putty/winscp with gssapi/krb5 ticket forwarding
Christopher D. Clausen
cclausen at acm.org
Fri Jan 26 09:41:37 EST 2007
Lars Schimmer <l.schimmer at cgv.tugraz.at> wrote:
> Thanks for the link.
> Maybe I don´t get it right on my thoughts.
> Setup here:
> AD with 1 server and x clients
> krb5 server on debian on extra machine
So you have an Active Directory domain that the Windows machines are on?
And a seperate Kerberos Realm for the Linux machines?
Do you have a realm trust between these? B/c its not likely to work if
you don't.
> on each client MIT krb5 and OpenAFS 1.4.x on debian, 1.5.12 on windows
> on windows clients: krb5 config with the krb5 server entry and "obtain
> tokens for OpenAFS while login enabled"
> til yet no special entries for krb5 in AD.
> I assume the user on windows obtain a token and a valid ticket from
> the
> linux krb5 server while logging in (else the token wouldn´t be valid)
> So a valid ticket for user is available in the cache.
> In https://www-s.acm.uiuc.edu/wiki/space/Setting+up+SSH+on+Debian
That page assumes all machines are in one realm, which doesn't appear to
be your case at all. Can you be specific about which machines are in
which Kerberos / AD Realm?
<<CDC
More information about the Kerberos
mailing list