Jimmy, I have done this and did not have to use any special patches. You will need to get a version of OpenSSH that supports Keberos 5 and GSSAPI (the latest ones do).
I would also recommend going through Microsoft Identity management articles on their website. The main one is here: http://www.microsoft.com/technet/security/topics/identitymanagement/idmanage/default.mspx If you drill down a little deeper through the article, you will find complete step by step instructions on how to export the keytab from the DC to the *nix machines and more. http://www.microsoft.com/technet/security/topics/identitymanagement/idmanage/P3Intran_4.mspx It is an excellent article and should answer most of your questions. If not, feel free to email me. -Sam On 2/3/06, Jimmy Stewpot <[EMAIL PROTECTED]> wrote: > Hello, > > I have been investigating a method in which I can setup key based > authentication using kerberos to a Microsoft Active directory setup. The > requirement is so that we can leverage existing infrastructure to > centralise everything. > > The patches I have been looking at are as follows.. > > http://www.sxw.org.uk/computing/patches/openssh.html > > The problem that I have is I am unable to find any documentation as to > how the key is stored in the LDAP? Does anyone know of any additional > documentation or any how-tos for that type of setup? > > Also are there any caveats that I could potentially need to know about? > > Regards, > > Jimmy. >
