Re: GSSAPI/Kerberos functionality in OpenSSH


I have done this and did not have to use any special patches. You
will need to get a version of OpenSSH that supports Keberos 5 and
GSSAPI (the latest ones do).

I would also recommend going through Microsoft Identity management
articles on their website. The main one is here:

If you drill down a little deeper through the article, you will find
complete step by step instructions on how to export the keytab from
the DC to the *nix machines and more.

It is an excellent article and should answer most of your questions.
If not, feel free to email me.


On 2/3/06, Jimmy Stewpot <squid@xxxxxxxxxx> wrote:

I have been investigating a method in which I can setup key based
authentication using kerberos to a Microsoft Active directory setup. The
requirement is so that we can leverage existing infrastructure to
centralise everything.

The patches I have been looking at are as follows..

The problem that I have is I am unable to find any documentation as to
how the key is stored in the LDAP? Does anyone know of any additional
documentation or any how-tos for that type of setup?

Also are there any caveats that I could potentially need to know about?