Putty + GSSAPI from W2k3 terminal server to linux openssh daemon

Douglas E. Engert deengert at anl.gov
Mon Nov 3 09:48:15 EST 2008 


Paul B. Hill wrote:
> Hi Doug or anyone else,
> 
> Do you know of any distributions that work with KfW that have a version 
> of plink that doesn't always open a Windows console window? I know that 
> Quest (formerly Vintella?) has a version that does this, but it only 
> supports SSPI.

The http://sweb.cz/v_t_m/#putty version can do KfW or SSPI. It will look for
gsslib32.dll, and if  gss_acquire_cred shows credentials, it will try
gss. If not it will try SSPI. The mods to do this came from gssklog :-)
The version we are using is based on PuTTY 5.8.

I sent a separate note Friday to the PuTTY project, thanking them for
starting to work on GSS, and asked if the would pick up KfW and
gss kex. I have not received an answer yet.

> 
> I want to be able to use svn+ssh from within Eclipse, on a machine that 
> is not in a Windows domain, without having the system flash open a large 
> number of console windows while I am either checking file out or in.

I believe the v_t_m version is smart enough to not flash any screens.

You have to setup a session ahead of time to load, as all the GSS setting
are not available on the command line.

> 
> The Quest distribution of Putty works well for this purpose when I am 
> using a machine that is in a Windows domain.
> 
> Paul
> 
> Douglas E. Engert wrote:
>>
>> Stephen Frost wrote:
>>> * Jonathan Barber (j.barber at dundee.ac.uk) wrote:
>>>> We don't have any particular preference WRT ssh clients, putty was just
>>>> choosen as our test as it's what we have used in the past.
>>> This thread got me curious, and it appears that ~2 months ago, GSSAPI
>>> support was committed to the PuTTY subversion tree.  Anyone tried it?
>>
>> Thanks for the tip. I too have complained for years about this, and
>> it nice to see the PuTTY people are adding GSSAPI.
>>
>> This was the easies shared source Windows build I have seen!
>> I did an svn checkout on Unix to a shared file system (AFS) ran the
>> ./mkfiles.pl on Unix, then from XP in their windows directory
>> nmake -f Makefile.vc  (Visual Studio 8)
>>
>> As compared to http://sweb.cz/v_t_m/#putty, they did
>> change the names of some flags in the registry. GssapiFwd was 
>> GSSAPIFwdTGT,
>> GSSAPIServerRealm is not defined. But these are minor.
>>
>> And it works!
>>
>> The v_t_m version could use either the Microsoft SSPI, or the MIT GSSAPI
>> as implemented bi the MIT gssapi32.dll. The new PuTTY only does SSPI
>> so there are some implications if you are trying to use this from a
>> non-windows domain  machine. (But runas could be used.)
>>
>>
>>> I'd love to move off of all of these hacked/patched versions of PuTTY
>>> that are floating around.  We're currently using
>>> http://sweb.cz/v_t_m/#putty but in the past we've used a variety of
>>> things. :/
>>>
>>>     Thanks!
>>>
>>>         Stephen
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> ________________________________________________
>>> Kerberos mailing list           Kerberos at mit.edu
>>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
> 
> 

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the Kerberos mailing list