Bob, On Wed, Jan 6, 2010 at 12:30 PM, Bob Rasmussen <ras@xxxxxxxxx> wrote: > On Wed, 6 Jan 2010, Marcello Mezzanotti wrote: > >> Bob, >> >> What exactly you want to know? :) > > 1) What version(s) of PuTTY work in your environment? Did you try the > developer's build from the official PuTTY site? http://sweb.cz/v_t_m/putty/PuTTY-0.58-GSSAPI-2005-07-24.zip i tested another clients that worked too, but this is the only one that i got tickets (klist on linux). i didnt have time to test other krb5.conf options. > 2) Did you have to create a keytab file on the AD server, and transfer it > to the SSH server? How exactly did you do this? i created the keytab file directly on linux, using net command. after the linux joined th AD (net ads join) i typed "net ads keytab create" and voi-la > 3) Did you find online documents that were especially helpful? What were > they? > no one especially, i find documents for specific functions like: - join linux on windows domains (winbind, kerberos and ldap) - smartcard linux logon (opensc, pam_pkcs11) - not related i did a mix of solutions: - basically i have my users on AD (w2k3 r2 server with Management for Unix) - configured winbind to join windows domains - configured ldap to nsswitch.conf and pam - configured krb5 to pam and then configured ssh+krb5 to SSO (the putty stuff) -- Marcello Mezzanotti <marcello.mezzanotti@xxxxxxxxx> http://blogdomarcello.wordpress.com Information Security UNIX / Linux / *BSD