putty/winscp with gssapi/krb5 ticket forwarding
Christopher D. Clausen
cclausen at acm.org
Thu Jan 25 11:15:38 EST 2007
Lars Schimmer <l.schimmer at cgv.tugraz.at> wrote:
> After some testing I got a few test PCs with debians "etch" system do
> ticket forwarding and obtaining afs tokens.
> Now I want to use putty and winscp from windows to login without a
> password on that machines.
> WinSCP can use gssapi login per default. But where do I have to put
> the krb5.keytab generated for the windows machine? In which directory
> do I have to put it?
Generally you don't want to use keytabs for users. You want to forward
the user's kerberos credentials in their ccache.
If your systems are on Windows AD, you might need to run ms2mit.exe
first and then try to forward credentials with GSSAPI apps that use MIT
Kerberos for Windows.
If you do need a keytab, you can put it anywhere, just kinit -kt
keytab.file princial at REALM before attempting to use it.
<<CDC
More information about the Kerberos
mailing list