Kerberos ssh samba
Zur Navigation springen
Zur Suche springen
important
client and servers should have the correct time and should resolv A and PTR record on dns
ssh-server
modification /etc/ssh/sshd_config
# GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes GSSAPIKeyExchange yes GSSAPIStoreCredentialsOnRekey yes
generate a keytab-file
net ads keytab create -U administrator
ssh-client
modification /etc/ssh/ssh_config
GSSAPIAuthentication yes GSSAPIDelegateCredentials yes GSSAPIKeyExchange yes GSSAPIRenewalForcesRekey yes GSSAPITrustDNS yes
required in smb.conf
kerberos method = secrets and keytab
create /etc/security/pam_winbind.conf
krb5_auth = yes krb5_ccache_type = FILE