Re: openssh + kerberos + windows ad

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 6 Jan 2010, Marcello Mezzanotti wrote:

> Bob,
> 
> What exactly you want to know? :)

1) What version(s) of PuTTY work in your environment? Did you try the 
developer's build from the official PuTTY site?

2) Did you have to create a keytab file on the AD server, and transfer it 
to the SSH server? How exactly did you do this?

3) Did you find online documents that were especially helpful? What were 
they?

Thanks.

> 
> 
> 
> On Mon, Jan 4, 2010 at 9:18 PM, Bob Rasmussen <ras@xxxxxxxxx> wrote:
> > I am attempting the same thing myself, almost. Please provide as many
> > details as you can.
> >
> > My AD server is a 2008 Server box, my client is a Windows 2000 box, trying
> > to use Windows PuTTY to log in to a Linux box that is running OpenSSH.
> >
> > I also am running WireShark (formerly Ethereal) to monitor the network, so
> > I can see Kerberos transactions - those that work and those that fail.
> >
> > The PuTTY I am trying is, I think, an unreleased version from the official
> > website. It has calls to GSSAPI.
> >
> > At this point I get messages about an illegal flag being set. I see these
> > in WireShark.
> >
> > I'd appreciate any help.
> >
> > On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:
> >
> >> I just did :)
> >>
> >> the problem was the keytab, i created using linux command "net ads
> >> keytab create",
> >>
> >> i tested both linux ssh client and putty
> >> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty
> >> client, worked, but it didnt created/forwared my ticket) and all
> >> worked fine.
> >>
> >> Is "Kerberos for Windows" necessary for Windows/Putty?
> >>
> >> Thank you all for help.
> >>
> >> Thank you,
> >> Marcello
> >>
> >> --
> >> Marcello Mezzanotti <marcello.mezzanotti@xxxxxxxxx>
> >> http://blogdomarcello.wordpress.com
> >> Information Security
> >> UNIX / Linux / *BSD
> >>
> >>
> >
> > Regards,
> > ....Bob Rasmussen,   President,   Rasmussen Software, Inc.
> >
> > personal e-mail: ras@xxxxxxxxx
> >  company e-mail: rsi@xxxxxxxxx
> >          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
> >            fax: (US) 503-624-0760
> >            web: http://www.anzio.com
> >  street address: Rasmussen Software, Inc.
> >                 10240 SW Nimbus, Suite L9
> >                 Portland, OR  97223  USA
> >
> 
> 
> 
> -- 
> Marcello Mezzanotti <marcello.mezzanotti@xxxxxxxxx>
> http://blogdomarcello.wordpress.com
> Information Security
> UNIX / Linux / *BSD
> 
> 

Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras@xxxxxxxxx
 company e-mail: rsi@xxxxxxxxx
          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
            fax: (US) 503-624-0760
            web: http://www.anzio.com
 street address: Rasmussen Software, Inc.
                 10240 SW Nimbus, Suite L9
                 Portland, OR  97223  USA

[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux