Jeff Blaine wrote:
Thanks Doug
The which PuTTY has GSSAPI:
Quest has one that uses SSPI. http://rc.quest.com/topics/putty/
Hmm, I can't see to get this to work at all (ignoring CVS).
I have KfW creds for jblaine, afs, and krbtgt on this Windows
box.
As I said, The Quest version
On 12/18/2009 12:00 PM, Jeff Blaine wrote:
Does anyone know of a Cygwin OpenSSH that supports GSS-API?
There is none that I am aware of. In order to build OpenSSH in cygwin
against KFW you will require Cygwin import libraries for each of the KFW
DLLs. Secure Endpoints submitted a patch to MIT
Chris suggested trying: http://matthew.loar.name/software/putty/
I have not tried it, but it sounds like it will work well with
KfW.
It works perfectly so far.
Thanks all.
Kerberos mailing list Kerberos@mit.edu
But this won't work with ssh public keys. If its winCVS
on Windows you are interested in, it too can support GSSAPI.
Doug, I'd like to hear about WinCVS + some SSH using
GSSAPI if that's what you're referring to (using :gserver:
isn't going to cut it as far as I can see, since there will
be no
Jeff Blaine jbla...@stage-infinity.com wrote:
Thanks Doug
The which PuTTY has GSSAPI:
Quest has one that uses SSPI. http://rc.quest.com/topics/putty/
Hmm, I can't see to get this to work at all (ignoring CVS).
I have KfW creds for jblaine, afs, and krbtgt on this Windows
box.
I believe
Christopher D. Clausen wrote:
I believe that Quest's putty only uses SSPI credentials (from a Windows
domain) and won't work with credentials obtained directly using KfW.
Try this one:
http://matthew.loar.name/software/putty/
I have been looking for this for months! Yay!!! Add to your
Long ago, we evaluated the facilities within OS-provided
sshd for handling our Kerberos + OpenAFS authentication
needs. That is, things like the Kerberos* settings,
GetAFSToken or whatever it was called, etc.
We found it to be an unusable mismatched moving target.
We decided to do everything
Jeff Blaine jbla...@stage-infinity.com writes:
We decided to do everything via PAM, with the exception of ssh public
key auth for those who choose to use it and not get OpenAFS tokens
automatically.
It works great thanks to pam_krb5 and pam_afs_session from Russ Alberry.
Our problem now
Jeff Blaine wrote:
Long ago, we evaluated the facilities within OS-provided
sshd for handling our Kerberos + OpenAFS authentication
needs. That is, things like the Kerberos* settings,
GetAFSToken or whatever it was called, etc.
We found it to be an unusable mismatched moving target.
On 12/16/2009 5:39 PM, Douglas E. Engert wrote:
Jeff Blaine wrote:
Long ago, we evaluated the facilities within OS-provided
sshd for handling our Kerberos + OpenAFS authentication
needs. That is, things like the Kerberos* settings,
GetAFSToken or whatever it was called, etc.
We found it to
On 12/16/2009 8:33 PM, Russ Allbery wrote:
Jeff Blainejbla...@stage-infinity.com writes:
sshd[20489]: [ID 237248 auth.debug] (pam_afs_session):
pam_sm_open_session: entry (0x0)
sshd[20489]: [ID 237248 auth.debug] (pam_afs_session): skipping tokens,
no Kerberos ticket cache
Hm, are you
Jeff Blaine jbla...@stage-infinity.com writes:
Yup, they're there, just no tokens. I even tried a pam_krb5RA2.so and
pam_afs_session2.so built against the Sun kerberos instead of our local
MIT kerberos for kicks. Same result.
~:faron kdestroy
~:faron logout
Connection to faron closed.
On 12/16/2009 10:24 PM, Russ Allbery wrote:
Jeff Blainejbla...@stage-infinity.com writes:
Yup, they're there, just no tokens. I even tried a pam_krb5RA2.so and
pam_afs_session2.so built against the Sun kerberos instead of our local
MIT kerberos for kicks. Same result.
~:faron kdestroy
Jeff Blaine jbla...@stage-infinity.com writes:
On 12/16/2009 10:24 PM, Russ Allbery wrote:
Oh, right, I remember this problem now. This is why Douglas has
another PAM module that does nothing except set KRB5CCNAME in the
environment for use on Solaris. Solaris uses the default UID-based
14 matches
Mail list logo
