Kerberos tickets, SSH public key auth, AFS tokens

Jeff Blaine jblaine at stage-infinity.com
Fri Dec 18 17:43:35 EST 2009 

Thanks Doug

> The which PuTTY has GSSAPI:
>
> Quest has one that uses SSPI. http://rc.quest.com/topics/putty/

Hmm, I can't see to get this to work at all (ignoring CVS).

I have KfW creds for jblaine, afs, and krbtgt on this Windows
box.

I have a QuestPuTTY session named faron.foo.org
     GSSAPI is enabled for this session
     GSSAPI Credential Delegation is enabled for this session

Opening the session shows:

     Using username "jblaine".
     Using GSSAPI service principal name "host/faron.foo.org".
     jblaine at faron.foo.org's password:

The sshd debug output:

Server listening on :: port 9000.
debug1: Server will not fork when running in debugging mode.
Connection from xx.xx.0.146 port 3423
debug1: Client protocol version 2.0; client software version 
PuTTY_Release_0.60_q1.129
debug1: no match: PuTTY_Release_0.60_q1.129
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1.3
...
debug2: GSS-API Mechanism encoded as toWM5Slw5Ew8Mqkay+al2g==
...
debug2: kex_parse_kexinit: 
gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
...
debug1: userauth-request for user jblaine service ssh-connection method 
gssapi-with-mic
debug1: attempt 1 initial attempt 0 failures 1 initial failures 0
debug2: input_userauth_request: try method gssapi-with-mic
debug1: Client offered gssapi userauth with { 1 2 840 113554 1 2 2 } 
(supported)
debug1: userauth-request for user jblaine service ssh-connection method none
debug1: attempt 2 initial attempt 0 failures 1 initial failures 0
debug2: Unrecognized authentication method name: none
Failed none for jblaine from xx.xx.0.146 port 3423 ssh2
debug1: userauth-request for user jblaine service ssh-connection method 
password
debug1: attempt 3 initial attempt 0 failures 3 initial failures 0
debug2: input_userauth_request: try method password
debug2: Starting PAM service sshd-password for method password
Accepted password for jblaine from xx.xx.0.146 port 3423 ssh2

More information about the Kerberos mailing list