Putty + GSSAPI from W2k3 terminal server to linux openssh daemon
Douglas E. Engert
deengert at anl.gov
Mon Nov 3 10:09:07 EST 2008
petesea at bigfoot.com wrote:
> On Fri, 31 Oct 2008, deengert at anl.gov wrote:
>
>> The v_t_m version could use either the Microsoft SSPI, or the MIT GSSAPI
>> as implemented bi the MIT gssapi32.dll. The new PuTTY only does SSPI so
>> there are some implications if you are trying to use this from a
>> non-windows domain machine. (But runas could be used.)
>
> That's unfortunate, I wish they would implement both methods.
Please express your concerns to the PuTTY people. A few years ago I tried
to get then to add GSS. They added initial support in the SVN so they are open
to suggestions. The wishlist page:
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/kerberos-gssapi.html
says: "fixed-in: r8138 2008-08-10". The Audit trail on the wishlist page says:
"We've got this. Perhaps if we say so we can get more pre-release testing."
>
> I also wish they would implement GSSAPI Key Exchange, to avoid the need to
> maintain host keys on the client. I haven't found any implementation of
> PuTTY that supports both MIT GSSAPI and GSSAPI Key Exchange.
That would be nice.
> ________________________________________________
> Kerberos mailing list Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list