openssh + kerberos + windows ad

Marcello Mezzanotti marcello.mezzanotti at gmail.com
Wed Jan 6 08:05:22 EST 2010


Bob,

What exactly you want to know? :)



On Mon, Jan 4, 2010 at 9:18 PM, Bob Rasmussen <ras at anzio.com> wrote:
> I am attempting the same thing myself, almost. Please provide as many
> details as you can.
>
> My AD server is a 2008 Server box, my client is a Windows 2000 box, trying
> to use Windows PuTTY to log in to a Linux box that is running OpenSSH.
>
> I also am running WireShark (formerly Ethereal) to monitor the network, so
> I can see Kerberos transactions - those that work and those that fail.
>
> The PuTTY I am trying is, I think, an unreleased version from the official
> website. It has calls to GSSAPI.
>
> At this point I get messages about an illegal flag being set. I see these
> in WireShark.
>
> I'd appreciate any help.
>
> On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:
>
>> I just did :)
>>
>> the problem was the keytab, i created using linux command "net ads
>> keytab create",
>>
>> i tested both linux ssh client and putty
>> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty
>> client, worked, but it didnt created/forwared my ticket) and all
>> worked fine.
>>
>> Is "Kerberos for Windows" necessary for Windows/Putty?
>>
>> Thank you all for help.
>>
>> Thank you,
>> Marcello
>>
>> --
>> Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
>> http://blogdomarcello.wordpress.com
>> Information Security
>> UNIX / Linux / *BSD
>>
>>
>
> Regards,
> ....Bob Rasmussen,   President,   Rasmussen Software, Inc.
>
> personal e-mail: ras at anzio.com
>  company e-mail: rsi at anzio.com
>          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
>            fax: (US) 503-624-0760
>            web: http://www.anzio.com
>  street address: Rasmussen Software, Inc.
>                 10240 SW Nimbus, Suite L9
>                 Portland, OR  97223  USA
>



-- 
Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
http://blogdomarcello.wordpress.com
Information Security
UNIX / Linux / *BSD




More information about the Kerberos mailing list