Kerberos: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „=ssh-server= ==modification /etc/ssh/sshd_config== <pre> # GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes GSSAPIKeyExchange yes GSSAPIStoreC…“) |
|||
Zeile 1: | Zeile 1: | ||
+ | =important= | ||
+ | client and servers should have the correct time and should resolv A and PTR record on dns | ||
=ssh-server= | =ssh-server= | ||
==modification /etc/ssh/sshd_config== | ==modification /etc/ssh/sshd_config== | ||
Zeile 7: | Zeile 9: | ||
GSSAPIKeyExchange yes | GSSAPIKeyExchange yes | ||
GSSAPIStoreCredentialsOnRekey yes | GSSAPIStoreCredentialsOnRekey yes | ||
+ | </pre> | ||
+ | ==generate a keytab-file== | ||
+ | net ads keytab create -U administrator | ||
+ | =ssh-client= | ||
+ | ==modification /etc/ssh/ssh_config== | ||
+ | <pre> | ||
+ | GSSAPIAuthentication yes | ||
+ | GSSAPIDelegateCredentials yes | ||
+ | GSSAPIKeyExchange yes | ||
+ | GSSAPIRenewalForcesRekey yes | ||
+ | GSSAPITrustDNS yes | ||
</pre> | </pre> |
Version vom 17. Juli 2014, 11:36 Uhr
important
client and servers should have the correct time and should resolv A and PTR record on dns
ssh-server
modification /etc/ssh/sshd_config
# GSSAPI options GSSAPIAuthentication yes GSSAPICleanupCredentials yes GSSAPIKeyExchange yes GSSAPIStoreCredentialsOnRekey yes
generate a keytab-file
net ads keytab create -U administrator
ssh-client
modification /etc/ssh/ssh_config
GSSAPIAuthentication yes GSSAPIDelegateCredentials yes GSSAPIKeyExchange yes GSSAPIRenewalForcesRekey yes GSSAPITrustDNS yes