[27271] in Kerberos

home help back first fref pref prev next nref lref last post

Re: putty/winscp with gssapi/krb5 ticket forwarding

daemon@ATHENA.MIT.EDU (Christopher D. Clausen)
Fri Jan 26 09:42:04 2007

Message-ID: <006301c74158$189d7bd0$0100a8c0@CDCHOME>
From: "Christopher D. Clausen" <cclausen@acm.org>
To: "Lars Schimmer" <l.schimmer@cgv.tugraz.at>
Date: Fri, 26 Jan 2007 08:41:37 -0600
Cc: kerberos <kerberos@mit.edu>
Content-Type: multipart/mixed; boundary="===============0582291434=="
Errors-To: kerberos-bounces@mit.edu

--===============0582291434==

Lars Schimmer <l.schimmer@cgv.tugraz.at> wrote:
> Thanks for the link.
> Maybe I donīt get it right on my thoughts.
> Setup here:
> AD with 1 server and x clients
> krb5 server on debian on extra machine

So you have an Active Directory domain that the Windows machines are on?

And a seperate Kerberos Realm for the Linux machines?

Do you have a realm trust between these?  B/c its not likely to work if 
you don't.

> on each client MIT krb5 and OpenAFS 1.4.x on debian, 1.5.12 on windows
> on windows clients: krb5 config with the krb5 server entry and "obtain
> tokens for OpenAFS while login enabled"
> til yet no special entries for krb5 in AD.
> I assume the user on windows obtain a token and a valid ticket from
> the
> linux krb5 server while logging in (else the token wouldnīt be valid)
> So a valid ticket for user is available in the cache.
> In https://www-s.acm.uiuc.edu/wiki/space/Setting+up+SSH+on+Debian

That page assumes all machines are in one realm, which doesn't appear to 
be your case at all.  Can you be specific about which machines are in 
which Kerberos / AD Realm?

<<CDC 



--===============0582291434==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

--===============0582291434==--

home help back first fref pref prev next nref lref last post