[30302] in Kerberos

home help back first fref pref prev next nref lref last post

Re: SSH with Kerberos from Windows XP

daemon@ATHENA.MIT.EDU (Douglas E. Engert)
Mon Sep 15 12:09:05 2008

Message-ID: <48CE87E2.5090709@anl.gov>
Date: Mon, 15 Sep 2008 11:05:54 -0500
From: "Douglas E. Engert" <deengert@anl.gov>
MIME-Version: 1.0
To: =?UTF-8?B?TWFudGFzIE1pa3VsxJduYXM=?=
 <grawity+at+cluenet.org@gmail.com>
In-Reply-To: <gaedm6$g05$1@registered.motzarella.org>
Cc: kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit



Mantas Mikulėnas wrote:> Hello everyone. I'm new here, so please don't hurt me.> > I want to use Kerberos authentication when SSHing from a home Windows XP> machine to a remote network. How do I configure my PC?> > <setup>> > Client PC:> * Microsoft Windows XP Pro SP3> * stand-alone home PC (domain = False)> * I have the install CD> > User:> * I'd prefer to use Microsoft's Kerberos if such a thing exists
Yes and No. It is normally used only when the machine is joinedto an AD domain, and the user logins in to the domain. Thisalso implies AD is providing authorization data.
But you could use the Windows ksetup command to set the nameof the realm, and locations of the KDCs. Then use the Windowsrunas command to get a TGT usable only in the cmd.exe
  runas /netonly /user:user@REALM cmd.exe
It will prompt for the Kerberos password. The TGT(You may need other parameters too.)you can then use the Windows klist command from this windowto see the tickets, and start the Quest PuTTY. The PuTTY willuse "SSPI" i.e. Windows GSSAPI to  autheticate to a sshdwith GSSAPI.
  cd \Program Files\Quest Software\PuTTY  putty.exe -load my.host.profile
>   (MIT Kerberos has a stupid interface)
A lot easier then what I just described above...
> * I use PuTTY for SSH> * I have the QuestPuTTY mod> * I like command-line> * I don't like Cygwin> > Server:> * Heimdal Kerberos> * Debian Linux> * I know the realm and KDC server address> > </setup>> > </noob>> 
-- 
  Douglas E. Engert  <DEEngert@anl.gov>  Argonne National Laboratory  9700 South Cass Avenue  Argonne, Illinois  60439  (630) 252-5444________________________________________________Kerberos mailing list           Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post