Hi all,
im not sure if its the correct list but,
Im trying to do kind of SSO, basically, i want to ssh a remote linux
machine, using openssh/putty (what version), without password prompt,
just with kerberos ticket.
I have the following scenario:
Windows Server 2003 R2 (with Unix Services instal
lundi 4 janvier 2010 17:17
À : kerberos@mit.edu
Objet : openssh + kerberos + windows ad
Hi all,
im not sure if its the correct list but,
Im trying to do kind of SSO, basically, i want to ssh a remote linux
machine, using openssh/putty (what version), without password prompt,
just with kerberos tick
Hans,
Thaks for your help, my sshd_config options match yours, sshd_config
doesnt recognises GSSAPIKeyExchange and GSSAPITrustDNS options.
I continue to receive the "we sent a gssapi-with-mic packet, wait for
reply" DEBUG message and the ssh tries password auth.
i saw something related to krb5.
Marcello,
Can you show us the output of klist -kte (as root) on the machine
running sshd? You need to have a proper keytab for ssh to use GSSAPI
authentication.
Against AD, you can generate a keytab using ktpass.exe. Make sure you
are using the 2003 SP2 version (or newer) of ktpass as some k
CDC,
Unfortunately i cant use IRC here, as i imagine i dont have any keytab file
os112:~ # klist -kte
Keytab name: WRFILE:/etc/krb5.keytab
klist: No such file or directory while starting keytab scan
how i can generate this file directly on linux?
if i generate this file on windows, can i export
> login as: mmezzanotti
> Using keyboard-interactive authentication.
> Password:
> Last login: Wed Dec 30 14:00:19 2009 from localhost
> Have a lot of fun...
> mmezzano...@os112:~> ls
> bin Documents Music Public Templates
> Desktop Download Pictures public_html Videos
> mmezza
Javier,
Im trying ticket auth, password auth against AD (KDC) (krb+ldap pam)
is working fine:
mmezzano...@os112:~> klist
Ticket cache: FILE:/tmp/krb5cc_10002_b8QDZx
Default principal: mmezzano...@vmwarelab.int
Valid starting ExpiresService principal
01/04/10 13:58:36 01/04/10 2
Hi Marcello,
A while ago I created the same construction that you want: ssh to a
Linux machine and login automatically with Kerberos. My KDC also is a
Windows 2003 box with UNIX Services installed. It's been a while, and I
don't remember a lot of details. I remember it did take quit a bit of
w
I just did :)
the problem was the keytab, i created using linux command "net ads
keytab create",
i tested both linux ssh client and putty
(PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty
client, worked, but it didnt created/forwared my ticket) and all
worked fine.
Is "Kerberos
On 04.01.2010 21:17, Marcello Mezzanotti wrote:
> Is "Kerberos for Windows" necessary for Windows/Putty?
No it doesn't use KfW at least offical build only use SSPI. You also may
download just latest snapshot version it does include GSSAPI
authetication no need to search patched.
___
Nikolay, i just got ticket with putty 0.58 patched (the one i
mentioned earlier)
the others one i can login but i dont get any ticket.
On Mon, Jan 4, 2010 at 7:26 PM, Nikolay Shopik wrote:
> On 04.01.2010 21:17, Marcello Mezzanotti wrote:
>> Is "Kerberos for Windows" necessary for Windows/Putty?
I am attempting the same thing myself, almost. Please provide as many
details as you can.
My AD server is a 2008 Server box, my client is a Windows 2000 box, trying
to use Windows PuTTY to log in to a Linux box that is running OpenSSH.
I also am running WireShark (formerly Ethereal) to monitor
Hi Marcello,
Ah, you didn't have a keytab. I assumed you did :)
I used Windows to create the key and added it to /etc/krb5.keytab with
ktutil. Perhaps these entries in /etc/krb5.conf make a difference. In
your case, YaST has probably taken care of this file, but this is what I
have put into it
Bob,
What exactly you want to know? :)
On Mon, Jan 4, 2010 at 9:18 PM, Bob Rasmussen wrote:
> I am attempting the same thing myself, almost. Please provide as many
> details as you can.
>
> My AD server is a 2008 Server box, my client is a Windows 2000 box, trying
> to use Windows PuTTY to log
Marcello Mezzanotti wrote:
> I just did :)
>
> the problem was the keytab, i created using linux command "net ads
> keytab create",
>
> i tested both linux ssh client and putty
> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty
> client, worked, but it didnt created/forwared m
On Wed, 6 Jan 2010, Marcello Mezzanotti wrote:
> Bob,
>
> What exactly you want to know? :)
1) What version(s) of PuTTY work in your environment? Did you try the
developer's build from the official PuTTY site?
2) Did you have to create a keytab file on the AD server, and transfer it
to the SS
Bob,
On Wed, Jan 6, 2010 at 12:30 PM, Bob Rasmussen wrote:
> On Wed, 6 Jan 2010, Marcello Mezzanotti wrote:
>
>> Bob,
>>
>> What exactly you want to know? :)
>
> 1) What version(s) of PuTTY work in your environment? Did you try the
> developer's build from the official PuTTY site?
http://sweb.cz
Marcello Mezzanotti wrote:
> On Wed, Jan 6, 2010 at 12:30 PM, Bob Rasmussen wrote:
>> 1) What version(s) of PuTTY work in your environment? Did you try the
>> developer's build from the official PuTTY site?
>
> http://sweb.cz/v_t_m/putty/PuTTY-0.58-GSSAPI-2005-07-24.zip
>
> i tested another clie
Hello there,
Quest provides a PUTTY version with GSSAPI enabled:
http://rc.quest.com/topics/putty/
It works fine.
Regards,
Jackson
--- Em qua, 6/1/10, Bob Rasmussen escreveu:
> De: Bob Rasmussen
> Assunto: Re: openssh + kerberos + windows ad
> Para: "Marcello Mezzanotti&qu
19 matches
Mail list logo