Re: Putty + GSSAPI from W2k3 terminal server to linux openssh daemon
Paul B. Hill wrote:[color=blue]
> Hi Doug or anyone else,
> Do you know of any distributions that work with KfW that have a version
> of plink that doesn't always open a Windows console window? I know that
> Quest (formerly Vintella?) has a version that does this, but it only
> supports SSPI.[/color]
The [url]http://sweb.cz/v_t_m/#putty[/url] version can do KfW or SSPI. It will look for
gsslib32.dll, and if gss_acquire_cred shows credentials, it will try
gss. If not it will try SSPI. The mods to do this came from gssklog :-)
The version we are using is based on PuTTY 5.8.
I sent a separate note Friday to the PuTTY project, thanking them for
starting to work on GSS, and asked if the would pick up KfW and
gss kex. I have not received an answer yet.
> I want to be able to use svn+ssh from within Eclipse, on a machine that
> is not in a Windows domain, without having the system flash open a large
> number of console windows while I am either checking file out or in.[/color]
I believe the v_t_m version is smart enough to not flash any screens.
You have to setup a session ahead of time to load, as all the GSS setting
are not available on the command line.
> The Quest distribution of Putty works well for this purpose when I am
> using a machine that is in a Windows domain.
> Douglas E. Engert wrote:[color=green]
>> Stephen Frost wrote:[color=darkred]
>>> * Jonathan Barber (email@example.com) wrote:
>>>> We don't have any particular preference WRT ssh clients, putty was just
>>>> choosen as our test as it's what we have used in the past.
>>> This thread got me curious, and it appears that ~2 months ago, GSSAPI
>>> support was committed to the PuTTY subversion tree. Anyone tried it?[/color]
>> Thanks for the tip. I too have complained for years about this, and
>> it nice to see the PuTTY people are adding GSSAPI.
>> This was the easies shared source Windows build I have seen!
>> I did an svn checkout on Unix to a shared file system (AFS) ran the
>> ./mkfiles.pl on Unix, then from XP in their windows directory
>> nmake -f Makefile.vc (Visual Studio 8)
>> As compared to [url]http://sweb.cz/v_t_m/#putty[/url], they did
>> change the names of some flags in the registry. GssapiFwd was
>> GSSAPIServerRealm is not defined. But these are minor.
>> And it works!
>> The v_t_m version could use either the Microsoft SSPI, or the MIT GSSAPI
>> as implemented bi the MIT gssapi32.dll. The new PuTTY only does SSPI
>> so there are some implications if you are trying to use this from a
>> non-windows domain machine. (But runas could be used.)
>>> I'd love to move off of all of these hacked/patched versions of PuTTY
>>> that are floating around. We're currently using
>>> [url]http://sweb.cz/v_t_m/#putty[/url] but in the past we've used a variety of
>>> things. :/
>>> Kerberos mailing list [email]Kerberos@mit.edu[/email]
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439