Re: openssh + kerberos + windows ad


What exactly you want to know? :)

On Mon, Jan 4, 2010 at 9:18 PM, Bob Rasmussen <ras@xxxxxxxxx> wrote:
I am attempting the same thing myself, almost. Please provide as many
details as you can.

My AD server is a 2008 Server box, my client is a Windows 2000 box, trying
to use Windows PuTTY to log in to a Linux box that is running OpenSSH.

I also am running WireShark (formerly Ethereal) to monitor the network, so
I can see Kerberos transactions - those that work and those that fail.

The PuTTY I am trying is, I think, an unreleased version from the official
website. It has calls to GSSAPI.

At this point I get messages about an illegal flag being set. I see these
in WireShark.

I'd appreciate any help.

On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:

I just did :)

the problem was the keytab, i created using linux command "net ads
keytab create",

i tested both linux ssh client and putty
(PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty
client, worked, but it didnt created/forwared my ticket) and all
worked fine.

Is "Kerberos for Windows" necessary for Windows/Putty?

Thank you all for help.

Thank you,

Marcello Mezzanotti <marcello.mezzanotti@xxxxxxxxx>
Information Security
UNIX / Linux / *BSD

....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras@xxxxxxxxx
 company e-mail: rsi@xxxxxxxxx
         voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
           fax: (US) 503-624-0760
 street address: Rasmussen Software, Inc.
                10240 SW Nimbus, Suite L9
                Portland, OR  97223  USA

Marcello Mezzanotti <marcello.mezzanotti@xxxxxxxxx>
Information Security
UNIX / Linux / *BSD