[31867] in Kerberos
Re: openssh + kerberos + windows ad
daemon@ATHENA.MIT.EDU (Marcello Mezzanotti)
Wed Jan 6 13:27:49 2010
MIME-Version: 1.0
In-Reply-To: <Pine.LNX.4.64ras.1001060627320.16678@nimbus.anzio.com>
Date: Wed, 6 Jan 2010 16:27:04 -0200
Message-ID: <b0ab74af1001061027k7830aa0el2ce7c6de2b07bff3@mail.gmail.com>
From: Marcello Mezzanotti <marcello.mezzanotti@gmail.com>
To: Bob Rasmussen <ras@anzio.com>
Cc: secureshell-return-10634@securityfocus.com, secureshell@securityfocus.com,
kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Bob,
On Wed, Jan 6, 2010 at 12:30 PM, Bob Rasmussen <ras@anzio.com> wrote:
> On Wed, 6 Jan 2010, Marcello Mezzanotti wrote:
>
>> Bob,
>>
>> What exactly you want to know? :)
>
> 1) What version(s) of PuTTY work in your environment? Did you try the
> developer's build from the official PuTTY site?
http://sweb.cz/v_t_m/putty/PuTTY-0.58-GSSAPI-2005-07-24.zip
i tested another clients that worked too, but this is the only one
that i got tickets (klist on linux). i didnt have time to test other
krb5.conf options.
> 2) Did you have to create a keytab file on the AD server, and transfer it
> to the SSH server? How exactly did you do this?
i created the keytab file directly on linux, using net command.
after the linux joined th AD (net ads join) i typed "net ads keytab
create" and voi-la
> 3) Did you find online documents that were especially helpful? What were
> they?
>
no one especially, i find documents for specific functions like:
- join linux on windows domains (winbind, kerberos and ldap)
- smartcard linux logon (opensc, pam_pkcs11) - not related
i did a mix of solutions:
- basically i have my users on AD (w2k3 r2 server with Management for Unix)
- configured winbind to join windows domains
- configured ldap to nsswitch.conf and pam
- configured krb5 to pam
and then configured ssh+krb5 to SSO (the putty stuff)
--
Marcello Mezzanotti <marcello.mezzanotti@gmail.com>
http://blogdomarcello.wordpress.com
Information Security
UNIX / Linux / *BSD
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
