openssh + kerberos + windows ad

Jackson jakrainer at yahoo.com
Thu Jan 28 09:52:15 EST 2010


Hello there,
Quest provides a PUTTY version with GSSAPI enabled:
http://rc.quest.com/topics/putty/
It works fine.

Regards,

Jackson


--- Em qua, 6/1/10, Bob Rasmussen <ras at anzio.com> escreveu:

> De: Bob Rasmussen <ras at anzio.com>
> Assunto: Re: openssh + kerberos + windows ad
> Para: "Marcello Mezzanotti" <marcello.mezzanotti at gmail.com>
> Cc: kerberos at mit.edu, secureshell at securityfocus.com, secureshell-return-10634 at securityfocus.com
> Data: Quarta-feira, 6 de Janeiro de 2010, 6:30
> On Wed, 6 Jan 2010, Marcello
> Mezzanotti wrote:
> 
> > Bob,
> > 
> > What exactly you want to know? :)
> 
> 1) What version(s) of PuTTY work in your environment? Did
> you try the 
> developer's build from the official PuTTY site?
> 
> 2) Did you have to create a keytab file on the AD server,
> and transfer it 
> to the SSH server? How exactly did you do this?
> 
> 3) Did you find online documents that were especially
> helpful? What were 
> they?
> 
> Thanks.
> 
> > 
> > 
> > 
> > On Mon, Jan 4, 2010 at 9:18 PM, Bob Rasmussen <ras at anzio.com>
> wrote:
> > > I am attempting the same thing myself, almost.
> Please provide as many
> > > details as you can.
> > >
> > > My AD server is a 2008 Server box, my client is a
> Windows 2000 box, trying
> > > to use Windows PuTTY to log in to a Linux box
> that is running OpenSSH.
> > >
> > > I also am running WireShark (formerly Ethereal)
> to monitor the network, so
> > > I can see Kerberos transactions - those that work
> and those that fail.
> > >
> > > The PuTTY I am trying is, I think, an unreleased
> version from the official
> > > website. It has calls to GSSAPI.
> > >
> > > At this point I get messages about an illegal
> flag being set. I see these
> > > in WireShark.
> > >
> > > I'd appreciate any help.
> > >
> > > On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:
> > >
> > >> I just did :)
> > >>
> > >> the problem was the keytab, i created using
> linux command "net ads
> > >> keytab create",
> > >>
> > >> i tested both linux ssh client and putty
> > >> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with
> another patched putty
> > >> client, worked, but it didnt created/forwared
> my ticket) and all
> > >> worked fine.
> > >>
> > >> Is "Kerberos for Windows" necessary for
> Windows/Putty?
> > >>
> > >> Thank you all for help.
> > >>
> > >> Thank you,
> > >> Marcello
> > >>
> > >> --
> > >> Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
> > >> http://blogdomarcello.wordpress.com
> > >> Information Security
> > >> UNIX / Linux / *BSD
> > >>
> > >>
> > >
> > > Regards,
> > > ....Bob Rasmussen,   President,   Rasmussen
> Software, Inc.
> > >
> > > personal e-mail: ras at anzio.com
> > >  company e-mail: rsi at anzio.com
> > >          voice: (US) 503-624-0360 (9:00-6:00
> Pacific Time)
> > >            fax: (US) 503-624-0760
> > >            web: http://www.anzio.com
> > >  street address: Rasmussen Software, Inc.
> > >                 10240 SW Nimbus, Suite
> L9
> > >                 Portland, OR  97223
>  USA
> > >
> > 
> > 
> > 
> > -- 
> > Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
> > http://blogdomarcello.wordpress.com
> > Information Security
> > UNIX / Linux / *BSD
> > 
> > 
> 
> Regards,
> ....Bob
> Rasmussen,   President,   Rasmussen
> Software, Inc.
> 
> personal e-mail: ras at anzio.com
>  company e-mail: rsi at anzio.com
>           voice: (US) 503-624-0360
> (9:00-6:00 Pacific Time)
>             fax: (US)
> 503-624-0760
>             web: http://www.anzio.com
>  street address: Rasmussen Software, Inc.
>              
>    10240 SW Nimbus, Suite L9
>              
>    Portland, OR  97223  USA


      ____________________________________________________________________________________
Veja quais são os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com




More information about the Kerberos mailing list