Re: Putty + GSSAPI from W2k3 terminal server to linux openssh daemon - Kerberos

This is a discussion on Re: Putty + GSSAPI from W2k3 terminal server to linux openssh daemon - Kerberos ; On Fri, 31 Oct 2008, deengert@anl.gov wrote: > The v_t_m version could use either the Microsoft SSPI, or the MIT GSSAPI > as implemented bi the MIT gssapi32.dll. The new PuTTY only does SSPI so > there are some implications ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Re: Putty + GSSAPI from W2k3 terminal server to linux openssh daemon

  1. Re: Putty + GSSAPI from W2k3 terminal server to linux openssh daemon

    On Fri, 31 Oct 2008, deengert@anl.gov wrote:

    > The v_t_m version could use either the Microsoft SSPI, or the MIT GSSAPI
    > as implemented bi the MIT gssapi32.dll. The new PuTTY only does SSPI so
    > there are some implications if you are trying to use this from a
    > non-windows domain machine. (But runas could be used.)


    That's unfortunate, I wish they would implement both methods.

    I also wish they would implement GSSAPI Key Exchange, to avoid the need to
    maintain host keys on the client. I haven't found any implementation of
    PuTTY that supports both MIT GSSAPI and GSSAPI Key Exchange.

  2. Re: Putty + GSSAPI from W2k3 terminal server to linux openssh daemon

    >>>>> "petesea" == petesea writes:

    petesea> On Fri, 31 Oct 2008, deengert@anl.gov wrote:
    >> The v_t_m version could use either the Microsoft SSPI, or the MIT
    >> GSSAPI as implemented bi the MIT gssapi32.dll. The new PuTTY only
    >> does SSPI so there are some implications if you are trying to use
    >> this from a non-windows domain machine. (But runas could be used.)


    petesea> That's unfortunate, I wish they would implement both methods.

    petesea> I also wish they would implement GSSAPI Key Exchange, to
    petesea> avoid the need to maintain host keys on the client. I
    petesea> haven't found any implementation of PuTTY that supports both
    petesea> MIT GSSAPI and GSSAPI Key Exchange.

    http://rc.quest.com/topics/PuTTY/

    --
    Richard Silverman
    res@qoxp.net


  3. Re: Putty + GSSAPI from W2k3 terminal server to linux openssh daemon

    >>>>> "res" == Richard E Silverman writes:

    >>>>> "petesea" == petesea writes:

    petesea> On Fri, 31 Oct 2008, deengert@anl.gov wrote:
    >>> The v_t_m version could use either the Microsoft SSPI, or the MIT
    >>> GSSAPI as implemented bi the MIT gssapi32.dll. The new PuTTY only
    >>> does SSPI so there are some implications if you are trying to use
    >>> this from a non-windows domain machine. (But runas could be used.)


    petesea> That's unfortunate, I wish they would implement both methods.

    petesea> I also wish they would implement GSSAPI Key Exchange, to
    petesea> avoid the need to maintain host keys on the client. I
    petesea> haven't found any implementation of PuTTY that supports both
    petesea> MIT GSSAPI and GSSAPI Key Exchange.

    res> http://rc.quest.com/topics/PuTTY/

    Oops, you said *MIT* GSSAPI. Indeed. FYI, in the commercial world,
    SecureCRT does this.

    res> -- Richard Silverman res@qoxp.net


    --
    Richard Silverman
    res@qoxp.net


  4. Re: Putty + GSSAPI from W2k3 terminal server to linux openssh daemon



    Richard E. Silverman wrote:
    >>>>>> "res" == Richard E Silverman writes:

    >
    >>>>>> "petesea" == petesea writes:

    > petesea> On Fri, 31 Oct 2008, deengert@anl.gov wrote:
    > >>> The v_t_m version could use either the Microsoft SSPI, or the MIT
    > >>> GSSAPI as implemented bi the MIT gssapi32.dll. The new PuTTY only
    > >>> does SSPI so there are some implications if you are trying to use
    > >>> this from a non-windows domain machine. (But runas could be used.)

    >
    > petesea> That's unfortunate, I wish they would implement both methods.
    >
    > petesea> I also wish they would implement GSSAPI Key Exchange, to
    > petesea> avoid the need to maintain host keys on the client. I
    > petesea> haven't found any implementation of PuTTY that supports both
    > petesea> MIT GSSAPI and GSSAPI Key Exchange.
    >
    > res> http://rc.quest.com/topics/PuTTY/
    >
    > Oops, you said *MIT* GSSAPI. Indeed. FYI, in the commercial world,
    > SecureCRT does this.


    Yes and it is a fine product. The problem we see, is many third party
    packages come with the PuTTY plink.exe program under the covers, some
    with some version of GSSAPI(or SSPI), but not all. It would be nice if
    the base PuTTY code had the gssapi built in.

    >
    > res> -- Richard Silverman res@qoxp.net
    >
    >


    --

    Douglas E. Engert
    Argonne National Laboratory
    9700 South Cass Avenue
    Argonne, Illinois 60439
    (630) 252-5444

+ Reply to Thread