putty/winscp with gssapi/krb5 ticket forwarding

Christopher D. Clausen cclausen at acm.org
Thu Jan 25 11:15:38 EST 2007


Lars Schimmer <l.schimmer at cgv.tugraz.at> wrote:
> After some testing I got a few test PCs with debians "etch" system do
> ticket forwarding and obtaining afs tokens.
> Now I want to use putty and winscp from windows to login without a
> password on that machines.
> WinSCP can use gssapi login per default. But where do I have to put
> the krb5.keytab generated for the windows machine? In which directory
> do I have to put it?

Generally you don't want to use keytabs for users.  You want to forward 
the user's kerberos credentials in their ccache.

If your systems are on Windows AD, you might need to run ms2mit.exe 
first and then try to forward credentials with GSSAPI apps that use MIT 
Kerberos for Windows.

If you do need a keytab, you can put it anywhere, just kinit -kt 
keytab.file princial at REALM before attempting to use it.

<<CDC 





More information about the Kerberos mailing list