[31857] in Kerberos

home help back first fref pref prev next nref lref last post

Re: openssh + kerberos + windows ad

daemon@ATHENA.MIT.EDU (Bob Rasmussen)
Mon Jan 4 18:25:02 2010

Date: Mon, 4 Jan 2010 15:18:55 -0800 (PST)
From: Bob Rasmussen <ras@anzio.com>
To: Marcello Mezzanotti <marcello.mezzanotti@gmail.com>
In-Reply-To: <b0ab74af1001041017o1bb18b2axca09c23c20ae69c4@mail.gmail.com>
Message-ID: <Pine.LNX.4.64ras.1001041511010.32094@nimbus.anzio.com>
MIME-Version: 1.0
Cc: secureshell-return-10634@securityfocus.com, secureshell@securityfocus.com,
   kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

I am attempting the same thing myself, almost. Please provide as many 
details as you can.

My AD server is a 2008 Server box, my client is a Windows 2000 box, trying 
to use Windows PuTTY to log in to a Linux box that is running OpenSSH. 

I also am running WireShark (formerly Ethereal) to monitor the network, so 
I can see Kerberos transactions - those that work and those that fail.

The PuTTY I am trying is, I think, an unreleased version from the official 
website. It has calls to GSSAPI.

At this point I get messages about an illegal flag being set. I see these 
in WireShark.

I'd appreciate any help.

On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:

> I just did :)
> 
> the problem was the keytab, i created using linux command "net ads
> keytab create",
> 
> i tested both linux ssh client and putty
> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty
> client, worked, but it didnt created/forwared my ticket) and all
> worked fine.
> 
> Is "Kerberos for Windows" necessary for Windows/Putty?
> 
> Thank you all for help.
> 
> Thank you,
> Marcello
> 
> -- 
> Marcello Mezzanotti <marcello.mezzanotti@gmail.com>
> http://blogdomarcello.wordpress.com
> Information Security
> UNIX / Linux / *BSD
> 
> 

Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras@anzio.com
 company e-mail: rsi@anzio.com
          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
            fax: (US) 503-624-0760
            web: http://www.anzio.com
 street address: Rasmussen Software, Inc.
                 10240 SW Nimbus, Suite L9
                 Portland, OR  97223  USA
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post