Jimmy Stewpot wrote: > I have been investigating a method in which I can setup key based > authentication using kerberos to a Microsoft Active directory setup. The > requirement is so that we can leverage existing infrastructure to > centralise everything. > > The problem that I have is I am unable to find any documentation as to > how the key is stored in the LDAP?
You want to generate a Kerberos host key in Active Directory, and store that host key in your machine's local keytab. You need to have this host key present to do any form of GSSAPI authentication, be it userauth or key exchange. In your situation, you probably do want to run with the key exchange patches, as its these that allow you to do away with the need to distribute ssh host keys. Microsoft have a guide on integrating Unix machines within an Active Directory setup at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnactdir/html/kerberossamp.asp There's also been some recent discussion along these lines on the Kerberos mailing list. Cheers, Simon.
