This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [ITP] heimdal (was: Cygwinports Heimdal for the distro?)

On Mar 19 04:24, Yaakov (Cygwin/X) wrote:
> On Mon, 2012-03-19 at 09:35 +0100, Corinna Vinschen wrote:
> > I already have a strange problem with the client.  I enabled
> > KerberosAuthentication and GSSAPIAuthentication on my Linux server,
> > which has a /etc/krb5.conf file for authentication against my Windows
> > domain (for Samba).
> > 
> > Logging in with my Kerberos password is no problem, but that doesn't
> > test the client at all, only the server.  So I tried kinit and then ssh
> > -K, which enables credential forwarding.  IIUC that means the password I
> > already entered via kinit should be forwarded to the server and I don't
> > have to enter a password, just as when using pubkey authentication.
> > 
> > However, that doesn't work at all.  If I run ssh -Kvvv, I see an error
> > message like this in the verbose output:
> This combination (kinit name@HOST then ssh -K) worked for me when I
> tested heimdal way back when.  I'll have to figure out how to set up a
> kerberos server so I can try it again (unless someone else has one we
> can test with?).

You could install the evaluation version of Windows Server 2008 R2 in
a virtual machine:

and set it up as AD domain controller.  Then add a krb5.conf file.
Mine looks like this:

=== SNIP ===
  default_realm = EXAMPLE.COM
	clockskew = 300
[domain_realm] = EXAMPLE.COM = EXAMPLE.COM

 	 	kdc =	# 

  kdc = FILE:/var/log/krb5/kdc.log
  default = SYSLOG:INFO:USER
=== SNAP ===

Maybe my krb5.conf file is just too simple?


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]