Kerberos: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=ssh-server= ==modification /etc/ssh/sshd_config== <pre> # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes GSSAPIKeyExchange yes GSSAPIStoreC…“) |
|||
| Zeile 1: | Zeile 1: | ||
| + | =important= | ||
| + | client and servers should have the correct time and should resolv A and PTR record on dns | ||
=ssh-server= | =ssh-server= | ||
==modification /etc/ssh/sshd_config== | ==modification /etc/ssh/sshd_config== | ||
| Zeile 7: | Zeile 9: | ||
GSSAPIKeyExchange yes | GSSAPIKeyExchange yes | ||
GSSAPIStoreCredentialsOnRekey yes | GSSAPIStoreCredentialsOnRekey yes | ||
| + | </pre> | ||
| + | ==generate a keytab-file== | ||
| + | net ads keytab create -U administrator | ||
| + | =ssh-client= | ||
| + | ==modification /etc/ssh/ssh_config== | ||
| + | <pre> | ||
| + | GSSAPIAuthentication yes | ||
| + | GSSAPIDelegateCredentials yes | ||
| + | GSSAPIKeyExchange yes | ||
| + | GSSAPIRenewalForcesRekey yes | ||
| + | GSSAPITrustDNS yes | ||
</pre> | </pre> | ||
Version vom 17. Juli 2014, 11:36 Uhr
important
client and servers should have the correct time and should resolv A and PTR record on dns
ssh-server
modification /etc/ssh/sshd_config
# GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes GSSAPIKeyExchange yes GSSAPIStoreCredentialsOnRekey yes
generate a keytab-file
net ads keytab create -U administrator
ssh-client
modification /etc/ssh/ssh_config
GSSAPIAuthentication yes GSSAPIDelegateCredentials yes GSSAPIKeyExchange yes GSSAPIRenewalForcesRekey yes GSSAPITrustDNS yes