Re: openssh + kerberos + windows ad
- From: Marcello Mezzanotti <marcello.mezzanotti@xxxxxxxxx>
- Date: Mon, 4 Jan 2010 15:18:18 -0200
Hans,
Thaks for your help, my sshd_config options match yours, sshd_config
doesnt recognises GSSAPIKeyExchange and GSSAPITrustDNS options.
I continue to receive the "we sent a gssapi-with-mic packet, wait for
reply" DEBUG message and the ssh tries password auth.
i saw something related to krb5.keytab, do you know something about this file?
thank you,
marcello
On Mon, Jan 4, 2010 at 3:01 PM, Hans van Zijst <hans@xxxxxxxxxxx> wrote:
Hi Marcello,
A while ago I created the same construction that you want: ssh to a Linux
machine and login automatically with Kerberos. My KDC also is a Windows 2003
box with UNIX Services installed. It's been a while, and I don't remember a
lot of details. I remember it did take quit a bit of work though :)
In the logs you sent, I can't really find anything, but it "feels" like an
incomplete SSH daemon configuration.
In my sshd-config there are also these lines:
PasswordAuthentication no
KerberosAuthentication yes
KerberosOrLocalPasswd no
KerberosTicketCleanup yes
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
On my client machine, I configured /etc/ssh/ssh_config with:
GSSAPIKeyExchange yes
GSSAPITrustDNS yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
I hope this will help you a bit. If not, please post the configuration of
both the ssh-server and the ssh-client and I'll have a closer look.
Kind regards,
Hans
--
Marcello Mezzanotti <marcello.mezzanotti@xxxxxxxxx>
http://blogdomarcello.wordpress.com
Information Security
UNIX / Linux / *BSD
- References:
- openssh + kerberos + windows ad
- From: Marcello Mezzanotti
- openssh + kerberos + windows ad
- Prev by Date: openssh + kerberos + windows ad
- Next by Date: Re: openssh + kerberos + windows ad
- Previous by thread: openssh + kerberos + windows ad
- Next by thread: Re: openssh + kerberos + windows ad
- Index(es):
Relevant Pages
|
