[31864] in Kerberos
Re: openssh + kerberos + windows ad
daemon@ATHENA.MIT.EDU (Marcello Mezzanotti)
Wed Jan 6 08:05:36 2010
MIME-Version: 1.0
In-Reply-To: <Pine.LNX.4.64ras.1001041511010.32094@nimbus.anzio.com>
Date: Wed, 6 Jan 2010 11:05:22 -0200
Message-ID: <b0ab74af1001060505q74dd4b0eq2f5a34a0382b3888@mail.gmail.com>
From: Marcello Mezzanotti <marcello.mezzanotti@gmail.com>
To: Bob Rasmussen <ras@anzio.com>
Cc: secureshell-return-10634@securityfocus.com, secureshell@securityfocus.com,
kerberos@mit.edu
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
Bob,
What exactly you want to know? :)
On Mon, Jan 4, 2010 at 9:18 PM, Bob Rasmussen <ras@anzio.com> wrote:> I am attempting the same thing myself, almost. Please provide as many> details as you can.>> My AD server is a 2008 Server box, my client is a Windows 2000 box, trying> to use Windows PuTTY to log in to a Linux box that is running OpenSSH.>> I also am running WireShark (formerly Ethereal) to monitor the network, so> I can see Kerberos transactions - those that work and those that fail.>> The PuTTY I am trying is, I think, an unreleased version from the official> website. It has calls to GSSAPI.>> At this point I get messages about an illegal flag being set. I see these> in WireShark.>> I'd appreciate any help.>> On Mon, 4 Jan 2010, Marcello Mezzanotti wrote:>>> I just did :)>>>> the problem was the keytab, i created using linux command "net ads>> keytab create",>>>> i tested both linux ssh client and putty>> (PuTTY-0.58-GSSAPI-2005-07-24, i tested with another patched putty>> client, worked, but it didnt created/forwared my ticket) and all>> worked fine.>>>> Is "Kerberos for Windows" necessary for Windows/Putty?>>>> Thank you all for help.>>>> Thank you,>> Marcello>>>> -->> Marcello Mezzanotti <marcello.mezzanotti@gmail.com>>> http://blogdomarcello.wordpress.com>> Information Security>> UNIX / Linux / *BSD>>>>>> Regards,> ....Bob Rasmussen, President, Rasmussen Software, Inc.>> personal e-mail: ras@anzio.com> company e-mail: rsi@anzio.com> voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)> fax: (US) 503-624-0760> web: http://www.anzio.com> street address: Rasmussen Software, Inc.> 10240 SW Nimbus, Suite L9> Portland, OR 97223 USA>
-- Marcello Mezzanotti <marcello.mezzanotti@gmail.com>http://blogdomarcello.wordpress.comInformation SecurityUNIX / Linux / *BSD
________________________________________________Kerberos mailing list Kerberos@mit.eduhttps://mailman.mit.edu/mailman/listinfo/kerberos
