openssh + kerberos + windows ad
Marcello Mezzanotti
marcello.mezzanotti at gmail.com
Wed Jan 6 13:27:04 EST 2010
Bob,
On Wed, Jan 6, 2010 at 12:30 PM, Bob Rasmussen <ras at anzio.com> wrote:
> On Wed, 6 Jan 2010, Marcello Mezzanotti wrote:
>
>> Bob,
>>
>> What exactly you want to know? :)
>
> 1) What version(s) of PuTTY work in your environment? Did you try the
> developer's build from the official PuTTY site?
http://sweb.cz/v_t_m/putty/PuTTY-0.58-GSSAPI-2005-07-24.zip
i tested another clients that worked too, but this is the only one
that i got tickets (klist on linux). i didnt have time to test other
krb5.conf options.
> 2) Did you have to create a keytab file on the AD server, and transfer it
> to the SSH server? How exactly did you do this?
i created the keytab file directly on linux, using net command.
after the linux joined th AD (net ads join) i typed "net ads keytab
create" and voi-la
> 3) Did you find online documents that were especially helpful? What were
> they?
>
no one especially, i find documents for specific functions like:
- join linux on windows domains (winbind, kerberos and ldap)
- smartcard linux logon (opensc, pam_pkcs11) - not related
i did a mix of solutions:
- basically i have my users on AD (w2k3 r2 server with Management for Unix)
- configured winbind to join windows domains
- configured ldap to nsswitch.conf and pam
- configured krb5 to pam
and then configured ssh+krb5 to SSO (the putty stuff)
--
Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
http://blogdomarcello.wordpress.com
Information Security
UNIX / Linux / *BSD
More information about the Kerberos
mailing list