Kerberizing SSHD configuration questions

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Is this the correct procedure for implementing Kerberos authentication
to SSHD?  Assuming an SSHD that has been built to support Kerberos.

Creating a Kerberized SSH Service.

Create a host principal for the SSH server in the kerberos database.

Export this server information to a  .keytab file and securely copy it
to the Linux Host server.

Use krutil command to import the keytab file.

Configure SSHD to use GSAPPI for authentication

Restart SSHD.


I am working with our ADS administrators and they have never done this
before.  Neither have I so I was hoping someone here could help.


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==---- The #1 Newsgroup Service in the World! 120,000+
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

Re: Kerberizing SSHD configuration questions

Quoted text here. Click to load it

You haven't said what KDC you're using.

Quoted text here. Click to load it

I'm not sure what this means - if it's a "keytab" file it should be ready
to use as is.  Perhaps you mean using "ktutil" to merge the new principal
keys into an existing keytab.

Quoted text here. Click to load it

That's the general process, yes, but there are client issues of course --
the client has to be kinit, and usually determine the realm of the server
(although the Microsoft implementation punts that responsibility to the
domain controller by means of Kerberos "referrals.")

  Richard Silverman

Site Timeline