openssh + kerberos + windows ad
Bob Rasmussen
ras at anzio.com
Mon Jan 4 18:18:55 EST 2010
I am attempting the same thing myself, almost. Please provide as many
details as you can.
My AD server is a 2008 Server box, my client is a Windows 2000 box, trying
to use Windows PuTTY to log in to a Linux box that is running OpenSSH.
I also am running WireShark (formerly Ethereal) to monitor the network, so
I can see Kerberos transactions - those that work and those that fail.
The PuTTY I am trying is, I think, an unreleased version from the official
website. It has calls to GSSAPI.
At this point I get messages about an illegal flag being set. I see these
in WireShark.
I'd appreciate any help.
On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:
> I just did :)
>
> the problem was the keytab, i created using linux command "net ads
> keytab create",
>
> i tested both linux ssh client and putty
> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty
> client, worked, but it didnt created/forwared my ticket) and all
> worked fine.
>
> Is "Kerberos for Windows" necessary for Windows/Putty?
>
> Thank you all for help.
>
> Thank you,
> Marcello
>
> --
> Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
> http://blogdomarcello.wordpress.com
> Information Security
> UNIX / Linux / *BSD
>
>
Regards,
....Bob Rasmussen, President, Rasmussen Software, Inc.
personal e-mail: ras at anzio.com
company e-mail: rsi at anzio.com
voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
fax: (US) 503-624-0760
web: http://www.anzio.com
street address: Rasmussen Software, Inc.
10240 SW Nimbus, Suite L9
Portland, OR 97223 USA
More information about the Kerberos
mailing list