Marcello Mezzanotti <marcello.mezzano...@gmail.com> wrote: > On Wed, Jan 6, 2010 at 12:30 PM, Bob Rasmussen <r...@anzio.com> wrote:
>> 1) What version(s) of PuTTY work in your environment? Did you try the >> developer's build from the official PuTTY site? > > http://sweb.cz/v_t_m/putty/PuTTY-0.58-GSSAPI-2005-07-24.zip > > i tested another clients that worked too, but this is the only one > that i got tickets (klist on linux). i didnt have time to test other > krb5.conf options. Note that when using SSPI credentials, you generally will NOT get "delegated" tickets on the remote system due to AD's security model. You need to mess around with "trusted for delegation" settings on the AD computer account in question to enable credential delegation when using SSPI and not KfW. If you copy tickets from SSPI to KfW (using ms2mit.exe or similar) then this problem goes away. Additionally, SSPI doesn't handle realm trusts the same way that KfW does. Sometimes SSPI is better (mainly for trusts between Windows realms) and sometimes the KfW behaviour is better (in my case for trusts from AD to non-AD realms.) The trick is to know what programs use which API and properly configure it the way you need it to work. ----- I'll also again mention this version of putty: http://matthew.loar.name/software/putty/ <<CDC ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
