Putty + GSSAPI from W2k3 terminal server to linux openssh daemon
Jonathan Barber
j.barber at dundee.ac.uk
Fri Oct 31 08:29:02 EDT 2008
On Fri, Oct 31, 2008 at 03:49:24AM -0700, Jeffrey Altman wrote:
> Jonathan Barber wrote:
> > After downloading putty from here:
> > http://web.mit.edu/jaltman/Public/putty-0.59-with-gssapi.zip
> >
> This version is known to be buggy and should have been deleted from
> that location long ago. It now has been.
That would explain that.
> > and copying the dll's from the MIT NetIDMgr install to
> > C:\Windows\system32,
> Why are you copying DLLs from the installer directory to \WINDOWS\System32?
> Application binaries do not belong there.
Prior to that, we were getting errors including references to SSPI,
presumably because putty wasn't picking up the MIT DDLS.
> > we get the following message from putty when we try
> > to connect to a kerberised ssh server:
> >
> > Event Log: GSSAPI error: Unspecified GSS failure. Minor code may provide more information
> > Event Log: GSSAPI mech specific error: Cannot resolve network address for KDC in requested realm
> >
> > The same ssh server works fine from a linux client with the same
> > principal.
> the problem is not your ssh server, its the putty client.
Yes, I'd reached that conclusion. The comment was there to rule out the
possibility that people might think that the issue was in the underlying
infrastructure.
> Secure Endpoints provides gss putty clients that work (for 32-bit and
> 64-bit windows)
> to its clients.
How is this available?
We don't have any particular preference WRT ssh clients, putty was just
choosen as our test as it's what we have used in the past.
> Jeffrey Altman
> Secure Endpoints Inc.
--
Jonathan Barber
High Performance Computing Analyst
Tel. +44 (0) 1382 386389
More information about the Kerberos
mailing list