to the Active Directory.
Yes you would need these for gssapi-with-mic to work.
The simple method is:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/howto/kerbstep.mspx
Does anyone know if this
> is correct?
>
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list