Putty + GSSAPI from W2k3 terminal server to linux openssh daemon

Douglas E. Engert deengert at anl.gov
Fri Oct 31 13:25:21 EDT 2008



Stephen Frost wrote:
> * Jonathan Barber (j.barber at dundee.ac.uk) wrote:
>> We don't have any particular preference WRT ssh clients, putty was just
>> choosen as our test as it's what we have used in the past.
> 
> This thread got me curious, and it appears that ~2 months ago, GSSAPI
> support was committed to the PuTTY subversion tree.  Anyone tried it?

Thanks for the tip. I too have complained for years about this, and
it nice to see the PuTTY people are adding GSSAPI.

This was the easies shared source Windows build I have seen!
I did an svn checkout on Unix to a shared file system (AFS) ran the
./mkfiles.pl on Unix, then from XP in their windows directory
nmake -f Makefile.vc  (Visual Studio 8)

As compared to http://sweb.cz/v_t_m/#putty, they did
change the names of some flags in the registry. GssapiFwd was GSSAPIFwdTGT,
GSSAPIServerRealm is not defined. But these are minor.

And it works!

The v_t_m version could use either the Microsoft SSPI, or the MIT GSSAPI
as implemented bi the MIT gssapi32.dll. The new PuTTY only does SSPI
so there are some implications if you are trying to use this from a
non-windows domain  machine. (But runas could be used.)


> I'd love to move off of all of these hacked/patched versions of PuTTY
> that are floating around.  We're currently using
> http://sweb.cz/v_t_m/#putty but in the past we've used a variety of
> things. :/
> 
> 	Thanks!
> 
> 		Stephen
> 
> 
> ------------------------------------------------------------------------
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos

-- 

  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444



More information about the Kerberos mailing list