Putty + GSSAPI from W2k3 terminal server to linux openssh daemon
Douglas E. Engert
deengert at anl.gov
Wed Nov 5 16:44:46 EST 2008
Richard E. Silverman wrote:
>>>>>> "res" == Richard E Silverman <res at qoxp.net> writes:
>
>>>>>> "petesea" == petesea <petesea at bigfoot.com> writes:
> petesea> On Fri, 31 Oct 2008, deengert at anl.gov wrote:
> >>> The v_t_m version could use either the Microsoft SSPI, or the MIT
> >>> GSSAPI as implemented bi the MIT gssapi32.dll. The new PuTTY only
> >>> does SSPI so there are some implications if you are trying to use
> >>> this from a non-windows domain machine. (But runas could be used.)
>
> petesea> That's unfortunate, I wish they would implement both methods.
>
> petesea> I also wish they would implement GSSAPI Key Exchange, to
> petesea> avoid the need to maintain host keys on the client. I
> petesea> haven't found any implementation of PuTTY that supports both
> petesea> MIT GSSAPI and GSSAPI Key Exchange.
>
> res> http://rc.quest.com/topics/PuTTY/
>
> Oops, you said *MIT* GSSAPI. Indeed. FYI, in the commercial world,
> SecureCRT does this.
Yes and it is a fine product. The problem we see, is many third party
packages come with the PuTTY plink.exe program under the covers, some
with some version of GSSAPI(or SSPI), but not all. It would be nice if
the base PuTTY code had the gssapi built in.
>
> res> -- Richard Silverman res at qoxp.net
>
>
--
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
More information about the Kerberos
mailing list