openssh + kerberos + windows ad

Bob Rasmussen ras at anzio.com
Mon Jan 4 18:18:55 EST 2010


I am attempting the same thing myself, almost. Please provide as many 
details as you can.

My AD server is a 2008 Server box, my client is a Windows 2000 box, trying 
to use Windows PuTTY to log in to a Linux box that is running OpenSSH. 

I also am running WireShark (formerly Ethereal) to monitor the network, so 
I can see Kerberos transactions - those that work and those that fail.

The PuTTY I am trying is, I think, an unreleased version from the official 
website. It has calls to GSSAPI.

At this point I get messages about an illegal flag being set. I see these 
in WireShark.

I'd appreciate any help.

On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:

> I just did :)
> 
> the problem was the keytab, i created using linux command "net ads
> keytab create",
> 
> i tested both linux ssh client and putty
> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty
> client, worked, but it didnt created/forwared my ticket) and all
> worked fine.
> 
> Is "Kerberos for Windows" necessary for Windows/Putty?
> 
> Thank you all for help.
> 
> Thank you,
> Marcello
> 
> -- 
> Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
> http://blogdomarcello.wordpress.com
> Information Security
> UNIX / Linux / *BSD
> 
> 

Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras at anzio.com
 company e-mail: rsi at anzio.com
          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
            fax: (US) 503-624-0760
            web: http://www.anzio.com
 street address: Rasmussen Software, Inc.
                 10240 SW Nimbus, Suite L9
                 Portland, OR  97223  USA



More information about the Kerberos mailing list