Re: Windows SSH client that uses tickets not obtained from AD login(opensource/free)
Hallo, another option would be to use ssh under cygwin - what actually I do. You only have to compile ssh yourself with either Heimdal, or with MIT Kerberos. You can obtain TGT using either kinit, or copy TGT from LSA to an ording credentials cache using ms2mit program from KfW. Regards, vadim tarassov. On Mon, 2005-07-11 at 21:59 -0700, jay alvarez wrote: Hi Jeff, I've already been to that site as most of my google searches points me to it, but my problem is that the place I work in is a government institution which benifits mostly from tools that are opensource and free. Is there a freeware version of kermit?:) --- Jeffrey Altman [EMAIL PROTECTED] wrote: Kermit 95 http://www.kermit-project.org/k95.html provides support for SSH with GSS and it derives its tickets from KFW. The version distributed by Columbia University is old and not quite up to date but it works. jay alvarez wrote: Hi, Do you know any windows ssh client that can use gssapi authentication and not using SSPI(used by vintela and CSS putty versions)wherein it uses tickets that were obtained from an Active Directory login? I have downloaded KFW from MIT and I have successfully obtain tickets using Leash. I tried to use vintela's putty but I don't know how to tell it where Leash put my tickets. The vintela docs says it will use the tickets obtained upon an Active Directory login. In our case, we don't use AD service. BTW, just curious, KFW says it places the tickets obtained from KDC inside the memory of the computer, I remembered my tickets when using kinit places it in /tmp of my unix box. Is there a security issue here regarding the use of /tmp as a storage of tickets against placing it in the memory? Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos -- - This e-mail account is not read on a regular basis. Please send private responses to jaltman at mit dot edu Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos Sell on Yahoo! Auctions – no fees. Bid on great items. http://auctions.yahoo.com/ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos -- vadim [EMAIL PROTECTED] Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: Windows SSH client that uses tickets not obtained from AD login
jay alvarez [EMAIL PROTECTED] wrote: Hi, Do you know any windows ssh client that can use gssapi authentication and not using SSPI(used by vintela and CSS putty versions)wherein it uses tickets that were obtained from an Active Directory login? I have downloaded KFW from MIT and I have successfully obtain tickets using Leash. I tried to use vintela's putty but I don't know how to tell it where Leash put my tickets. The vintela docs says it will use the tickets obtained upon an Active Directory login. In our case, we don't use AD service. The version of putty at: http://www.sweb.cz/v_t_m/ works with tickets obtained by MIT KfW. However, it only works with gssapi-with-mic, so you need to have OpenSSH 3.8 or higher on the server side. I have been using it for over a year without too many problems. It works quite well and the author even updated the source patch and the binary the two times I've asked when security fixes were released for putty. CDC Christopher D. Clausen [EMAIL PROTECTED] SysAdmin Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: Windows SSH client that uses tickets not obtained from AD login
jay alvarez wrote: Hi, Do you know any windows ssh client that can use gssapi authentication and not using SSPI(used by vintela and CSS putty versions) There's a version of the CSS putty modifications which can use MIT Kerberos for Windows. Download their Putty Installer, install it, and then change the dll which it uses for Kerberos support by renaming C:\Program Files\PuTTY\plugin_mitgss.dll as C:\Program Files\PuTTY\plugingss.dll In my experience, there's a problem with newer versions of the code not working with MIT Kerberos, but version 0-55b1 works fine. Cheers, Simon. Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: Windows SSH client that uses tickets not obtained from AD login
SecureCRT 4.x can use either the SSPI or the KfW gssapi. http://www.vandyke.com/products/securecrt/ There are mods to PuTTY that can use either SSPI and KfW. http://www.sweb.cz/v_t_m/#putty Hopefully the PuTTY people will pick these up. We use both of these at our site. jay alvarez wrote: Hi, Do you know any windows ssh client that can use gssapi authentication and not using SSPI(used by vintela and CSS putty versions)wherein it uses tickets that were obtained from an Active Directory login? I have downloaded KFW from MIT and I have successfully obtain tickets using Leash. I tried to use vintela's putty but I don't know how to tell it where Leash put my tickets. The vintela docs says it will use the tickets obtained upon an Active Directory login. In our case, we don't use AD service. BTW, just curious, KFW says it places the tickets obtained from KDC inside the memory of the computer, I remembered my tickets when using kinit places it in /tmp of my unix box. Is there a security issue here regarding the use of /tmp as a storage of tickets against placing it in the memory? Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos -- Douglas E. Engert [EMAIL PROTECTED] Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Windows SSH client that uses tickets not obtained from AD login
Hi, Do you know any windows ssh client that can use gssapi authentication and not using SSPI(used by vintela and CSS putty versions)wherein it uses tickets that were obtained from an Active Directory login? I have downloaded KFW from MIT and I have successfully obtain tickets using Leash. I tried to use vintela's putty but I don't know how to tell it where Leash put my tickets. The vintela docs says it will use the tickets obtained upon an Active Directory login. In our case, we don't use AD service. BTW, just curious, KFW says it places the tickets obtained from KDC inside the memory of the computer, I remembered my tickets when using kinit places it in /tmp of my unix box. Is there a security issue here regarding the use of /tmp as a storage of tickets against placing it in the memory? Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
Re: Windows SSH client that uses tickets not obtained from AD login
Kermit 95 http://www.kermit-project.org/k95.html provides support for SSH with GSS and it derives its tickets from KFW. The version distributed by Columbia University is old and not quite up to date but it works. jay alvarez wrote: Hi, Do you know any windows ssh client that can use gssapi authentication and not using SSPI(used by vintela and CSS putty versions)wherein it uses tickets that were obtained from an Active Directory login? I have downloaded KFW from MIT and I have successfully obtain tickets using Leash. I tried to use vintela's putty but I don't know how to tell it where Leash put my tickets. The vintela docs says it will use the tickets obtained upon an Active Directory login. In our case, we don't use AD service. BTW, just curious, KFW says it places the tickets obtained from KDC inside the memory of the computer, I remembered my tickets when using kinit places it in /tmp of my unix box. Is there a security issue here regarding the use of /tmp as a storage of tickets against placing it in the memory? Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos -- - This e-mail account is not read on a regular basis. Please send private responses to jaltman at mit dot edu Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos