-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Edward Irvine at home wrote: > Hi Lars, > > Lars Schimmer wrote: > Hi! > > After some testing I got a few test PCs with debians "etch" system do > ticket forwarding and obtaining afs tokens. > Now I want to use putty and winscp from windows to login without a > password on that machines. > >> See this link: > >> http://220-245-28-18.static.tpgi.com.au/~irvinee/gssapi-sol10/gssapi-howto.html
Thanks for the link. Maybe I don´t get it right on my thoughts. Setup here: AD with 1 server and x clients krb5 server on debian on extra machine on each client MIT krb5 and OpenAFS 1.4.x on debian, 1.5.12 on windows on windows clients: krb5 config with the krb5 server entry and "obtain tokens for OpenAFS while login enabled" til yet no special entries for krb5 in AD. I assume the user on windows obtain a token and a valid ticket from the linux krb5 server while logging in (else the token wouldn´t be valid) So a valid ticket for user is available in the cache. In https://www-s.acm.uiuc.edu/wiki/space/Setting+up+SSH+on+Debian I´ve read to create a host/[EMAIL PROTECTED] entry in my database for every PC and extract that to a krb5.keytab (ank host/[EMAIL PROTECTED] - ktadd -k krb5.keytab host/[EMAIL PROTECTED] for every PC). That keytab I copied to /etc/krb5.keytab on every PC and it works on debian. Now I thought that was the way it should work on windows. But it seems, I was wrong. So I need to create special user entries in the AD database. One entry for all machines or one entry per linux pc? Do I really have to crete them in the AD as my krb5 doesn´t interact with the AD? MfG, Lars Schimmer - -- - ------------------------------------------------------------- TU Graz, Institut für ComputerGraphik & WissensVisualisierung Tel: +43 316 873-5405 E-Mail: [EMAIL PROTECTED] Fax: +43 316 873-5402 PGP-Key-ID: 0x4A9B1723 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFudACmWhuE0qbFyMRAt78AJ9GvQOcWVGAmhjZA/Ce0gyrZAn9bgCbBtdW 6h5W05khsYM8MT3XARMiiMM= =/HQv -----END PGP SIGNATURE----- ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
