Kerberos ssh samba

Aus Xinux Wiki
Version vom 9. September 2014, 14:29 Uhr von Thomas (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „=important= client and servers should have the correct time and should resolv A and PTR record on dns =ssh-server= ==modification /etc/ssh/sshd_config== <pre>…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

important

client and servers should have the correct time and should resolv A and PTR record on dns

ssh-server

modification /etc/ssh/sshd_config

# GSSAPI options
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
GSSAPIKeyExchange yes
GSSAPIStoreCredentialsOnRekey yes

generate a keytab-file

net ads keytab create -U administrator

ssh-client

modification /etc/ssh/ssh_config

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
GSSAPIKeyExchange yes
GSSAPIRenewalForcesRekey yes
GSSAPITrustDNS yes


required in smb.conf

kerberos method = secrets and keytab

create /etc/security/pam_winbind.conf

krb5_auth = yes
krb5_ccache_type = FILE
Abgerufen von „http://wiki.ixheim.de/index.php?title=Kerberos_ssh_samba&oldid=5121