Re: openssh + kerberos + windows ad

Bob,

On Wed, Jan 6, 2010 at 12:30 PM, Bob Rasmussen <ras@xxxxxxxxx> wrote:
On Wed, 6 Jan 2010, Marcello Mezzanotti wrote:

Bob,

What exactly you want to know? :)

1) What version(s) of PuTTY work in your environment? Did you try the
developer's build from the official PuTTY site?

http://sweb.cz/v_t_m/putty/PuTTY-0.58-GSSAPI-2005-07-24.zip

i tested another clients that worked too, but this is the only one
that i got tickets (klist on linux). i didnt have time to test other
krb5.conf options.

2) Did you have to create a keytab file on the AD server, and transfer it
to the SSH server? How exactly did you do this?

i created the keytab file directly on linux, using net command.
after the linux joined th AD (net ads join) i typed "net ads keytab
create" and voi-la

3) Did you find online documents that were especially helpful? What were
they?


no one especially, i find documents for specific functions like:

- join linux on windows domains (winbind, kerberos and ldap)
- smartcard linux logon (opensc, pam_pkcs11) - not related

i did a mix of solutions:

- basically i have my users on AD (w2k3 r2 server with Management for Unix)
- configured winbind to join windows domains
- configured ldap to nsswitch.conf and pam
- configured krb5 to pam

and then configured ssh+krb5 to SSO (the putty stuff)

--
Marcello Mezzanotti <marcello.mezzanotti@xxxxxxxxx>
http://blogdomarcello.wordpress.com
Information Security
UNIX / Linux / *BSD

Relevant Pages