openssh + kerberos + windows ad
Jackson
jakrainer at yahoo.com
Thu Jan 28 09:52:15 EST 2010
Hello there,
Quest provides a PUTTY version with GSSAPI enabled:
http://rc.quest.com/topics/putty/
It works fine.
Regards,
Jackson
--- Em qua, 6/1/10, Bob Rasmussen <ras at anzio.com> escreveu:
> De: Bob Rasmussen <ras at anzio.com>
> Assunto: Re: openssh + kerberos + windows ad
> Para: "Marcello Mezzanotti" <marcello.mezzanotti at gmail.com>
> Cc: kerberos at mit.edu, secureshell at securityfocus.com, secureshell-return-10634 at securityfocus.com
> Data: Quarta-feira, 6 de Janeiro de 2010, 6:30
> On Wed, 6 Jan 2010, Marcello
> Mezzanotti wrote:
>
> > Bob,
> >
> > What exactly you want to know? :)
>
> 1) What version(s) of PuTTY work in your environment? Did
> you try the
> developer's build from the official PuTTY site?
>
> 2) Did you have to create a keytab file on the AD server,
> and transfer it
> to the SSH server? How exactly did you do this?
>
> 3) Did you find online documents that were especially
> helpful? What were
> they?
>
> Thanks.
>
> >
> >
> >
> > On Mon, Jan 4, 2010 at 9:18 PM, Bob Rasmussen <ras at anzio.com>
> wrote:
> > > I am attempting the same thing myself, almost.
> Please provide as many
> > > details as you can.
> > >
> > > My AD server is a 2008 Server box, my client is a
> Windows 2000 box, trying
> > > to use Windows PuTTY to log in to a Linux box
> that is running OpenSSH.
> > >
> > > I also am running WireShark (formerly Ethereal)
> to monitor the network, so
> > > I can see Kerberos transactions - those that work
> and those that fail.
> > >
> > > The PuTTY I am trying is, I think, an unreleased
> version from the official
> > > website. It has calls to GSSAPI.
> > >
> > > At this point I get messages about an illegal
> flag being set. I see these
> > > in WireShark.
> > >
> > > I'd appreciate any help.
> > >
> > > On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:
> > >
> > >> I just did :)
> > >>
> > >> the problem was the keytab, i created using
> linux command "net ads
> > >> keytab create",
> > >>
> > >> i tested both linux ssh client and putty
> > >> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with
> another patched putty
> > >> client, worked, but it didnt created/forwared
> my ticket) and all
> > >> worked fine.
> > >>
> > >> Is "Kerberos for Windows" necessary for
> Windows/Putty?
> > >>
> > >> Thank you all for help.
> > >>
> > >> Thank you,
> > >> Marcello
> > >>
> > >> --
> > >> Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
> > >> http://blogdomarcello.wordpress.com
> > >> Information Security
> > >> UNIX / Linux / *BSD
> > >>
> > >>
> > >
> > > Regards,
> > > ....Bob Rasmussen, President, Rasmussen
> Software, Inc.
> > >
> > > personal e-mail: ras at anzio.com
> > > company e-mail: rsi at anzio.com
> > > voice: (US) 503-624-0360 (9:00-6:00
> Pacific Time)
> > > fax: (US) 503-624-0760
> > > web: http://www.anzio.com
> > > street address: Rasmussen Software, Inc.
> > > 10240 SW Nimbus, Suite
> L9
> > > Portland, OR 97223
> USA
> > >
> >
> >
> >
> > --
> > Marcello Mezzanotti <marcello.mezzanotti at gmail.com>
> > http://blogdomarcello.wordpress.com
> > Information Security
> > UNIX / Linux / *BSD
> >
> >
>
> Regards,
> ....Bob
> Rasmussen, President, Rasmussen
> Software, Inc.
>
> personal e-mail: ras at anzio.com
> company e-mail: rsi at anzio.com
> voice: (US) 503-624-0360
> (9:00-6:00 Pacific Time)
> fax: (US)
> 503-624-0760
> web: http://www.anzio.com
> street address: Rasmussen Software, Inc.
>
> 10240 SW Nimbus, Suite L9
>
> Portland, OR 97223 USA
____________________________________________________________________________________
Veja quais são os assuntos do momento no Yahoo! +Buscados
http://br.maisbuscados.yahoo.com
More information about the Kerberos
mailing list