openssh + kerberos + windows ad
Marcello Mezzanotti
marcello.mezzanotti at gmail.com
Wed Jan 6 08:05:22 EST 2010
Bob,
What exactly you want to know? :)
On Mon, Jan 4, 2010 at 9:18 PM, Bob Rasmussen <ras at anzio.com> wrote:
> I am attempting the same thing myself, almost. Please provide as many
> details as you can.
>
> My AD server is a 2008 Server box, my client is a Windows 2000 box, trying
> to use Windows PuTTY to log in to a Linux box that is running OpenSSH.
>
> I also am running WireShark (formerly Ethereal) to monitor the network, so
> I can see Kerberos transactions - those that work and those that fail.
>
> The PuTTY I am trying is, I think, an unreleased version from the official
> website. It has calls to GSSAPI.
>
> At this point I get messages about an illegal flag being set. I see these
> in WireShark.
>
> I'd appreciate any help.
>
> On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:
>
>> I just did :)
>>
>> the problem was the keytab, i created using linux command "net ads
>> keytab create",
>>
>> i tested both linux ssh client and putty
>> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty
>> client, worked, but it didnt created/forwared my ticket) and all
>> worked fine.
>>
>> Is "Kerberos for Windows" necessary for Windows/Putty?
>>
>> Thank you all for help.
>>
>> Thank you,
>> Marcello
>>
>> --
>> Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
>> http://blogdomarcello.wordpress.com
>> Information Security
>> UNIX / Linux / *BSD
>>
>>
>
> Regards,
> ....Bob Rasmussen, President, Rasmussen Software, Inc.
>
> personal e-mail: ras at anzio.com
> company e-mail: rsi at anzio.com
> voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
> fax: (US) 503-624-0760
> web: http://www.anzio.com
> street address: Rasmussen Software, Inc.
> 10240 SW Nimbus, Suite L9
> Portland, OR 97223 USA
>
--
Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
http://blogdomarcello.wordpress.com
Information Security
UNIX / Linux / *BSD
More information about the Kerberos
mailing list