Jeff Blaine wrote: > Thanks Doug > >> The which PuTTY has GSSAPI: >> >> Quest has one that uses SSPI. http://rc.quest.com/topics/putty/ > > Hmm, I can't see to get this to work at all (ignoring CVS). > > I have KfW creds for jblaine, afs, and krbtgt on this Windows > box.
As I said, The Quest version uses SSPI and the Microsoft ticket cache so works well if you are a domain user and logged in (or use runas) to get tickets from AD. Chris suggested trying: http://matthew.loar.name/software/putty/ I have not tried it, but it sounds like it will work well with KfW. Sounds like this version may also have GSSAPI key exchange support. > > I have a QuestPuTTY session named faron.foo.org > GSSAPI is enabled for this session > GSSAPI Credential Delegation is enabled for this session > > Opening the session shows: > > Using username "jblaine". > Using GSSAPI service principal name "host/faron.foo.org". > [email protected]'s password: > > The sshd debug output: > > Server listening on :: port 9000. > debug1: Server will not fork when running in debugging mode. > Connection from xx.xx.0.146 port 3423 > debug1: Client protocol version 2.0; client software version > PuTTY_Release_0.60_q1.129 > debug1: no match: PuTTY_Release_0.60_q1.129 > debug1: Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-Sun_SSH_1.1.3 > ... > debug2: GSS-API Mechanism encoded as toWM5Slw5Ew8Mqkay+al2g== > ... > debug2: kex_parse_kexinit: > gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1 > ... > debug1: userauth-request for user jblaine service ssh-connection method > gssapi-with-mic > debug1: attempt 1 initial attempt 0 failures 1 initial failures 0 > debug2: input_userauth_request: try method gssapi-with-mic > debug1: Client offered gssapi userauth with { 1 2 840 113554 1 2 2 } > (supported) The client may have found it did not have tickets in the Microsoft ticket cache, and thus failed. > debug1: userauth-request for user jblaine service ssh-connection method none > debug1: attempt 2 initial attempt 0 failures 1 initial failures 0 > debug2: Unrecognized authentication method name: none > Failed none for jblaine from xx.xx.0.146 port 3423 ssh2 > debug1: userauth-request for user jblaine service ssh-connection method > password > debug1: attempt 3 initial attempt 0 failures 3 initial failures 0 > debug2: input_userauth_request: try method password > debug2: Starting PAM service sshd-password for method password > Accepted password for jblaine from xx.xx.0.146 port 3423 ssh2 > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos > > -- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
