[31866] in Kerberos
Re: openssh + kerberos + windows ad
daemon@ATHENA.MIT.EDU (Bob Rasmussen)
Wed Jan 6 12:55:31 2010
Date: Wed, 6 Jan 2010 06:30:55 -0800 (PST)
From: Bob Rasmussen <ras@anzio.com>
To: Marcello Mezzanotti <marcello.mezzanotti@gmail.com>
In-Reply-To: <b0ab74af1001060505q74dd4b0eq2f5a34a0382b3888@mail.gmail.com>
Message-ID: <Pine.LNX.4.64ras.1001060627320.16678@nimbus.anzio.com>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="8323328-638447112-1262788255=:16678"
Cc: secureshell-return-10634@securityfocus.com, secureshell@securityfocus.com,
kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
--8323328-638447112-1262788255=:16678
Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
On Wed, 6 Jan 2010, Marcello Mezzanotti wrote:
> Bob,
>=20
> What exactly you want to know? :)
1) What version(s) of PuTTY work in your environment? Did you try the=20
developer's build from the official PuTTY site?
2) Did you have to create a keytab file on the AD server, and transfer it=
=20
to the SSH server? How exactly did you do this?
3) Did you find online documents that were especially helpful? What were=20
they?
Thanks.
>=20
>=20
>=20
> On Mon, Jan 4, 2010 at 9:18 PM, Bob Rasmussen <ras@anzio.com> wrote:
> > I am attempting the same thing myself, almost. Please provide as many
> > details as you can.
> >
> > My AD server is a 2008 Server box, my client is a Windows 2000 box, try=
ing
> > to use Windows PuTTY to log in to a Linux box that is running OpenSSH.
> >
> > I also am running WireShark (formerly Ethereal) to monitor the network,=
so
> > I can see Kerberos transactions - those that work and those that fail.
> >
> > The PuTTY I am trying is, I think, an unreleased version from the offic=
ial
> > website. It has calls to GSSAPI.
> >
> > At this point I get messages about an illegal flag being set. I see the=
se
> > in WireShark.
> >
> > I'd appreciate any help.
> >
> > On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:
> >
> >> I just did :)
> >>
> >> the problem was the keytab, i created using linux command "net ads
> >> keytab create",
> >>
> >> i tested both linux ssh client and putty
> >> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty
> >> client, worked, but it didnt created/forwared my ticket) and all
> >> worked fine.
> >>
> >> Is "Kerberos for Windows" necessary for Windows/Putty?
> >>
> >> Thank you all for help.
> >>
> >> Thank you,
> >> Marcello
> >>
> >> --
> >> Marcello Mezzanotti <marcello.mezzanotti@gmail.com>
> >> http://blogdomarcello.wordpress.com
> >> Information Security
> >> UNIX / Linux / *BSD
> >>
> >>
> >
> > Regards,
> > ....Bob Rasmussen, =C2=A0 President, =C2=A0 Rasmussen Software, Inc.
> >
> > personal e-mail: ras@anzio.com
> > =C2=A0company e-mail: rsi@anzio.com
> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0voice: (US) 503-624-0360 (9:00-6:00 P=
acific Time)
> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0fax: (US) 503-624-0760
> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0web: http://www.anzio.com
> > =C2=A0street address: Rasmussen Software, Inc.
> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 10240 SW Nimbus=
, Suite L9
> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Portland, OR =
=C2=A097223 =C2=A0USA
> >
>=20
>=20
>=20
> --=20
> Marcello Mezzanotti <marcello.mezzanotti@gmail.com>
> http://blogdomarcello.wordpress.com
> Information Security
> UNIX / Linux / *BSD
>=20
>=20
Regards,
=2E...Bob Rasmussen, President, Rasmussen Software, Inc.
personal e-mail: ras@anzio.com
company e-mail: rsi@anzio.com
voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
fax: (US) 503-624-0760
web: http://www.anzio.com
street address: Rasmussen Software, Inc.
10240 SW Nimbus, Suite L9
Portland, OR 97223 USA
--8323328-638447112-1262788255=:16678
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--8323328-638447112-1262788255=:16678--
