This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [ITP] heimdal (was: Cygwinports Heimdal for the distro?)
On Mar 19 04:24, Yaakov (Cygwin/X) wrote:
> On Mon, 2012-03-19 at 09:35 +0100, Corinna Vinschen wrote:
> > I already have a strange problem with the client. I enabled
> > KerberosAuthentication and GSSAPIAuthentication on my Linux server,
> > which has a /etc/krb5.conf file for authentication against my Windows
> > domain (for Samba).
> >
> > Logging in with my Kerberos password is no problem, but that doesn't
> > test the client at all, only the server. So I tried kinit and then ssh
> > -K, which enables credential forwarding. IIUC that means the password I
> > already entered via kinit should be forwarded to the server and I don't
> > have to enter a password, just as when using pubkey authentication.
> >
> > However, that doesn't work at all. If I run ssh -Kvvv, I see an error
> > message like this in the verbose output:
>
> This combination (kinit name@HOST then ssh -K) worked for me when I
> tested heimdal way back when. I'll have to figure out how to set up a
> kerberos server so I can try it again (unless someone else has one we
> can test with?).
You could install the evaluation version of Windows Server 2008 R2 in
a virtual machine:
http://technet.microsoft.com/en-us/evalcenter/dd459137.aspx
and set it up as AD domain controller. Then add a krb5.conf file.
Mine looks like this:
=== SNIP ===
[libdefaults]
default_realm = EXAMPLE.COM
clockskew = 300
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
[realms]
EXAMPLE.COM = {
kdc = vm2k8r2.example.com #
}
[logging]
kdc = FILE:/var/log/krb5/kdc.log
kdc = SYSLOG:INFO
default = SYSLOG:INFO:USER
=== SNAP ===
Maybe my krb5.conf file is just too simple?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat